Docs Home Pulumi IaC Pulumi ESC Pulumi Cloud Packages Tutorials
  1. Packages
  2. Google Cloud Native
  3. API Docs
  4. compute
  5. compute/alpha
  6. MachineImageIamPolicy

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi
pulumi/pulumi-google-native

google-native.compute/alpha.MachineImageIamPolicy

Explore with Pulumi AI

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi
pulumi/pulumi-google-native

Sets the access control policy on the specified resource. Replaces any existing policy. Note - this resource’s API doesn’t support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

Create MachineImageIamPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new MachineImageIamPolicy(name: string, args: MachineImageIamPolicyArgs, opts?: CustomResourceOptions);
@overload
def MachineImageIamPolicy(resource_name: str,
                          args: MachineImageIamPolicyArgs,
                          opts: Optional[ResourceOptions] = None)

@overload
def MachineImageIamPolicy(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          resource: Optional[str] = None,
                          audit_configs: Optional[Sequence[AuditConfigArgs]] = None,
                          bindings: Optional[Sequence[BindingArgs]] = None,
                          etag: Optional[str] = None,
                          project: Optional[str] = None,
                          rules: Optional[Sequence[RuleArgs]] = None,
                          version: Optional[int] = None)
func NewMachineImageIamPolicy(ctx *Context, name string, args MachineImageIamPolicyArgs, opts ...ResourceOption) (*MachineImageIamPolicy, error)
public MachineImageIamPolicy(string name, MachineImageIamPolicyArgs args, CustomResourceOptions? opts = null)
public MachineImageIamPolicy(String name, MachineImageIamPolicyArgs args)
public MachineImageIamPolicy(String name, MachineImageIamPolicyArgs args, CustomResourceOptions options)

type: google-native:compute/alpha:MachineImageIamPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. MachineImageIamPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. MachineImageIamPolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. MachineImageIamPolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. MachineImageIamPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. MachineImageIamPolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var machineImageIamPolicyResource = new GoogleNative.Compute.Alpha.MachineImageIamPolicy("machineImageIamPolicyResource", new()
{
    Resource = "string",
    AuditConfigs = new[]
    {
        new GoogleNative.Compute.Alpha.Inputs.AuditConfigArgs
        {
            AuditLogConfigs = new[]
            {
                new GoogleNative.Compute.Alpha.Inputs.AuditLogConfigArgs
                {
                    ExemptedMembers = new[]
                    {
                        "string",
                    },
                    IgnoreChildExemptions = false,
                    LogType = GoogleNative.Compute.Alpha.AuditLogConfigLogType.AdminRead,
                },
            },
            ExemptedMembers = new[]
            {
                "string",
            },
            Service = "string",
        },
    },
    Bindings = new[]
    {
        new GoogleNative.Compute.Alpha.Inputs.BindingArgs
        {
            BindingId = "string",
            Condition = new GoogleNative.Compute.Alpha.Inputs.ExprArgs
            {
                Description = "string",
                Expression = "string",
                Location = "string",
                Title = "string",
            },
            Members = new[]
            {
                "string",
            },
            Role = "string",
        },
    },
    Etag = "string",
    Project = "string",
    Rules = new[]
    {
        new GoogleNative.Compute.Alpha.Inputs.RuleArgs
        {
            Action = GoogleNative.Compute.Alpha.RuleAction.Allow,
            Conditions = new[]
            {
                new GoogleNative.Compute.Alpha.Inputs.ConditionArgs
                {
                    Iam = GoogleNative.Compute.Alpha.ConditionIam.Approver,
                    Op = GoogleNative.Compute.Alpha.ConditionOp.Discharged,
                    Svc = "string",
                    Sys = GoogleNative.Compute.Alpha.ConditionSys.Ip,
                    Values = new[]
                    {
                        "string",
                    },
                },
            },
            Description = "string",
            Ins = new[]
            {
                "string",
            },
            LogConfigs = new[]
            {
                new GoogleNative.Compute.Alpha.Inputs.LogConfigArgs
                {
                    CloudAudit = new GoogleNative.Compute.Alpha.Inputs.LogConfigCloudAuditOptionsArgs
                    {
                        AuthorizationLoggingOptions = new GoogleNative.Compute.Alpha.Inputs.AuthorizationLoggingOptionsArgs
                        {
                            PermissionType = GoogleNative.Compute.Alpha.AuthorizationLoggingOptionsPermissionType.AdminRead,
                        },
                        LogName = GoogleNative.Compute.Alpha.LogConfigCloudAuditOptionsLogName.AdminActivity,
                    },
                    Counter = new GoogleNative.Compute.Alpha.Inputs.LogConfigCounterOptionsArgs
                    {
                        CustomFields = new[]
                        {
                            new GoogleNative.Compute.Alpha.Inputs.LogConfigCounterOptionsCustomFieldArgs
                            {
                                Name = "string",
                                Value = "string",
                            },
                        },
                        Field = "string",
                        Metric = "string",
                    },
                    DataAccess = new GoogleNative.Compute.Alpha.Inputs.LogConfigDataAccessOptionsArgs
                    {
                        LogMode = GoogleNative.Compute.Alpha.LogConfigDataAccessOptionsLogMode.LogFailClosed,
                    },
                },
            },
            NotIns = new[]
            {
                "string",
            },
            Permissions = new[]
            {
                "string",
            },
        },
    },
    Version = 0,
});
Copy
example, err := compute.NewMachineImageIamPolicy(ctx, "machineImageIamPolicyResource", &compute.MachineImageIamPolicyArgs{
	Resource: pulumi.String("string"),
	AuditConfigs: compute.AuditConfigArray{
		&compute.AuditConfigArgs{
			AuditLogConfigs: compute.AuditLogConfigArray{
				&compute.AuditLogConfigArgs{
					ExemptedMembers: pulumi.StringArray{
						pulumi.String("string"),
					},
					IgnoreChildExemptions: pulumi.Bool(false),
					LogType:               compute.AuditLogConfigLogTypeAdminRead,
				},
			},
			ExemptedMembers: pulumi.StringArray{
				pulumi.String("string"),
			},
			Service: pulumi.String("string"),
		},
	},
	Bindings: compute.BindingArray{
		&compute.BindingArgs{
			BindingId: pulumi.String("string"),
			Condition: &compute.ExprArgs{
				Description: pulumi.String("string"),
				Expression:  pulumi.String("string"),
				Location:    pulumi.String("string"),
				Title:       pulumi.String("string"),
			},
			Members: pulumi.StringArray{
				pulumi.String("string"),
			},
			Role: pulumi.String("string"),
		},
	},
	Etag:    pulumi.String("string"),
	Project: pulumi.String("string"),
	Rules: compute.RuleArray{
		&compute.RuleArgs{
			Action: compute.RuleActionAllow,
			Conditions: compute.ConditionArray{
				&compute.ConditionArgs{
					Iam: compute.ConditionIamApprover,
					Op:  compute.ConditionOpDischarged,
					Svc: pulumi.String("string"),
					Sys: compute.ConditionSysIp,
					Values: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Description: pulumi.String("string"),
			Ins: pulumi.StringArray{
				pulumi.String("string"),
			},
			LogConfigs: compute.LogConfigArray{
				&compute.LogConfigArgs{
					CloudAudit: &compute.LogConfigCloudAuditOptionsArgs{
						AuthorizationLoggingOptions: &compute.AuthorizationLoggingOptionsArgs{
							PermissionType: compute.AuthorizationLoggingOptionsPermissionTypeAdminRead,
						},
						LogName: compute.LogConfigCloudAuditOptionsLogNameAdminActivity,
					},
					Counter: &compute.LogConfigCounterOptionsArgs{
						CustomFields: compute.LogConfigCounterOptionsCustomFieldArray{
							&compute.LogConfigCounterOptionsCustomFieldArgs{
								Name:  pulumi.String("string"),
								Value: pulumi.String("string"),
							},
						},
						Field:  pulumi.String("string"),
						Metric: pulumi.String("string"),
					},
					DataAccess: &compute.LogConfigDataAccessOptionsArgs{
						LogMode: compute.LogConfigDataAccessOptionsLogModeLogFailClosed,
					},
				},
			},
			NotIns: pulumi.StringArray{
				pulumi.String("string"),
			},
			Permissions: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	Version: pulumi.Int(0),
})
Copy
var machineImageIamPolicyResource = new MachineImageIamPolicy("machineImageIamPolicyResource", MachineImageIamPolicyArgs.builder()
    .resource("string")
    .auditConfigs(AuditConfigArgs.builder()
        .auditLogConfigs(AuditLogConfigArgs.builder()
            .exemptedMembers("string")
            .ignoreChildExemptions(false)
            .logType("ADMIN_READ")
            .build())
        .exemptedMembers("string")
        .service("string")
        .build())
    .bindings(BindingArgs.builder()
        .bindingId("string")
        .condition(ExprArgs.builder()
            .description("string")
            .expression("string")
            .location("string")
            .title("string")
            .build())
        .members("string")
        .role("string")
        .build())
    .etag("string")
    .project("string")
    .rules(RuleArgs.builder()
        .action("ALLOW")
        .conditions(ConditionArgs.builder()
            .iam("APPROVER")
            .op("DISCHARGED")
            .svc("string")
            .sys("IP")
            .values("string")
            .build())
        .description("string")
        .ins("string")
        .logConfigs(LogConfigArgs.builder()
            .cloudAudit(LogConfigCloudAuditOptionsArgs.builder()
                .authorizationLoggingOptions(AuthorizationLoggingOptionsArgs.builder()
                    .permissionType("ADMIN_READ")
                    .build())
                .logName("ADMIN_ACTIVITY")
                .build())
            .counter(LogConfigCounterOptionsArgs.builder()
                .customFields(LogConfigCounterOptionsCustomFieldArgs.builder()
                    .name("string")
                    .value("string")
                    .build())
                .field("string")
                .metric("string")
                .build())
            .dataAccess(LogConfigDataAccessOptionsArgs.builder()
                .logMode("LOG_FAIL_CLOSED")
                .build())
            .build())
        .notIns("string")
        .permissions("string")
        .build())
    .version(0)
    .build());
Copy
machine_image_iam_policy_resource = google_native.compute.alpha.MachineImageIamPolicy("machineImageIamPolicyResource",
    resource="string",
    audit_configs=[{
        "audit_log_configs": [{
            "exempted_members": ["string"],
            "ignore_child_exemptions": False,
            "log_type": google_native.compute.alpha.AuditLogConfigLogType.ADMIN_READ,
        }],
        "exempted_members": ["string"],
        "service": "string",
    }],
    bindings=[{
        "binding_id": "string",
        "condition": {
            "description": "string",
            "expression": "string",
            "location": "string",
            "title": "string",
        },
        "members": ["string"],
        "role": "string",
    }],
    etag="string",
    project="string",
    rules=[{
        "action": google_native.compute.alpha.RuleAction.ALLOW,
        "conditions": [{
            "iam": google_native.compute.alpha.ConditionIam.APPROVER,
            "op": google_native.compute.alpha.ConditionOp.DISCHARGED,
            "svc": "string",
            "sys": google_native.compute.alpha.ConditionSys.IP,
            "values": ["string"],
        }],
        "description": "string",
        "ins": ["string"],
        "log_configs": [{
            "cloud_audit": {
                "authorization_logging_options": {
                    "permission_type": google_native.compute.alpha.AuthorizationLoggingOptionsPermissionType.ADMIN_READ,
                },
                "log_name": google_native.compute.alpha.LogConfigCloudAuditOptionsLogName.ADMIN_ACTIVITY,
            },
            "counter": {
                "custom_fields": [{
                    "name": "string",
                    "value": "string",
                }],
                "field": "string",
                "metric": "string",
            },
            "data_access": {
                "log_mode": google_native.compute.alpha.LogConfigDataAccessOptionsLogMode.LOG_FAIL_CLOSED,
            },
        }],
        "not_ins": ["string"],
        "permissions": ["string"],
    }],
    version=0)
Copy
const machineImageIamPolicyResource = new google_native.compute.alpha.MachineImageIamPolicy("machineImageIamPolicyResource", {
    resource: "string",
    auditConfigs: [{
        auditLogConfigs: [{
            exemptedMembers: ["string"],
            ignoreChildExemptions: false,
            logType: google_native.compute.alpha.AuditLogConfigLogType.AdminRead,
        }],
        exemptedMembers: ["string"],
        service: "string",
    }],
    bindings: [{
        bindingId: "string",
        condition: {
            description: "string",
            expression: "string",
            location: "string",
            title: "string",
        },
        members: ["string"],
        role: "string",
    }],
    etag: "string",
    project: "string",
    rules: [{
        action: google_native.compute.alpha.RuleAction.Allow,
        conditions: [{
            iam: google_native.compute.alpha.ConditionIam.Approver,
            op: google_native.compute.alpha.ConditionOp.Discharged,
            svc: "string",
            sys: google_native.compute.alpha.ConditionSys.Ip,
            values: ["string"],
        }],
        description: "string",
        ins: ["string"],
        logConfigs: [{
            cloudAudit: {
                authorizationLoggingOptions: {
                    permissionType: google_native.compute.alpha.AuthorizationLoggingOptionsPermissionType.AdminRead,
                },
                logName: google_native.compute.alpha.LogConfigCloudAuditOptionsLogName.AdminActivity,
            },
            counter: {
                customFields: [{
                    name: "string",
                    value: "string",
                }],
                field: "string",
                metric: "string",
            },
            dataAccess: {
                logMode: google_native.compute.alpha.LogConfigDataAccessOptionsLogMode.LogFailClosed,
            },
        }],
        notIns: ["string"],
        permissions: ["string"],
    }],
    version: 0,
});
Copy
type: google-native:compute/alpha:MachineImageIamPolicy
properties:
    auditConfigs:
        - auditLogConfigs:
            - exemptedMembers:
                - string
              ignoreChildExemptions: false
              logType: ADMIN_READ
          exemptedMembers:
            - string
          service: string
    bindings:
        - bindingId: string
          condition:
            description: string
            expression: string
            location: string
            title: string
          members:
            - string
          role: string
    etag: string
    project: string
    resource: string
    rules:
        - action: ALLOW
          conditions:
            - iam: APPROVER
              op: DISCHARGED
              svc: string
              sys: IP
              values:
                - string
          description: string
          ins:
            - string
          logConfigs:
            - cloudAudit:
                authorizationLoggingOptions:
                    permissionType: ADMIN_READ
                logName: ADMIN_ACTIVITY
              counter:
                customFields:
                    - name: string
                      value: string
                field: string
                metric: string
              dataAccess:
                logMode: LOG_FAIL_CLOSED
          notIns:
            - string
          permissions:
            - string
    version: 0
Copy

MachineImageIamPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The MachineImageIamPolicy resource accepts the following input properties:

Resource
This property is required.
Changes to this property will trigger replacement.
string
AuditConfigs List<Pulumi.GoogleNative.Compute.Alpha.Inputs.AuditConfig>
Specifies cloud audit logging configuration for this policy.
Bindings List<Pulumi.GoogleNative.Compute.Alpha.Inputs.Binding>
Associates a list of members, or principals, with a role. Optionally, may specify a condition that determines how and when the bindings are applied. Each of the bindings must contain at least one principal. The bindings in a Policy can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the bindings grant 50 different roles to user:alice@example.com, and not to any other principal, then you can add another 1,450 principals to the bindings in the Policy.
Etag string
etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy, and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost.
Project Changes to this property will trigger replacement. string
Rules List<Pulumi.GoogleNative.Compute.Alpha.Inputs.Rule>
This is deprecated and has no effect. Do not use.
Version int
Specifies the format of the policy. Valid values are 0, 1, and 3. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.
Resource
This property is required.
Changes to this property will trigger replacement.
string
AuditConfigs []AuditConfigArgs
Specifies cloud audit logging configuration for this policy.
Bindings []BindingArgs
Associates a list of members, or principals, with a role. Optionally, may specify a condition that determines how and when the bindings are applied. Each of the bindings must contain at least one principal. The bindings in a Policy can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the bindings grant 50 different roles to user:alice@example.com, and not to any other principal, then you can add another 1,450 principals to the bindings in the Policy.
Etag string
etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy, and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost.
Project Changes to this property will trigger replacement. string
Rules []RuleArgs
This is deprecated and has no effect. Do not use.
Version int
Specifies the format of the policy. Valid values are 0, 1, and 3. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.
resource
This property is required.
Changes to this property will trigger replacement.
String
auditConfigs List<AuditConfig>
Specifies cloud audit logging configuration for this policy.
bindings List<Binding>
Associates a list of members, or principals, with a role. Optionally, may specify a condition that determines how and when the bindings are applied. Each of the bindings must contain at least one principal. The bindings in a Policy can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the bindings grant 50 different roles to user:alice@example.com, and not to any other principal, then you can add another 1,450 principals to the bindings in the Policy.
etag String
etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy, and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost.
project Changes to this property will trigger replacement. String
rules List<Rule>
This is deprecated and has no effect. Do not use.
version Integer
Specifies the format of the policy. Valid values are 0, 1, and 3. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.
resource
This property is required.
Changes to this property will trigger replacement.
string
auditConfigs AuditConfig[]
Specifies cloud audit logging configuration for this policy.
bindings Binding[]
Associates a list of members, or principals, with a role. Optionally, may specify a condition that determines how and when the bindings are applied. Each of the bindings must contain at least one principal. The bindings in a Policy can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the bindings grant 50 different roles to user:alice@example.com, and not to any other principal, then you can add another 1,450 principals to the bindings in the Policy.
etag string
etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy, and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost.
project Changes to this property will trigger replacement. string
rules Rule[]
This is deprecated and has no effect. Do not use.
version number
Specifies the format of the policy. Valid values are 0, 1, and 3. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.
resource
This property is required.
Changes to this property will trigger replacement.
str
audit_configs Sequence[AuditConfigArgs]
Specifies cloud audit logging configuration for this policy.
bindings Sequence[BindingArgs]
Associates a list of members, or principals, with a role. Optionally, may specify a condition that determines how and when the bindings are applied. Each of the bindings must contain at least one principal. The bindings in a Policy can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the bindings grant 50 different roles to user:alice@example.com, and not to any other principal, then you can add another 1,450 principals to the bindings in the Policy.
etag str
etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy, and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost.
project Changes to this property will trigger replacement. str
rules Sequence[RuleArgs]
This is deprecated and has no effect. Do not use.
version int
Specifies the format of the policy. Valid values are 0, 1, and 3. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.
resource
This property is required.
Changes to this property will trigger replacement.
String
auditConfigs List<Property Map>
Specifies cloud audit logging configuration for this policy.
bindings List<Property Map>
Associates a list of members, or principals, with a role. Optionally, may specify a condition that determines how and when the bindings are applied. Each of the bindings must contain at least one principal. The bindings in a Policy can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the bindings grant 50 different roles to user:alice@example.com, and not to any other principal, then you can add another 1,450 principals to the bindings in the Policy.
etag String
etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy, and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost.
project Changes to this property will trigger replacement. String
rules List<Property Map>
This is deprecated and has no effect. Do not use.
version Number
Specifies the format of the policy. Valid values are 0, 1, and 3. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.

Outputs

All input properties are implicitly available as output properties. Additionally, the MachineImageIamPolicy resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Supporting Types

AuditConfig
, AuditConfigArgs

AuditLogConfigs List<Pulumi.GoogleNative.Compute.Alpha.Inputs.AuditLogConfig>
The configuration for logging of each type of permission.
ExemptedMembers List<string>
This is deprecated and has no effect. Do not use.
Service string
Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.
AuditLogConfigs []AuditLogConfig
The configuration for logging of each type of permission.
ExemptedMembers []string
This is deprecated and has no effect. Do not use.
Service string
Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.
auditLogConfigs List<AuditLogConfig>
The configuration for logging of each type of permission.
exemptedMembers List<String>
This is deprecated and has no effect. Do not use.
service String
Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.
auditLogConfigs AuditLogConfig[]
The configuration for logging of each type of permission.
exemptedMembers string[]
This is deprecated and has no effect. Do not use.
service string
Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.
audit_log_configs Sequence[AuditLogConfig]
The configuration for logging of each type of permission.
exempted_members Sequence[str]
This is deprecated and has no effect. Do not use.
service str
Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.
auditLogConfigs List<Property Map>
The configuration for logging of each type of permission.
exemptedMembers List<String>
This is deprecated and has no effect. Do not use.
service String
Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.

AuditConfigResponse
, AuditConfigResponseArgs

AuditLogConfigs This property is required. List<Pulumi.GoogleNative.Compute.Alpha.Inputs.AuditLogConfigResponse>
The configuration for logging of each type of permission.
ExemptedMembers This property is required. List<string>
This is deprecated and has no effect. Do not use.
Service This property is required. string
Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.
AuditLogConfigs This property is required. []AuditLogConfigResponse
The configuration for logging of each type of permission.
ExemptedMembers This property is required. []string
This is deprecated and has no effect. Do not use.
Service This property is required. string
Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.
auditLogConfigs This property is required. List<AuditLogConfigResponse>
The configuration for logging of each type of permission.
exemptedMembers This property is required. List<String>
This is deprecated and has no effect. Do not use.
service This property is required. String
Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.
auditLogConfigs This property is required. AuditLogConfigResponse[]
The configuration for logging of each type of permission.
exemptedMembers This property is required. string[]
This is deprecated and has no effect. Do not use.
service This property is required. string
Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.
audit_log_configs This property is required. Sequence[AuditLogConfigResponse]
The configuration for logging of each type of permission.
exempted_members This property is required. Sequence[str]
This is deprecated and has no effect. Do not use.
service This property is required. str
Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.
auditLogConfigs This property is required. List<Property Map>
The configuration for logging of each type of permission.
exemptedMembers This property is required. List<String>
This is deprecated and has no effect. Do not use.
service This property is required. String
Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.

AuditLogConfig
, AuditLogConfigArgs

ExemptedMembers List<string>
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
IgnoreChildExemptions bool
This is deprecated and has no effect. Do not use.
LogType Pulumi.GoogleNative.Compute.Alpha.AuditLogConfigLogType
The log type that this config enables.
ExemptedMembers []string
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
IgnoreChildExemptions bool
This is deprecated and has no effect. Do not use.
LogType AuditLogConfigLogType
The log type that this config enables.
exemptedMembers List<String>
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
ignoreChildExemptions Boolean
This is deprecated and has no effect. Do not use.
logType AuditLogConfigLogType
The log type that this config enables.
exemptedMembers string[]
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
ignoreChildExemptions boolean
This is deprecated and has no effect. Do not use.
logType AuditLogConfigLogType
The log type that this config enables.
exempted_members Sequence[str]
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
ignore_child_exemptions bool
This is deprecated and has no effect. Do not use.
log_type AuditLogConfigLogType
The log type that this config enables.
exemptedMembers List<String>
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
ignoreChildExemptions Boolean
This is deprecated and has no effect. Do not use.
logType "ADMIN_READ" | "DATA_READ" | "DATA_WRITE" | "LOG_TYPE_UNSPECIFIED"
The log type that this config enables.

AuditLogConfigLogType
, AuditLogConfigLogTypeArgs

AdminRead
ADMIN_READAdmin reads. Example: CloudIAM getIamPolicy
DataRead
DATA_READData reads. Example: CloudSQL Users list
DataWrite
DATA_WRITEData writes. Example: CloudSQL Users create
LogTypeUnspecified
LOG_TYPE_UNSPECIFIEDDefault case. Should never be this.
AuditLogConfigLogTypeAdminRead
ADMIN_READAdmin reads. Example: CloudIAM getIamPolicy
AuditLogConfigLogTypeDataRead
DATA_READData reads. Example: CloudSQL Users list
AuditLogConfigLogTypeDataWrite
DATA_WRITEData writes. Example: CloudSQL Users create
AuditLogConfigLogTypeLogTypeUnspecified
LOG_TYPE_UNSPECIFIEDDefault case. Should never be this.
AdminRead
ADMIN_READAdmin reads. Example: CloudIAM getIamPolicy
DataRead
DATA_READData reads. Example: CloudSQL Users list
DataWrite
DATA_WRITEData writes. Example: CloudSQL Users create
LogTypeUnspecified
LOG_TYPE_UNSPECIFIEDDefault case. Should never be this.
AdminRead
ADMIN_READAdmin reads. Example: CloudIAM getIamPolicy
DataRead
DATA_READData reads. Example: CloudSQL Users list
DataWrite
DATA_WRITEData writes. Example: CloudSQL Users create
LogTypeUnspecified
LOG_TYPE_UNSPECIFIEDDefault case. Should never be this.
ADMIN_READ
ADMIN_READAdmin reads. Example: CloudIAM getIamPolicy
DATA_READ
DATA_READData reads. Example: CloudSQL Users list
DATA_WRITE
DATA_WRITEData writes. Example: CloudSQL Users create
LOG_TYPE_UNSPECIFIED
LOG_TYPE_UNSPECIFIEDDefault case. Should never be this.
"ADMIN_READ"
ADMIN_READAdmin reads. Example: CloudIAM getIamPolicy
"DATA_READ"
DATA_READData reads. Example: CloudSQL Users list
"DATA_WRITE"
DATA_WRITEData writes. Example: CloudSQL Users create
"LOG_TYPE_UNSPECIFIED"
LOG_TYPE_UNSPECIFIEDDefault case. Should never be this.

AuditLogConfigResponse
, AuditLogConfigResponseArgs

ExemptedMembers This property is required. List<string>
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
IgnoreChildExemptions This property is required. bool
This is deprecated and has no effect. Do not use.
LogType This property is required. string
The log type that this config enables.
ExemptedMembers This property is required. []string
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
IgnoreChildExemptions This property is required. bool
This is deprecated and has no effect. Do not use.
LogType This property is required. string
The log type that this config enables.
exemptedMembers This property is required. List<String>
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
ignoreChildExemptions This property is required. Boolean
This is deprecated and has no effect. Do not use.
logType This property is required. String
The log type that this config enables.
exemptedMembers This property is required. string[]
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
ignoreChildExemptions This property is required. boolean
This is deprecated and has no effect. Do not use.
logType This property is required. string
The log type that this config enables.
exempted_members This property is required. Sequence[str]
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
ignore_child_exemptions This property is required. bool
This is deprecated and has no effect. Do not use.
log_type This property is required. str
The log type that this config enables.
exemptedMembers This property is required. List<String>
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
ignoreChildExemptions This property is required. Boolean
This is deprecated and has no effect. Do not use.
logType This property is required. String
The log type that this config enables.

AuthorizationLoggingOptions
, AuthorizationLoggingOptionsArgs

PermissionType AuthorizationLoggingOptionsPermissionType
This is deprecated and has no effect. Do not use.
permissionType AuthorizationLoggingOptionsPermissionType
This is deprecated and has no effect. Do not use.
permissionType AuthorizationLoggingOptionsPermissionType
This is deprecated and has no effect. Do not use.
permission_type AuthorizationLoggingOptionsPermissionType
This is deprecated and has no effect. Do not use.

AuthorizationLoggingOptionsPermissionType
, AuthorizationLoggingOptionsPermissionTypeArgs

AdminRead
ADMIN_READThis is deprecated and has no effect. Do not use.
AdminWrite
ADMIN_WRITEThis is deprecated and has no effect. Do not use.
DataRead
DATA_READThis is deprecated and has no effect. Do not use.
DataWrite
DATA_WRITEThis is deprecated and has no effect. Do not use.
PermissionTypeUnspecified
PERMISSION_TYPE_UNSPECIFIEDThis is deprecated and has no effect. Do not use.
AuthorizationLoggingOptionsPermissionTypeAdminRead
ADMIN_READThis is deprecated and has no effect. Do not use.
AuthorizationLoggingOptionsPermissionTypeAdminWrite
ADMIN_WRITEThis is deprecated and has no effect. Do not use.
AuthorizationLoggingOptionsPermissionTypeDataRead
DATA_READThis is deprecated and has no effect. Do not use.
AuthorizationLoggingOptionsPermissionTypeDataWrite
DATA_WRITEThis is deprecated and has no effect. Do not use.
AuthorizationLoggingOptionsPermissionTypePermissionTypeUnspecified
PERMISSION_TYPE_UNSPECIFIEDThis is deprecated and has no effect. Do not use.
AdminRead
ADMIN_READThis is deprecated and has no effect. Do not use.
AdminWrite
ADMIN_WRITEThis is deprecated and has no effect. Do not use.
DataRead
DATA_READThis is deprecated and has no effect. Do not use.
DataWrite
DATA_WRITEThis is deprecated and has no effect. Do not use.
PermissionTypeUnspecified
PERMISSION_TYPE_UNSPECIFIEDThis is deprecated and has no effect. Do not use.
AdminRead
ADMIN_READThis is deprecated and has no effect. Do not use.
AdminWrite
ADMIN_WRITEThis is deprecated and has no effect. Do not use.
DataRead
DATA_READThis is deprecated and has no effect. Do not use.
DataWrite
DATA_WRITEThis is deprecated and has no effect. Do not use.
PermissionTypeUnspecified
PERMISSION_TYPE_UNSPECIFIEDThis is deprecated and has no effect. Do not use.
ADMIN_READ
ADMIN_READThis is deprecated and has no effect. Do not use.
ADMIN_WRITE
ADMIN_WRITEThis is deprecated and has no effect. Do not use.
DATA_READ
DATA_READThis is deprecated and has no effect. Do not use.
DATA_WRITE
DATA_WRITEThis is deprecated and has no effect. Do not use.
PERMISSION_TYPE_UNSPECIFIED
PERMISSION_TYPE_UNSPECIFIEDThis is deprecated and has no effect. Do not use.
"ADMIN_READ"
ADMIN_READThis is deprecated and has no effect. Do not use.
"ADMIN_WRITE"
ADMIN_WRITEThis is deprecated and has no effect. Do not use.
"DATA_READ"
DATA_READThis is deprecated and has no effect. Do not use.
"DATA_WRITE"
DATA_WRITEThis is deprecated and has no effect. Do not use.
"PERMISSION_TYPE_UNSPECIFIED"
PERMISSION_TYPE_UNSPECIFIEDThis is deprecated and has no effect. Do not use.

AuthorizationLoggingOptionsResponse
, AuthorizationLoggingOptionsResponseArgs

PermissionType This property is required. string
This is deprecated and has no effect. Do not use.
PermissionType This property is required. string
This is deprecated and has no effect. Do not use.
permissionType This property is required. String
This is deprecated and has no effect. Do not use.
permissionType This property is required. string
This is deprecated and has no effect. Do not use.
permission_type This property is required. str
This is deprecated and has no effect. Do not use.
permissionType This property is required. String
This is deprecated and has no effect. Do not use.

Binding
, BindingArgs

BindingId string
This is deprecated and has no effect. Do not use.
Condition Pulumi.GoogleNative.Compute.Alpha.Inputs.Expr
The condition that is associated with this binding. If the condition evaluates to true, then this binding applies to the current request. If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation.
Members List<string>
Specifies the principals requesting access for a Google Cloud resource. members can have the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . * serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. * serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account. For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. * deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. * deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. * deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.
Role string
Role that is assigned to the list of members, or principals. For example, roles/viewer, roles/editor, or roles/owner.
BindingId string
This is deprecated and has no effect. Do not use.
Condition Expr
The condition that is associated with this binding. If the condition evaluates to true, then this binding applies to the current request. If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation.
Members []string
Specifies the principals requesting access for a Google Cloud resource. members can have the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . * serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. * serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account. For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. * deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. * deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. * deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.
Role string
Role that is assigned to the list of members, or principals. For example, roles/viewer, roles/editor, or roles/owner.
bindingId String
This is deprecated and has no effect. Do not use.
condition Expr
The condition that is associated with this binding. If the condition evaluates to true, then this binding applies to the current request. If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation.
members List<String>
Specifies the principals requesting access for a Google Cloud resource. members can have the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . * serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. * serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account. For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. * deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. * deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. * deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.
role String
Role that is assigned to the list of members, or principals. For example, roles/viewer, roles/editor, or roles/owner.
bindingId string
This is deprecated and has no effect. Do not use.
condition Expr
The condition that is associated with this binding. If the condition evaluates to true, then this binding applies to the current request. If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation.
members string[]
Specifies the principals requesting access for a Google Cloud resource. members can have the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . * serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. * serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account. For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. * deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. * deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. * deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.
role string
Role that is assigned to the list of members, or principals. For example, roles/viewer, roles/editor, or roles/owner.
binding_id str
This is deprecated and has no effect. Do not use.
condition Expr
The condition that is associated with this binding. If the condition evaluates to true, then this binding applies to the current request. If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation.
members Sequence[str]
Specifies the principals requesting access for a Google Cloud resource. members can have the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . * serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. * serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account. For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. * deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. * deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. * deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.
role str
Role that is assigned to the list of members, or principals. For example, roles/viewer, roles/editor, or roles/owner.
bindingId String
This is deprecated and has no effect. Do not use.
condition Property Map
The condition that is associated with this binding. If the condition evaluates to true, then this binding applies to the current request. If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation.
members List<String>
Specifies the principals requesting access for a Google Cloud resource. members can have the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . * serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. * serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account. For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. * deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. * deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. * deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.
role String
Role that is assigned to the list of members, or principals. For example, roles/viewer, roles/editor, or roles/owner.

BindingResponse
, BindingResponseArgs

BindingId This property is required. string
This is deprecated and has no effect. Do not use.
Condition This property is required. Pulumi.GoogleNative.Compute.Alpha.Inputs.ExprResponse
The condition that is associated with this binding. If the condition evaluates to true, then this binding applies to the current request. If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation.
Members This property is required. List<string>
Specifies the principals requesting access for a Google Cloud resource. members can have the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . * serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. * serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account. For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. * deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. * deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. * deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.
Role This property is required. string
Role that is assigned to the list of members, or principals. For example, roles/viewer, roles/editor, or roles/owner.
BindingId This property is required. string
This is deprecated and has no effect. Do not use.
Condition This property is required. ExprResponse
The condition that is associated with this binding. If the condition evaluates to true, then this binding applies to the current request. If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation.
Members This property is required. []string
Specifies the principals requesting access for a Google Cloud resource. members can have the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . * serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. * serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account. For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. * deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. * deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. * deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.
Role This property is required. string
Role that is assigned to the list of members, or principals. For example, roles/viewer, roles/editor, or roles/owner.
bindingId This property is required. String
This is deprecated and has no effect. Do not use.
condition This property is required. ExprResponse
The condition that is associated with this binding. If the condition evaluates to true, then this binding applies to the current request. If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation.
members This property is required. List<String>
Specifies the principals requesting access for a Google Cloud resource. members can have the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . * serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. * serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account. For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. * deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. * deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. * deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.
role This property is required. String
Role that is assigned to the list of members, or principals. For example, roles/viewer, roles/editor, or roles/owner.
bindingId This property is required. string
This is deprecated and has no effect. Do not use.
condition This property is required. ExprResponse
The condition that is associated with this binding. If the condition evaluates to true, then this binding applies to the current request. If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation.
members This property is required. string[]
Specifies the principals requesting access for a Google Cloud resource. members can have the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . * serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. * serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account. For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. * deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. * deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. * deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.
role This property is required. string
Role that is assigned to the list of members, or principals. For example, roles/viewer, roles/editor, or roles/owner.
binding_id This property is required. str
This is deprecated and has no effect. Do not use.
condition This property is required. ExprResponse
The condition that is associated with this binding. If the condition evaluates to true, then this binding applies to the current request. If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation.
members This property is required. Sequence[str]
Specifies the principals requesting access for a Google Cloud resource. members can have the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . * serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. * serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account. For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. * deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. * deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. * deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.
role This property is required. str
Role that is assigned to the list of members, or principals. For example, roles/viewer, roles/editor, or roles/owner.
bindingId This property is required. String
This is deprecated and has no effect. Do not use.
condition This property is required. Property Map
The condition that is associated with this binding. If the condition evaluates to true, then this binding applies to the current request. If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation.
members This property is required. List<String>
Specifies the principals requesting access for a Google Cloud resource. members can have the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . * serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. * serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account. For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. * deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. * deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. * deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.
role This property is required. String
Role that is assigned to the list of members, or principals. For example, roles/viewer, roles/editor, or roles/owner.

Condition
, ConditionArgs

Iam Pulumi.GoogleNative.Compute.Alpha.ConditionIam
This is deprecated and has no effect. Do not use.
Op Pulumi.GoogleNative.Compute.Alpha.ConditionOp
This is deprecated and has no effect. Do not use.
Svc string
This is deprecated and has no effect. Do not use.
Sys Pulumi.GoogleNative.Compute.Alpha.ConditionSys
This is deprecated and has no effect. Do not use.
Values List<string>
This is deprecated and has no effect. Do not use.
Iam ConditionIam
This is deprecated and has no effect. Do not use.
Op ConditionOp
This is deprecated and has no effect. Do not use.
Svc string
This is deprecated and has no effect. Do not use.
Sys ConditionSys
This is deprecated and has no effect. Do not use.
Values []string
This is deprecated and has no effect. Do not use.
iam ConditionIam
This is deprecated and has no effect. Do not use.
op ConditionOp
This is deprecated and has no effect. Do not use.
svc String
This is deprecated and has no effect. Do not use.
sys ConditionSys
This is deprecated and has no effect. Do not use.
values List<String>
This is deprecated and has no effect. Do not use.
iam ConditionIam
This is deprecated and has no effect. Do not use.
op ConditionOp
This is deprecated and has no effect. Do not use.
svc string
This is deprecated and has no effect. Do not use.
sys ConditionSys
This is deprecated and has no effect. Do not use.
values string[]
This is deprecated and has no effect. Do not use.
iam ConditionIam
This is deprecated and has no effect. Do not use.
op ConditionOp
This is deprecated and has no effect. Do not use.
svc str
This is deprecated and has no effect. Do not use.
sys ConditionSys
This is deprecated and has no effect. Do not use.
values Sequence[str]
This is deprecated and has no effect. Do not use.
iam "APPROVER" | "ATTRIBUTION" | "AUTHORITY" | "CREDENTIALS_TYPE" | "CREDS_ASSERTION" | "JUSTIFICATION_TYPE" | "NO_ATTR" | "SECURITY_REALM"
This is deprecated and has no effect. Do not use.
op "DISCHARGED" | "EQUALS" | "IN" | "NOT_EQUALS" | "NOT_IN" | "NO_OP"
This is deprecated and has no effect. Do not use.
svc String
This is deprecated and has no effect. Do not use.
sys "IP" | "NAME" | "NO_ATTR" | "REGION" | "SERVICE"
This is deprecated and has no effect. Do not use.
values List<String>
This is deprecated and has no effect. Do not use.

ConditionIam
, ConditionIamArgs

Approver
APPROVERThis is deprecated and has no effect. Do not use.
Attribution
ATTRIBUTIONThis is deprecated and has no effect. Do not use.
Authority
AUTHORITYThis is deprecated and has no effect. Do not use.
CredentialsType
CREDENTIALS_TYPEThis is deprecated and has no effect. Do not use.
CredsAssertion
CREDS_ASSERTIONThis is deprecated and has no effect. Do not use.
JustificationType
JUSTIFICATION_TYPEThis is deprecated and has no effect. Do not use.
NoAttr
NO_ATTRThis is deprecated and has no effect. Do not use.
SecurityRealm
SECURITY_REALMThis is deprecated and has no effect. Do not use.
ConditionIamApprover
APPROVERThis is deprecated and has no effect. Do not use.
ConditionIamAttribution
ATTRIBUTIONThis is deprecated and has no effect. Do not use.
ConditionIamAuthority
AUTHORITYThis is deprecated and has no effect. Do not use.
ConditionIamCredentialsType
CREDENTIALS_TYPEThis is deprecated and has no effect. Do not use.
ConditionIamCredsAssertion
CREDS_ASSERTIONThis is deprecated and has no effect. Do not use.
ConditionIamJustificationType
JUSTIFICATION_TYPEThis is deprecated and has no effect. Do not use.
ConditionIamNoAttr
NO_ATTRThis is deprecated and has no effect. Do not use.
ConditionIamSecurityRealm
SECURITY_REALMThis is deprecated and has no effect. Do not use.
Approver
APPROVERThis is deprecated and has no effect. Do not use.
Attribution
ATTRIBUTIONThis is deprecated and has no effect. Do not use.
Authority
AUTHORITYThis is deprecated and has no effect. Do not use.
CredentialsType
CREDENTIALS_TYPEThis is deprecated and has no effect. Do not use.
CredsAssertion
CREDS_ASSERTIONThis is deprecated and has no effect. Do not use.
JustificationType
JUSTIFICATION_TYPEThis is deprecated and has no effect. Do not use.
NoAttr
NO_ATTRThis is deprecated and has no effect. Do not use.
SecurityRealm
SECURITY_REALMThis is deprecated and has no effect. Do not use.
Approver
APPROVERThis is deprecated and has no effect. Do not use.
Attribution
ATTRIBUTIONThis is deprecated and has no effect. Do not use.
Authority
AUTHORITYThis is deprecated and has no effect. Do not use.
CredentialsType
CREDENTIALS_TYPEThis is deprecated and has no effect. Do not use.
CredsAssertion
CREDS_ASSERTIONThis is deprecated and has no effect. Do not use.
JustificationType
JUSTIFICATION_TYPEThis is deprecated and has no effect. Do not use.
NoAttr
NO_ATTRThis is deprecated and has no effect. Do not use.
SecurityRealm
SECURITY_REALMThis is deprecated and has no effect. Do not use.
APPROVER
APPROVERThis is deprecated and has no effect. Do not use.
ATTRIBUTION
ATTRIBUTIONThis is deprecated and has no effect. Do not use.
AUTHORITY
AUTHORITYThis is deprecated and has no effect. Do not use.
CREDENTIALS_TYPE
CREDENTIALS_TYPEThis is deprecated and has no effect. Do not use.
CREDS_ASSERTION
CREDS_ASSERTIONThis is deprecated and has no effect. Do not use.
JUSTIFICATION_TYPE
JUSTIFICATION_TYPEThis is deprecated and has no effect. Do not use.
NO_ATTR
NO_ATTRThis is deprecated and has no effect. Do not use.
SECURITY_REALM
SECURITY_REALMThis is deprecated and has no effect. Do not use.
"APPROVER"
APPROVERThis is deprecated and has no effect. Do not use.
"ATTRIBUTION"
ATTRIBUTIONThis is deprecated and has no effect. Do not use.
"AUTHORITY"
AUTHORITYThis is deprecated and has no effect. Do not use.
"CREDENTIALS_TYPE"
CREDENTIALS_TYPEThis is deprecated and has no effect. Do not use.
"CREDS_ASSERTION"
CREDS_ASSERTIONThis is deprecated and has no effect. Do not use.
"JUSTIFICATION_TYPE"
JUSTIFICATION_TYPEThis is deprecated and has no effect. Do not use.
"NO_ATTR"
NO_ATTRThis is deprecated and has no effect. Do not use.
"SECURITY_REALM"
SECURITY_REALMThis is deprecated and has no effect. Do not use.

ConditionOp
, ConditionOpArgs

Discharged
DISCHARGEDThis is deprecated and has no effect. Do not use.
EqualsValue
EQUALSThis is deprecated and has no effect. Do not use.
In
INThis is deprecated and has no effect. Do not use.
NotEquals
NOT_EQUALSThis is deprecated and has no effect. Do not use.
NotIn
NOT_INThis is deprecated and has no effect. Do not use.
NoOp
NO_OPThis is deprecated and has no effect. Do not use.
ConditionOpDischarged
DISCHARGEDThis is deprecated and has no effect. Do not use.
ConditionOpEquals
EQUALSThis is deprecated and has no effect. Do not use.
ConditionOpIn
INThis is deprecated and has no effect. Do not use.
ConditionOpNotEquals
NOT_EQUALSThis is deprecated and has no effect. Do not use.
ConditionOpNotIn
NOT_INThis is deprecated and has no effect. Do not use.
ConditionOpNoOp
NO_OPThis is deprecated and has no effect. Do not use.
Discharged
DISCHARGEDThis is deprecated and has no effect. Do not use.
Equals
EQUALSThis is deprecated and has no effect. Do not use.
In
INThis is deprecated and has no effect. Do not use.
NotEquals
NOT_EQUALSThis is deprecated and has no effect. Do not use.
NotIn
NOT_INThis is deprecated and has no effect. Do not use.
NoOp
NO_OPThis is deprecated and has no effect. Do not use.
Discharged
DISCHARGEDThis is deprecated and has no effect. Do not use.
Equals
EQUALSThis is deprecated and has no effect. Do not use.
In
INThis is deprecated and has no effect. Do not use.
NotEquals
NOT_EQUALSThis is deprecated and has no effect. Do not use.
NotIn
NOT_INThis is deprecated and has no effect. Do not use.
NoOp
NO_OPThis is deprecated and has no effect. Do not use.
DISCHARGED
DISCHARGEDThis is deprecated and has no effect. Do not use.
EQUALS
EQUALSThis is deprecated and has no effect. Do not use.
IN_
INThis is deprecated and has no effect. Do not use.
NOT_EQUALS
NOT_EQUALSThis is deprecated and has no effect. Do not use.
NOT_IN
NOT_INThis is deprecated and has no effect. Do not use.
NO_OP
NO_OPThis is deprecated and has no effect. Do not use.
"DISCHARGED"
DISCHARGEDThis is deprecated and has no effect. Do not use.
"EQUALS"
EQUALSThis is deprecated and has no effect. Do not use.
"IN"
INThis is deprecated and has no effect. Do not use.
"NOT_EQUALS"
NOT_EQUALSThis is deprecated and has no effect. Do not use.
"NOT_IN"
NOT_INThis is deprecated and has no effect. Do not use.
"NO_OP"
NO_OPThis is deprecated and has no effect. Do not use.

ConditionResponse
, ConditionResponseArgs

Iam This property is required. string
This is deprecated and has no effect. Do not use.
Op This property is required. string
This is deprecated and has no effect. Do not use.
Svc This property is required. string
This is deprecated and has no effect. Do not use.
Sys This property is required. string
This is deprecated and has no effect. Do not use.
Values This property is required. List<string>
This is deprecated and has no effect. Do not use.
Iam This property is required. string
This is deprecated and has no effect. Do not use.
Op This property is required. string
This is deprecated and has no effect. Do not use.
Svc This property is required. string
This is deprecated and has no effect. Do not use.
Sys This property is required. string
This is deprecated and has no effect. Do not use.
Values This property is required. []string
This is deprecated and has no effect. Do not use.
iam This property is required. String
This is deprecated and has no effect. Do not use.
op This property is required. String
This is deprecated and has no effect. Do not use.
svc This property is required. String
This is deprecated and has no effect. Do not use.
sys This property is required. String
This is deprecated and has no effect. Do not use.
values This property is required. List<String>
This is deprecated and has no effect. Do not use.
iam This property is required. string
This is deprecated and has no effect. Do not use.
op This property is required. string
This is deprecated and has no effect. Do not use.
svc This property is required. string
This is deprecated and has no effect. Do not use.
sys This property is required. string
This is deprecated and has no effect. Do not use.
values This property is required. string[]
This is deprecated and has no effect. Do not use.
iam This property is required. str
This is deprecated and has no effect. Do not use.
op This property is required. str
This is deprecated and has no effect. Do not use.
svc This property is required. str
This is deprecated and has no effect. Do not use.
sys This property is required. str
This is deprecated and has no effect. Do not use.
values This property is required. Sequence[str]
This is deprecated and has no effect. Do not use.
iam This property is required. String
This is deprecated and has no effect. Do not use.
op This property is required. String
This is deprecated and has no effect. Do not use.
svc This property is required. String
This is deprecated and has no effect. Do not use.
sys This property is required. String
This is deprecated and has no effect. Do not use.
values This property is required. List<String>
This is deprecated and has no effect. Do not use.

ConditionSys
, ConditionSysArgs

Ip
IPThis is deprecated and has no effect. Do not use.
Name
NAMEThis is deprecated and has no effect. Do not use.
NoAttr
NO_ATTRThis is deprecated and has no effect. Do not use.
Region
REGIONThis is deprecated and has no effect. Do not use.
Service
SERVICEThis is deprecated and has no effect. Do not use.
ConditionSysIp
IPThis is deprecated and has no effect. Do not use.
ConditionSysName
NAMEThis is deprecated and has no effect. Do not use.
ConditionSysNoAttr
NO_ATTRThis is deprecated and has no effect. Do not use.
ConditionSysRegion
REGIONThis is deprecated and has no effect. Do not use.
ConditionSysService
SERVICEThis is deprecated and has no effect. Do not use.
Ip
IPThis is deprecated and has no effect. Do not use.
Name
NAMEThis is deprecated and has no effect. Do not use.
NoAttr
NO_ATTRThis is deprecated and has no effect. Do not use.
Region
REGIONThis is deprecated and has no effect. Do not use.
Service
SERVICEThis is deprecated and has no effect. Do not use.
Ip
IPThis is deprecated and has no effect. Do not use.
Name
NAMEThis is deprecated and has no effect. Do not use.
NoAttr
NO_ATTRThis is deprecated and has no effect. Do not use.
Region
REGIONThis is deprecated and has no effect. Do not use.
Service
SERVICEThis is deprecated and has no effect. Do not use.
IP
IPThis is deprecated and has no effect. Do not use.
NAME
NAMEThis is deprecated and has no effect. Do not use.
NO_ATTR
NO_ATTRThis is deprecated and has no effect. Do not use.
REGION
REGIONThis is deprecated and has no effect. Do not use.
SERVICE
SERVICEThis is deprecated and has no effect. Do not use.
"IP"
IPThis is deprecated and has no effect. Do not use.
"NAME"
NAMEThis is deprecated and has no effect. Do not use.
"NO_ATTR"
NO_ATTRThis is deprecated and has no effect. Do not use.
"REGION"
REGIONThis is deprecated and has no effect. Do not use.
"SERVICE"
SERVICEThis is deprecated and has no effect. Do not use.

Expr
, ExprArgs

Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string
Textual representation of an expression in Common Expression Language syntax.
Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string
Textual representation of an expression in Common Expression Language syntax.
Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
description String
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression String
Textual representation of an expression in Common Expression Language syntax.
location String
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title String
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression string
Textual representation of an expression in Common Expression Language syntax.
location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
description str
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression str
Textual representation of an expression in Common Expression Language syntax.
location str
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title str
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
description String
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression String
Textual representation of an expression in Common Expression Language syntax.
location String
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title String
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

ExprResponse
, ExprResponseArgs

Description This property is required. string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression This property is required. string
Textual representation of an expression in Common Expression Language syntax.
Location This property is required. string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title This property is required. string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
Description This property is required. string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression This property is required. string
Textual representation of an expression in Common Expression Language syntax.
Location This property is required. string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title This property is required. string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
description This property is required. String
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression This property is required. String
Textual representation of an expression in Common Expression Language syntax.
location This property is required. String
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title This property is required. String
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
description This property is required. string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression This property is required. string
Textual representation of an expression in Common Expression Language syntax.
location This property is required. string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title This property is required. string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
description This property is required. str
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression This property is required. str
Textual representation of an expression in Common Expression Language syntax.
location This property is required. str
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title This property is required. str
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
description This property is required. String
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression This property is required. String
Textual representation of an expression in Common Expression Language syntax.
location This property is required. String
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title This property is required. String
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

LogConfig
, LogConfigArgs

CloudAudit Pulumi.GoogleNative.Compute.Alpha.Inputs.LogConfigCloudAuditOptions
This is deprecated and has no effect. Do not use.
Counter Pulumi.GoogleNative.Compute.Alpha.Inputs.LogConfigCounterOptions
This is deprecated and has no effect. Do not use.
DataAccess Pulumi.GoogleNative.Compute.Alpha.Inputs.LogConfigDataAccessOptions
This is deprecated and has no effect. Do not use.
CloudAudit LogConfigCloudAuditOptions
This is deprecated and has no effect. Do not use.
Counter LogConfigCounterOptions
This is deprecated and has no effect. Do not use.
DataAccess LogConfigDataAccessOptions
This is deprecated and has no effect. Do not use.
cloudAudit LogConfigCloudAuditOptions
This is deprecated and has no effect. Do not use.
counter LogConfigCounterOptions
This is deprecated and has no effect. Do not use.
dataAccess LogConfigDataAccessOptions
This is deprecated and has no effect. Do not use.
cloudAudit LogConfigCloudAuditOptions
This is deprecated and has no effect. Do not use.
counter LogConfigCounterOptions
This is deprecated and has no effect. Do not use.
dataAccess LogConfigDataAccessOptions
This is deprecated and has no effect. Do not use.
cloud_audit LogConfigCloudAuditOptions
This is deprecated and has no effect. Do not use.
counter LogConfigCounterOptions
This is deprecated and has no effect. Do not use.
data_access LogConfigDataAccessOptions
This is deprecated and has no effect. Do not use.
cloudAudit Property Map
This is deprecated and has no effect. Do not use.
counter Property Map
This is deprecated and has no effect. Do not use.
dataAccess Property Map
This is deprecated and has no effect. Do not use.

LogConfigCloudAuditOptions
, LogConfigCloudAuditOptionsArgs

AuthorizationLoggingOptions AuthorizationLoggingOptions
This is deprecated and has no effect. Do not use.
LogName LogConfigCloudAuditOptionsLogName
This is deprecated and has no effect. Do not use.
authorizationLoggingOptions AuthorizationLoggingOptions
This is deprecated and has no effect. Do not use.
logName LogConfigCloudAuditOptionsLogName
This is deprecated and has no effect. Do not use.
authorizationLoggingOptions AuthorizationLoggingOptions
This is deprecated and has no effect. Do not use.
logName LogConfigCloudAuditOptionsLogName
This is deprecated and has no effect. Do not use.
authorization_logging_options AuthorizationLoggingOptions
This is deprecated and has no effect. Do not use.
log_name LogConfigCloudAuditOptionsLogName
This is deprecated and has no effect. Do not use.
authorizationLoggingOptions Property Map
This is deprecated and has no effect. Do not use.
logName "ADMIN_ACTIVITY" | "DATA_ACCESS" | "UNSPECIFIED_LOG_NAME"
This is deprecated and has no effect. Do not use.

LogConfigCloudAuditOptionsLogName
, LogConfigCloudAuditOptionsLogNameArgs

AdminActivity
ADMIN_ACTIVITYThis is deprecated and has no effect. Do not use.
DataAccess
DATA_ACCESSThis is deprecated and has no effect. Do not use.
UnspecifiedLogName
UNSPECIFIED_LOG_NAMEThis is deprecated and has no effect. Do not use.
LogConfigCloudAuditOptionsLogNameAdminActivity
ADMIN_ACTIVITYThis is deprecated and has no effect. Do not use.
LogConfigCloudAuditOptionsLogNameDataAccess
DATA_ACCESSThis is deprecated and has no effect. Do not use.
LogConfigCloudAuditOptionsLogNameUnspecifiedLogName
UNSPECIFIED_LOG_NAMEThis is deprecated and has no effect. Do not use.
AdminActivity
ADMIN_ACTIVITYThis is deprecated and has no effect. Do not use.
DataAccess
DATA_ACCESSThis is deprecated and has no effect. Do not use.
UnspecifiedLogName
UNSPECIFIED_LOG_NAMEThis is deprecated and has no effect. Do not use.
AdminActivity
ADMIN_ACTIVITYThis is deprecated and has no effect. Do not use.
DataAccess
DATA_ACCESSThis is deprecated and has no effect. Do not use.
UnspecifiedLogName
UNSPECIFIED_LOG_NAMEThis is deprecated and has no effect. Do not use.
ADMIN_ACTIVITY
ADMIN_ACTIVITYThis is deprecated and has no effect. Do not use.
DATA_ACCESS
DATA_ACCESSThis is deprecated and has no effect. Do not use.
UNSPECIFIED_LOG_NAME
UNSPECIFIED_LOG_NAMEThis is deprecated and has no effect. Do not use.
"ADMIN_ACTIVITY"
ADMIN_ACTIVITYThis is deprecated and has no effect. Do not use.
"DATA_ACCESS"
DATA_ACCESSThis is deprecated and has no effect. Do not use.
"UNSPECIFIED_LOG_NAME"
UNSPECIFIED_LOG_NAMEThis is deprecated and has no effect. Do not use.

LogConfigCloudAuditOptionsResponse
, LogConfigCloudAuditOptionsResponseArgs

AuthorizationLoggingOptions This property is required. Pulumi.GoogleNative.Compute.Alpha.Inputs.AuthorizationLoggingOptionsResponse
This is deprecated and has no effect. Do not use.
LogName This property is required. string
This is deprecated and has no effect. Do not use.
AuthorizationLoggingOptions This property is required. AuthorizationLoggingOptionsResponse
This is deprecated and has no effect. Do not use.
LogName This property is required. string
This is deprecated and has no effect. Do not use.
authorizationLoggingOptions This property is required. AuthorizationLoggingOptionsResponse
This is deprecated and has no effect. Do not use.
logName This property is required. String
This is deprecated and has no effect. Do not use.
authorizationLoggingOptions This property is required. AuthorizationLoggingOptionsResponse
This is deprecated and has no effect. Do not use.
logName This property is required. string
This is deprecated and has no effect. Do not use.
authorization_logging_options This property is required. AuthorizationLoggingOptionsResponse
This is deprecated and has no effect. Do not use.
log_name This property is required. str
This is deprecated and has no effect. Do not use.
authorizationLoggingOptions This property is required. Property Map
This is deprecated and has no effect. Do not use.
logName This property is required. String
This is deprecated and has no effect. Do not use.

LogConfigCounterOptions
, LogConfigCounterOptionsArgs

CustomFields List<Pulumi.GoogleNative.Compute.Alpha.Inputs.LogConfigCounterOptionsCustomField>
This is deprecated and has no effect. Do not use.
Field string
This is deprecated and has no effect. Do not use.
Metric string
This is deprecated and has no effect. Do not use.
CustomFields []LogConfigCounterOptionsCustomField
This is deprecated and has no effect. Do not use.
Field string
This is deprecated and has no effect. Do not use.
Metric string
This is deprecated and has no effect. Do not use.
customFields List<LogConfigCounterOptionsCustomField>
This is deprecated and has no effect. Do not use.
field String
This is deprecated and has no effect. Do not use.
metric String
This is deprecated and has no effect. Do not use.
customFields LogConfigCounterOptionsCustomField[]
This is deprecated and has no effect. Do not use.
field string
This is deprecated and has no effect. Do not use.
metric string
This is deprecated and has no effect. Do not use.
custom_fields Sequence[LogConfigCounterOptionsCustomField]
This is deprecated and has no effect. Do not use.
field str
This is deprecated and has no effect. Do not use.
metric str
This is deprecated and has no effect. Do not use.
customFields List<Property Map>
This is deprecated and has no effect. Do not use.
field String
This is deprecated and has no effect. Do not use.
metric String
This is deprecated and has no effect. Do not use.

LogConfigCounterOptionsCustomField
, LogConfigCounterOptionsCustomFieldArgs

Name string
This is deprecated and has no effect. Do not use.
Value string
This is deprecated and has no effect. Do not use.
Name string
This is deprecated and has no effect. Do not use.
Value string
This is deprecated and has no effect. Do not use.
name String
This is deprecated and has no effect. Do not use.
value String
This is deprecated and has no effect. Do not use.
name string
This is deprecated and has no effect. Do not use.
value string
This is deprecated and has no effect. Do not use.
name str
This is deprecated and has no effect. Do not use.
value str
This is deprecated and has no effect. Do not use.
name String
This is deprecated and has no effect. Do not use.
value String
This is deprecated and has no effect. Do not use.

LogConfigCounterOptionsCustomFieldResponse
, LogConfigCounterOptionsCustomFieldResponseArgs

Name This property is required. string
This is deprecated and has no effect. Do not use.
Value This property is required. string
This is deprecated and has no effect. Do not use.
Name This property is required. string
This is deprecated and has no effect. Do not use.
Value This property is required. string
This is deprecated and has no effect. Do not use.
name This property is required. String
This is deprecated and has no effect. Do not use.
value This property is required. String
This is deprecated and has no effect. Do not use.
name This property is required. string
This is deprecated and has no effect. Do not use.
value This property is required. string
This is deprecated and has no effect. Do not use.
name This property is required. str
This is deprecated and has no effect. Do not use.
value This property is required. str
This is deprecated and has no effect. Do not use.
name This property is required. String
This is deprecated and has no effect. Do not use.
value This property is required. String
This is deprecated and has no effect. Do not use.

LogConfigCounterOptionsResponse
, LogConfigCounterOptionsResponseArgs

CustomFields This property is required. List<Pulumi.GoogleNative.Compute.Alpha.Inputs.LogConfigCounterOptionsCustomFieldResponse>
This is deprecated and has no effect. Do not use.
Field This property is required. string
This is deprecated and has no effect. Do not use.
Metric This property is required. string
This is deprecated and has no effect. Do not use.
CustomFields This property is required. []LogConfigCounterOptionsCustomFieldResponse
This is deprecated and has no effect. Do not use.
Field This property is required. string
This is deprecated and has no effect. Do not use.
Metric This property is required. string
This is deprecated and has no effect. Do not use.
customFields This property is required. List<LogConfigCounterOptionsCustomFieldResponse>
This is deprecated and has no effect. Do not use.
field This property is required. String
This is deprecated and has no effect. Do not use.
metric This property is required. String
This is deprecated and has no effect. Do not use.
customFields This property is required. LogConfigCounterOptionsCustomFieldResponse[]
This is deprecated and has no effect. Do not use.
field This property is required. string
This is deprecated and has no effect. Do not use.
metric This property is required. string
This is deprecated and has no effect. Do not use.
custom_fields This property is required. Sequence[LogConfigCounterOptionsCustomFieldResponse]
This is deprecated and has no effect. Do not use.
field This property is required. str
This is deprecated and has no effect. Do not use.
metric This property is required. str
This is deprecated and has no effect. Do not use.
customFields This property is required. List<Property Map>
This is deprecated and has no effect. Do not use.
field This property is required. String
This is deprecated and has no effect. Do not use.
metric This property is required. String
This is deprecated and has no effect. Do not use.

LogConfigDataAccessOptions
, LogConfigDataAccessOptionsArgs

LogMode Pulumi.GoogleNative.Compute.Alpha.LogConfigDataAccessOptionsLogMode
This is deprecated and has no effect. Do not use.
LogMode LogConfigDataAccessOptionsLogMode
This is deprecated and has no effect. Do not use.
logMode LogConfigDataAccessOptionsLogMode
This is deprecated and has no effect. Do not use.
logMode LogConfigDataAccessOptionsLogMode
This is deprecated and has no effect. Do not use.
log_mode LogConfigDataAccessOptionsLogMode
This is deprecated and has no effect. Do not use.
logMode "LOG_FAIL_CLOSED" | "LOG_MODE_UNSPECIFIED"
This is deprecated and has no effect. Do not use.

LogConfigDataAccessOptionsLogMode
, LogConfigDataAccessOptionsLogModeArgs

LogFailClosed
LOG_FAIL_CLOSEDThis is deprecated and has no effect. Do not use.
LogModeUnspecified
LOG_MODE_UNSPECIFIEDThis is deprecated and has no effect. Do not use.
LogConfigDataAccessOptionsLogModeLogFailClosed
LOG_FAIL_CLOSEDThis is deprecated and has no effect. Do not use.
LogConfigDataAccessOptionsLogModeLogModeUnspecified
LOG_MODE_UNSPECIFIEDThis is deprecated and has no effect. Do not use.
LogFailClosed
LOG_FAIL_CLOSEDThis is deprecated and has no effect. Do not use.
LogModeUnspecified
LOG_MODE_UNSPECIFIEDThis is deprecated and has no effect. Do not use.
LogFailClosed
LOG_FAIL_CLOSEDThis is deprecated and has no effect. Do not use.
LogModeUnspecified
LOG_MODE_UNSPECIFIEDThis is deprecated and has no effect. Do not use.
LOG_FAIL_CLOSED
LOG_FAIL_CLOSEDThis is deprecated and has no effect. Do not use.
LOG_MODE_UNSPECIFIED
LOG_MODE_UNSPECIFIEDThis is deprecated and has no effect. Do not use.
"LOG_FAIL_CLOSED"
LOG_FAIL_CLOSEDThis is deprecated and has no effect. Do not use.
"LOG_MODE_UNSPECIFIED"
LOG_MODE_UNSPECIFIEDThis is deprecated and has no effect. Do not use.

LogConfigDataAccessOptionsResponse
, LogConfigDataAccessOptionsResponseArgs

LogMode This property is required. string
This is deprecated and has no effect. Do not use.
LogMode This property is required. string
This is deprecated and has no effect. Do not use.
logMode This property is required. String
This is deprecated and has no effect. Do not use.
logMode This property is required. string
This is deprecated and has no effect. Do not use.
log_mode This property is required. str
This is deprecated and has no effect. Do not use.
logMode This property is required. String
This is deprecated and has no effect. Do not use.

LogConfigResponse
, LogConfigResponseArgs

CloudAudit This property is required. Pulumi.GoogleNative.Compute.Alpha.Inputs.LogConfigCloudAuditOptionsResponse
This is deprecated and has no effect. Do not use.
Counter This property is required. Pulumi.GoogleNative.Compute.Alpha.Inputs.LogConfigCounterOptionsResponse
This is deprecated and has no effect. Do not use.
DataAccess This property is required. Pulumi.GoogleNative.Compute.Alpha.Inputs.LogConfigDataAccessOptionsResponse
This is deprecated and has no effect. Do not use.
CloudAudit This property is required. LogConfigCloudAuditOptionsResponse
This is deprecated and has no effect. Do not use.
Counter This property is required. LogConfigCounterOptionsResponse
This is deprecated and has no effect. Do not use.
DataAccess This property is required. LogConfigDataAccessOptionsResponse
This is deprecated and has no effect. Do not use.
cloudAudit This property is required. LogConfigCloudAuditOptionsResponse
This is deprecated and has no effect. Do not use.
counter This property is required. LogConfigCounterOptionsResponse
This is deprecated and has no effect. Do not use.
dataAccess This property is required. LogConfigDataAccessOptionsResponse
This is deprecated and has no effect. Do not use.
cloudAudit This property is required. LogConfigCloudAuditOptionsResponse
This is deprecated and has no effect. Do not use.
counter This property is required. LogConfigCounterOptionsResponse
This is deprecated and has no effect. Do not use.
dataAccess This property is required. LogConfigDataAccessOptionsResponse
This is deprecated and has no effect. Do not use.
cloud_audit This property is required. LogConfigCloudAuditOptionsResponse
This is deprecated and has no effect. Do not use.
counter This property is required. LogConfigCounterOptionsResponse
This is deprecated and has no effect. Do not use.
data_access This property is required. LogConfigDataAccessOptionsResponse
This is deprecated and has no effect. Do not use.
cloudAudit This property is required. Property Map
This is deprecated and has no effect. Do not use.
counter This property is required. Property Map
This is deprecated and has no effect. Do not use.
dataAccess This property is required. Property Map
This is deprecated and has no effect. Do not use.

Rule
, RuleArgs

Action Pulumi.GoogleNative.Compute.Alpha.RuleAction
This is deprecated and has no effect. Do not use.
Conditions List<Pulumi.GoogleNative.Compute.Alpha.Inputs.Condition>
This is deprecated and has no effect. Do not use.
Description string
This is deprecated and has no effect. Do not use.
Ins List<string>
This is deprecated and has no effect. Do not use.
LogConfigs List<Pulumi.GoogleNative.Compute.Alpha.Inputs.LogConfig>
This is deprecated and has no effect. Do not use.
NotIns List<string>
This is deprecated and has no effect. Do not use.
Permissions List<string>
This is deprecated and has no effect. Do not use.
Action RuleAction
This is deprecated and has no effect. Do not use.
Conditions []Condition
This is deprecated and has no effect. Do not use.
Description string
This is deprecated and has no effect. Do not use.
Ins []string
This is deprecated and has no effect. Do not use.
LogConfigs []LogConfig
This is deprecated and has no effect. Do not use.
NotIns []string
This is deprecated and has no effect. Do not use.
Permissions []string
This is deprecated and has no effect. Do not use.
action RuleAction
This is deprecated and has no effect. Do not use.
conditions List<Condition>
This is deprecated and has no effect. Do not use.
description String
This is deprecated and has no effect. Do not use.
ins List<String>
This is deprecated and has no effect. Do not use.
logConfigs List<LogConfig>
This is deprecated and has no effect. Do not use.
notIns List<String>
This is deprecated and has no effect. Do not use.
permissions List<String>
This is deprecated and has no effect. Do not use.
action RuleAction
This is deprecated and has no effect. Do not use.
conditions Condition[]
This is deprecated and has no effect. Do not use.
description string
This is deprecated and has no effect. Do not use.
ins string[]
This is deprecated and has no effect. Do not use.
logConfigs LogConfig[]
This is deprecated and has no effect. Do not use.
notIns string[]
This is deprecated and has no effect. Do not use.
permissions string[]
This is deprecated and has no effect. Do not use.
action RuleAction
This is deprecated and has no effect. Do not use.
conditions Sequence[Condition]
This is deprecated and has no effect. Do not use.
description str
This is deprecated and has no effect. Do not use.
ins Sequence[str]
This is deprecated and has no effect. Do not use.
log_configs Sequence[LogConfig]
This is deprecated and has no effect. Do not use.
not_ins Sequence[str]
This is deprecated and has no effect. Do not use.
permissions Sequence[str]
This is deprecated and has no effect. Do not use.
action "ALLOW" | "ALLOW_WITH_LOG" | "DENY" | "DENY_WITH_LOG" | "LOG" | "NO_ACTION"
This is deprecated and has no effect. Do not use.
conditions List<Property Map>
This is deprecated and has no effect. Do not use.
description String
This is deprecated and has no effect. Do not use.
ins List<String>
This is deprecated and has no effect. Do not use.
logConfigs List<Property Map>
This is deprecated and has no effect. Do not use.
notIns List<String>
This is deprecated and has no effect. Do not use.
permissions List<String>
This is deprecated and has no effect. Do not use.

RuleAction
, RuleActionArgs

Allow
ALLOWThis is deprecated and has no effect. Do not use.
AllowWithLog
ALLOW_WITH_LOGThis is deprecated and has no effect. Do not use.
Deny
DENYThis is deprecated and has no effect. Do not use.
DenyWithLog
DENY_WITH_LOGThis is deprecated and has no effect. Do not use.
Log
LOGThis is deprecated and has no effect. Do not use.
NoAction
NO_ACTIONThis is deprecated and has no effect. Do not use.
RuleActionAllow
ALLOWThis is deprecated and has no effect. Do not use.
RuleActionAllowWithLog
ALLOW_WITH_LOGThis is deprecated and has no effect. Do not use.
RuleActionDeny
DENYThis is deprecated and has no effect. Do not use.
RuleActionDenyWithLog
DENY_WITH_LOGThis is deprecated and has no effect. Do not use.
RuleActionLog
LOGThis is deprecated and has no effect. Do not use.
RuleActionNoAction
NO_ACTIONThis is deprecated and has no effect. Do not use.
Allow
ALLOWThis is deprecated and has no effect. Do not use.
AllowWithLog
ALLOW_WITH_LOGThis is deprecated and has no effect. Do not use.
Deny
DENYThis is deprecated and has no effect. Do not use.
DenyWithLog
DENY_WITH_LOGThis is deprecated and has no effect. Do not use.
Log
LOGThis is deprecated and has no effect. Do not use.
NoAction
NO_ACTIONThis is deprecated and has no effect. Do not use.
Allow
ALLOWThis is deprecated and has no effect. Do not use.
AllowWithLog
ALLOW_WITH_LOGThis is deprecated and has no effect. Do not use.
Deny
DENYThis is deprecated and has no effect. Do not use.
DenyWithLog
DENY_WITH_LOGThis is deprecated and has no effect. Do not use.
Log
LOGThis is deprecated and has no effect. Do not use.
NoAction
NO_ACTIONThis is deprecated and has no effect. Do not use.
ALLOW
ALLOWThis is deprecated and has no effect. Do not use.
ALLOW_WITH_LOG
ALLOW_WITH_LOGThis is deprecated and has no effect. Do not use.
DENY
DENYThis is deprecated and has no effect. Do not use.
DENY_WITH_LOG
DENY_WITH_LOGThis is deprecated and has no effect. Do not use.
LOG
LOGThis is deprecated and has no effect. Do not use.
NO_ACTION
NO_ACTIONThis is deprecated and has no effect. Do not use.
"ALLOW"
ALLOWThis is deprecated and has no effect. Do not use.
"ALLOW_WITH_LOG"
ALLOW_WITH_LOGThis is deprecated and has no effect. Do not use.
"DENY"
DENYThis is deprecated and has no effect. Do not use.
"DENY_WITH_LOG"
DENY_WITH_LOGThis is deprecated and has no effect. Do not use.
"LOG"
LOGThis is deprecated and has no effect. Do not use.
"NO_ACTION"
NO_ACTIONThis is deprecated and has no effect. Do not use.

RuleResponse
, RuleResponseArgs

Action This property is required. string
This is deprecated and has no effect. Do not use.
Conditions This property is required. List<Pulumi.GoogleNative.Compute.Alpha.Inputs.ConditionResponse>
This is deprecated and has no effect. Do not use.
Description This property is required. string
This is deprecated and has no effect. Do not use.
Ins This property is required. List<string>
This is deprecated and has no effect. Do not use.
LogConfigs This property is required. List<Pulumi.GoogleNative.Compute.Alpha.Inputs.LogConfigResponse>
This is deprecated and has no effect. Do not use.
NotIns This property is required. List<string>
This is deprecated and has no effect. Do not use.
Permissions This property is required. List<string>
This is deprecated and has no effect. Do not use.
Action This property is required. string
This is deprecated and has no effect. Do not use.
Conditions This property is required. []ConditionResponse
This is deprecated and has no effect. Do not use.
Description This property is required. string
This is deprecated and has no effect. Do not use.
Ins This property is required. []string
This is deprecated and has no effect. Do not use.
LogConfigs This property is required. []LogConfigResponse
This is deprecated and has no effect. Do not use.
NotIns This property is required. []string
This is deprecated and has no effect. Do not use.
Permissions This property is required. []string
This is deprecated and has no effect. Do not use.
action This property is required. String
This is deprecated and has no effect. Do not use.
conditions This property is required. List<ConditionResponse>
This is deprecated and has no effect. Do not use.
description This property is required. String
This is deprecated and has no effect. Do not use.
ins This property is required. List<String>
This is deprecated and has no effect. Do not use.
logConfigs This property is required. List<LogConfigResponse>
This is deprecated and has no effect. Do not use.
notIns This property is required. List<String>
This is deprecated and has no effect. Do not use.
permissions This property is required. List<String>
This is deprecated and has no effect. Do not use.
action This property is required. string
This is deprecated and has no effect. Do not use.
conditions This property is required. ConditionResponse[]
This is deprecated and has no effect. Do not use.
description This property is required. string
This is deprecated and has no effect. Do not use.
ins This property is required. string[]
This is deprecated and has no effect. Do not use.
logConfigs This property is required. LogConfigResponse[]
This is deprecated and has no effect. Do not use.
notIns This property is required. string[]
This is deprecated and has no effect. Do not use.
permissions This property is required. string[]
This is deprecated and has no effect. Do not use.
action This property is required. str
This is deprecated and has no effect. Do not use.
conditions This property is required. Sequence[ConditionResponse]
This is deprecated and has no effect. Do not use.
description This property is required. str
This is deprecated and has no effect. Do not use.
ins This property is required. Sequence[str]
This is deprecated and has no effect. Do not use.
log_configs This property is required. Sequence[LogConfigResponse]
This is deprecated and has no effect. Do not use.
not_ins This property is required. Sequence[str]
This is deprecated and has no effect. Do not use.
permissions This property is required. Sequence[str]
This is deprecated and has no effect. Do not use.
action This property is required. String
This is deprecated and has no effect. Do not use.
conditions This property is required. List<Property Map>
This is deprecated and has no effect. Do not use.
description This property is required. String
This is deprecated and has no effect. Do not use.
ins This property is required. List<String>
This is deprecated and has no effect. Do not use.
logConfigs This property is required. List<Property Map>
This is deprecated and has no effect. Do not use.
notIns This property is required. List<String>
This is deprecated and has no effect. Do not use.
permissions This property is required. List<String>
This is deprecated and has no effect. Do not use.

Package Details

Repository
Google Cloud Native pulumi/pulumi-google-native
License
Apache-2.0

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi
pulumi/pulumi-google-native