1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. iam
  5. FoldersPolicyBinding
Google Cloud v8.23.0 published on Monday, Mar 24, 2025 by Pulumi

gcp.iam.FoldersPolicyBinding

Explore with Pulumi AI

Example Usage

Iam Folders Policy Binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as time from "@pulumi/time";

const pabPolicy = new gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy", {
    organization: "123456789",
    location: "global",
    displayName: "binding for all principals in the folder",
    principalAccessBoundaryPolicyId: "my-pab-policy",
});
const folder = new gcp.organizations.Folder("folder", {
    displayName: "my folder",
    parent: "organizations/123456789",
    deletionProtection: false,
});
const wait120s = new time.index.Sleep("wait_120s", {createDuration: "120s"}, {
    dependsOn: [folder],
});
const binding_for_all_folder_principals = new gcp.iam.FoldersPolicyBinding("binding-for-all-folder-principals", {
    folder: folder.folderId,
    location: "global",
    displayName: "binding for all principals in the folder",
    policyKind: "PRINCIPAL_ACCESS_BOUNDARY",
    policyBindingId: "binding-for-all-folder-principals",
    policy: pulumi.interpolate`organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}`,
    target: {
        principalSet: pulumi.interpolate`//cloudresourcemanager.googleapis.com/folders/${folder.folderId}`,
    },
}, {
    dependsOn: [wait120s],
});
Copy
import pulumi
import pulumi_gcp as gcp
import pulumi_time as time

pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
    organization="123456789",
    location="global",
    display_name="binding for all principals in the folder",
    principal_access_boundary_policy_id="my-pab-policy")
folder = gcp.organizations.Folder("folder",
    display_name="my folder",
    parent="organizations/123456789",
    deletion_protection=False)
wait120s = time.index.Sleep("wait_120s", create_duration=120s,
opts = pulumi.ResourceOptions(depends_on=[folder]))
binding_for_all_folder_principals = gcp.iam.FoldersPolicyBinding("binding-for-all-folder-principals",
    folder=folder.folder_id,
    location="global",
    display_name="binding for all principals in the folder",
    policy_kind="PRINCIPAL_ACCESS_BOUNDARY",
    policy_binding_id="binding-for-all-folder-principals",
    policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
    target={
        "principal_set": folder.folder_id.apply(lambda folder_id: f"//cloudresourcemanager.googleapis.com/folders/{folder_id}"),
    },
    opts = pulumi.ResourceOptions(depends_on=[wait120s]))
Copy
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
	"github.com/pulumi/pulumi-time/sdk/go/time"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pabPolicy, err := iam.NewPrincipalAccessBoundaryPolicy(ctx, "pab_policy", &iam.PrincipalAccessBoundaryPolicyArgs{
			Organization:                    pulumi.String("123456789"),
			Location:                        pulumi.String("global"),
			DisplayName:                     pulumi.String("binding for all principals in the folder"),
			PrincipalAccessBoundaryPolicyId: pulumi.String("my-pab-policy"),
		})
		if err != nil {
			return err
		}
		folder, err := organizations.NewFolder(ctx, "folder", &organizations.FolderArgs{
			DisplayName:        pulumi.String("my folder"),
			Parent:             pulumi.String("organizations/123456789"),
			DeletionProtection: pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		wait120s, err := time.NewSleep(ctx, "wait_120s", &time.SleepArgs{
			CreateDuration: "120s",
		}, pulumi.DependsOn([]pulumi.Resource{
			folder,
		}))
		if err != nil {
			return err
		}
		_, err = iam.NewFoldersPolicyBinding(ctx, "binding-for-all-folder-principals", &iam.FoldersPolicyBindingArgs{
			Folder:          folder.FolderId,
			Location:        pulumi.String("global"),
			DisplayName:     pulumi.String("binding for all principals in the folder"),
			PolicyKind:      pulumi.String("PRINCIPAL_ACCESS_BOUNDARY"),
			PolicyBindingId: pulumi.String("binding-for-all-folder-principals"),
			Policy: pabPolicy.PrincipalAccessBoundaryPolicyId.ApplyT(func(principalAccessBoundaryPolicyId string) (string, error) {
				return fmt.Sprintf("organizations/123456789/locations/global/principalAccessBoundaryPolicies/%v", principalAccessBoundaryPolicyId), nil
			}).(pulumi.StringOutput),
			Target: &iam.FoldersPolicyBindingTargetArgs{
				PrincipalSet: folder.FolderId.ApplyT(func(folderId string) (string, error) {
					return fmt.Sprintf("//cloudresourcemanager.googleapis.com/folders/%v", folderId), nil
				}).(pulumi.StringOutput),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			wait120s,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Time = Pulumi.Time;

return await Deployment.RunAsync(() => 
{
    var pabPolicy = new Gcp.Iam.PrincipalAccessBoundaryPolicy("pab_policy", new()
    {
        Organization = "123456789",
        Location = "global",
        DisplayName = "binding for all principals in the folder",
        PrincipalAccessBoundaryPolicyId = "my-pab-policy",
    });

    var folder = new Gcp.Organizations.Folder("folder", new()
    {
        DisplayName = "my folder",
        Parent = "organizations/123456789",
        DeletionProtection = false,
    });

    var wait120s = new Time.Index.Sleep("wait_120s", new()
    {
        CreateDuration = "120s",
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            folder,
        },
    });

    var binding_for_all_folder_principals = new Gcp.Iam.FoldersPolicyBinding("binding-for-all-folder-principals", new()
    {
        Folder = folder.FolderId,
        Location = "global",
        DisplayName = "binding for all principals in the folder",
        PolicyKind = "PRINCIPAL_ACCESS_BOUNDARY",
        PolicyBindingId = "binding-for-all-folder-principals",
        Policy = pabPolicy.PrincipalAccessBoundaryPolicyId.Apply(principalAccessBoundaryPolicyId => $"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principalAccessBoundaryPolicyId}"),
        Target = new Gcp.Iam.Inputs.FoldersPolicyBindingTargetArgs
        {
            PrincipalSet = folder.FolderId.Apply(folderId => $"//cloudresourcemanager.googleapis.com/folders/{folderId}"),
        },
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            wait120s,
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicy;
import com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicyArgs;
import com.pulumi.gcp.organizations.Folder;
import com.pulumi.gcp.organizations.FolderArgs;
import com.pulumi.time.sleep;
import com.pulumi.time.SleepArgs;
import com.pulumi.gcp.iam.FoldersPolicyBinding;
import com.pulumi.gcp.iam.FoldersPolicyBindingArgs;
import com.pulumi.gcp.iam.inputs.FoldersPolicyBindingTargetArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var pabPolicy = new PrincipalAccessBoundaryPolicy("pabPolicy", PrincipalAccessBoundaryPolicyArgs.builder()
            .organization("123456789")
            .location("global")
            .displayName("binding for all principals in the folder")
            .principalAccessBoundaryPolicyId("my-pab-policy")
            .build());

        var folder = new Folder("folder", FolderArgs.builder()
            .displayName("my folder")
            .parent("organizations/123456789")
            .deletionProtection(false)
            .build());

        var wait120s = new Sleep("wait120s", SleepArgs.builder()
            .createDuration("120s")
            .build(), CustomResourceOptions.builder()
                .dependsOn(folder)
                .build());

        var binding_for_all_folder_principals = new FoldersPolicyBinding("binding-for-all-folder-principals", FoldersPolicyBindingArgs.builder()
            .folder(folder.folderId())
            .location("global")
            .displayName("binding for all principals in the folder")
            .policyKind("PRINCIPAL_ACCESS_BOUNDARY")
            .policyBindingId("binding-for-all-folder-principals")
            .policy(pabPolicy.principalAccessBoundaryPolicyId().applyValue(principalAccessBoundaryPolicyId -> String.format("organizations/123456789/locations/global/principalAccessBoundaryPolicies/%s", principalAccessBoundaryPolicyId)))
            .target(FoldersPolicyBindingTargetArgs.builder()
                .principalSet(folder.folderId().applyValue(folderId -> String.format("//cloudresourcemanager.googleapis.com/folders/%s", folderId)))
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(wait120s)
                .build());

    }
}
Copy
resources:
  pabPolicy:
    type: gcp:iam:PrincipalAccessBoundaryPolicy
    name: pab_policy
    properties:
      organization: '123456789'
      location: global
      displayName: binding for all principals in the folder
      principalAccessBoundaryPolicyId: my-pab-policy
  folder:
    type: gcp:organizations:Folder
    properties:
      displayName: my folder
      parent: organizations/123456789
      deletionProtection: false
  wait120s:
    type: time:sleep
    name: wait_120s
    properties:
      createDuration: 120s
    options:
      dependsOn:
        - ${folder}
  binding-for-all-folder-principals:
    type: gcp:iam:FoldersPolicyBinding
    properties:
      folder: ${folder.folderId}
      location: global
      displayName: binding for all principals in the folder
      policyKind: PRINCIPAL_ACCESS_BOUNDARY
      policyBindingId: binding-for-all-folder-principals
      policy: organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}
      target:
        principalSet: //cloudresourcemanager.googleapis.com/folders/${folder.folderId}
    options:
      dependsOn:
        - ${wait120s}
Copy

Create FoldersPolicyBinding Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FoldersPolicyBinding(name: string, args: FoldersPolicyBindingArgs, opts?: CustomResourceOptions);
@overload
def FoldersPolicyBinding(resource_name: str,
                         args: FoldersPolicyBindingArgs,
                         opts: Optional[ResourceOptions] = None)

@overload
def FoldersPolicyBinding(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         folder: Optional[str] = None,
                         location: Optional[str] = None,
                         policy: Optional[str] = None,
                         policy_binding_id: Optional[str] = None,
                         target: Optional[FoldersPolicyBindingTargetArgs] = None,
                         annotations: Optional[Mapping[str, str]] = None,
                         condition: Optional[FoldersPolicyBindingConditionArgs] = None,
                         display_name: Optional[str] = None,
                         policy_kind: Optional[str] = None)
func NewFoldersPolicyBinding(ctx *Context, name string, args FoldersPolicyBindingArgs, opts ...ResourceOption) (*FoldersPolicyBinding, error)
public FoldersPolicyBinding(string name, FoldersPolicyBindingArgs args, CustomResourceOptions? opts = null)
public FoldersPolicyBinding(String name, FoldersPolicyBindingArgs args)
public FoldersPolicyBinding(String name, FoldersPolicyBindingArgs args, CustomResourceOptions options)
type: gcp:iam:FoldersPolicyBinding
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. FoldersPolicyBindingArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. FoldersPolicyBindingArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. FoldersPolicyBindingArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. FoldersPolicyBindingArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. FoldersPolicyBindingArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var foldersPolicyBindingResource = new Gcp.Iam.FoldersPolicyBinding("foldersPolicyBindingResource", new()
{
    Folder = "string",
    Location = "string",
    Policy = "string",
    PolicyBindingId = "string",
    Target = new Gcp.Iam.Inputs.FoldersPolicyBindingTargetArgs
    {
        PrincipalSet = "string",
    },
    Annotations = 
    {
        { "string", "string" },
    },
    Condition = new Gcp.Iam.Inputs.FoldersPolicyBindingConditionArgs
    {
        Description = "string",
        Expression = "string",
        Location = "string",
        Title = "string",
    },
    DisplayName = "string",
    PolicyKind = "string",
});
Copy
example, err := iam.NewFoldersPolicyBinding(ctx, "foldersPolicyBindingResource", &iam.FoldersPolicyBindingArgs{
	Folder:          pulumi.String("string"),
	Location:        pulumi.String("string"),
	Policy:          pulumi.String("string"),
	PolicyBindingId: pulumi.String("string"),
	Target: &iam.FoldersPolicyBindingTargetArgs{
		PrincipalSet: pulumi.String("string"),
	},
	Annotations: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	Condition: &iam.FoldersPolicyBindingConditionArgs{
		Description: pulumi.String("string"),
		Expression:  pulumi.String("string"),
		Location:    pulumi.String("string"),
		Title:       pulumi.String("string"),
	},
	DisplayName: pulumi.String("string"),
	PolicyKind:  pulumi.String("string"),
})
Copy
var foldersPolicyBindingResource = new FoldersPolicyBinding("foldersPolicyBindingResource", FoldersPolicyBindingArgs.builder()
    .folder("string")
    .location("string")
    .policy("string")
    .policyBindingId("string")
    .target(FoldersPolicyBindingTargetArgs.builder()
        .principalSet("string")
        .build())
    .annotations(Map.of("string", "string"))
    .condition(FoldersPolicyBindingConditionArgs.builder()
        .description("string")
        .expression("string")
        .location("string")
        .title("string")
        .build())
    .displayName("string")
    .policyKind("string")
    .build());
Copy
folders_policy_binding_resource = gcp.iam.FoldersPolicyBinding("foldersPolicyBindingResource",
    folder="string",
    location="string",
    policy="string",
    policy_binding_id="string",
    target={
        "principal_set": "string",
    },
    annotations={
        "string": "string",
    },
    condition={
        "description": "string",
        "expression": "string",
        "location": "string",
        "title": "string",
    },
    display_name="string",
    policy_kind="string")
Copy
const foldersPolicyBindingResource = new gcp.iam.FoldersPolicyBinding("foldersPolicyBindingResource", {
    folder: "string",
    location: "string",
    policy: "string",
    policyBindingId: "string",
    target: {
        principalSet: "string",
    },
    annotations: {
        string: "string",
    },
    condition: {
        description: "string",
        expression: "string",
        location: "string",
        title: "string",
    },
    displayName: "string",
    policyKind: "string",
});
Copy
type: gcp:iam:FoldersPolicyBinding
properties:
    annotations:
        string: string
    condition:
        description: string
        expression: string
        location: string
        title: string
    displayName: string
    folder: string
    location: string
    policy: string
    policyBindingId: string
    policyKind: string
    target:
        principalSet: string
Copy

FoldersPolicyBinding Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The FoldersPolicyBinding resource accepts the following input properties:

Folder
This property is required.
Changes to this property will trigger replacement.
string
The parent folder for the PolicyBinding.
Location
This property is required.
Changes to this property will trigger replacement.
string
The location of the PolicyBinding.
Policy
This property is required.
Changes to this property will trigger replacement.
string
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
PolicyBindingId
This property is required.
Changes to this property will trigger replacement.
string
The Policy Binding ID.
Target This property is required. FoldersPolicyBindingTarget
Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
Annotations Dictionary<string, string>
Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
Condition FoldersPolicyBindingCondition
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
DisplayName string
Optional. The description of the policy binding. Must be less than or equal to 63 characters.
PolicyKind Changes to this property will trigger replacement. string
Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
Folder
This property is required.
Changes to this property will trigger replacement.
string
The parent folder for the PolicyBinding.
Location
This property is required.
Changes to this property will trigger replacement.
string
The location of the PolicyBinding.
Policy
This property is required.
Changes to this property will trigger replacement.
string
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
PolicyBindingId
This property is required.
Changes to this property will trigger replacement.
string
The Policy Binding ID.
Target This property is required. FoldersPolicyBindingTargetArgs
Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
Annotations map[string]string
Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
Condition FoldersPolicyBindingConditionArgs
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
DisplayName string
Optional. The description of the policy binding. Must be less than or equal to 63 characters.
PolicyKind Changes to this property will trigger replacement. string
Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
folder
This property is required.
Changes to this property will trigger replacement.
String
The parent folder for the PolicyBinding.
location
This property is required.
Changes to this property will trigger replacement.
String
The location of the PolicyBinding.
policy
This property is required.
Changes to this property will trigger replacement.
String
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
policyBindingId
This property is required.
Changes to this property will trigger replacement.
String
The Policy Binding ID.
target This property is required. FoldersPolicyBindingTarget
Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
annotations Map<String,String>
Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
condition FoldersPolicyBindingCondition
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
displayName String
Optional. The description of the policy binding. Must be less than or equal to 63 characters.
policyKind Changes to this property will trigger replacement. String
Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
folder
This property is required.
Changes to this property will trigger replacement.
string
The parent folder for the PolicyBinding.
location
This property is required.
Changes to this property will trigger replacement.
string
The location of the PolicyBinding.
policy
This property is required.
Changes to this property will trigger replacement.
string
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
policyBindingId
This property is required.
Changes to this property will trigger replacement.
string
The Policy Binding ID.
target This property is required. FoldersPolicyBindingTarget
Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
annotations {[key: string]: string}
Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
condition FoldersPolicyBindingCondition
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
displayName string
Optional. The description of the policy binding. Must be less than or equal to 63 characters.
policyKind Changes to this property will trigger replacement. string
Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
folder
This property is required.
Changes to this property will trigger replacement.
str
The parent folder for the PolicyBinding.
location
This property is required.
Changes to this property will trigger replacement.
str
The location of the PolicyBinding.
policy
This property is required.
Changes to this property will trigger replacement.
str
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
policy_binding_id
This property is required.
Changes to this property will trigger replacement.
str
The Policy Binding ID.
target This property is required. FoldersPolicyBindingTargetArgs
Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
annotations Mapping[str, str]
Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
condition FoldersPolicyBindingConditionArgs
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
display_name str
Optional. The description of the policy binding. Must be less than or equal to 63 characters.
policy_kind Changes to this property will trigger replacement. str
Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
folder
This property is required.
Changes to this property will trigger replacement.
String
The parent folder for the PolicyBinding.
location
This property is required.
Changes to this property will trigger replacement.
String
The location of the PolicyBinding.
policy
This property is required.
Changes to this property will trigger replacement.
String
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
policyBindingId
This property is required.
Changes to this property will trigger replacement.
String
The Policy Binding ID.
target This property is required. Property Map
Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
annotations Map<String>
Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
condition Property Map
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
displayName String
Optional. The description of the policy binding. Must be less than or equal to 63 characters.
policyKind Changes to this property will trigger replacement. String
Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS

Outputs

All input properties are implicitly available as output properties. Additionally, the FoldersPolicyBinding resource produces the following output properties:

CreateTime string
Output only. The time when the policy binding was created.
EffectiveAnnotations Dictionary<string, string>
Etag string
Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
Id string
The provider-assigned unique ID for this managed resource.
Name string
The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
PolicyUid string
Output only. The globally unique ID of the policy to be bound.
Uid string
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
UpdateTime string
Output only. The time when the policy binding was most recently updated.
CreateTime string
Output only. The time when the policy binding was created.
EffectiveAnnotations map[string]string
Etag string
Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
Id string
The provider-assigned unique ID for this managed resource.
Name string
The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
PolicyUid string
Output only. The globally unique ID of the policy to be bound.
Uid string
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
UpdateTime string
Output only. The time when the policy binding was most recently updated.
createTime String
Output only. The time when the policy binding was created.
effectiveAnnotations Map<String,String>
etag String
Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
id String
The provider-assigned unique ID for this managed resource.
name String
The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
policyUid String
Output only. The globally unique ID of the policy to be bound.
uid String
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
updateTime String
Output only. The time when the policy binding was most recently updated.
createTime string
Output only. The time when the policy binding was created.
effectiveAnnotations {[key: string]: string}
etag string
Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
id string
The provider-assigned unique ID for this managed resource.
name string
The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
policyUid string
Output only. The globally unique ID of the policy to be bound.
uid string
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
updateTime string
Output only. The time when the policy binding was most recently updated.
create_time str
Output only. The time when the policy binding was created.
effective_annotations Mapping[str, str]
etag str
Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
id str
The provider-assigned unique ID for this managed resource.
name str
The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
policy_uid str
Output only. The globally unique ID of the policy to be bound.
uid str
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
update_time str
Output only. The time when the policy binding was most recently updated.
createTime String
Output only. The time when the policy binding was created.
effectiveAnnotations Map<String>
etag String
Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
id String
The provider-assigned unique ID for this managed resource.
name String
The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
policyUid String
Output only. The globally unique ID of the policy to be bound.
uid String
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
updateTime String
Output only. The time when the policy binding was most recently updated.

Look up Existing FoldersPolicyBinding Resource

Get an existing FoldersPolicyBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FoldersPolicyBindingState, opts?: CustomResourceOptions): FoldersPolicyBinding
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        annotations: Optional[Mapping[str, str]] = None,
        condition: Optional[FoldersPolicyBindingConditionArgs] = None,
        create_time: Optional[str] = None,
        display_name: Optional[str] = None,
        effective_annotations: Optional[Mapping[str, str]] = None,
        etag: Optional[str] = None,
        folder: Optional[str] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        policy: Optional[str] = None,
        policy_binding_id: Optional[str] = None,
        policy_kind: Optional[str] = None,
        policy_uid: Optional[str] = None,
        target: Optional[FoldersPolicyBindingTargetArgs] = None,
        uid: Optional[str] = None,
        update_time: Optional[str] = None) -> FoldersPolicyBinding
func GetFoldersPolicyBinding(ctx *Context, name string, id IDInput, state *FoldersPolicyBindingState, opts ...ResourceOption) (*FoldersPolicyBinding, error)
public static FoldersPolicyBinding Get(string name, Input<string> id, FoldersPolicyBindingState? state, CustomResourceOptions? opts = null)
public static FoldersPolicyBinding get(String name, Output<String> id, FoldersPolicyBindingState state, CustomResourceOptions options)
resources:  _:    type: gcp:iam:FoldersPolicyBinding    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Annotations Dictionary<string, string>
Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
Condition FoldersPolicyBindingCondition
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
CreateTime string
Output only. The time when the policy binding was created.
DisplayName string
Optional. The description of the policy binding. Must be less than or equal to 63 characters.
EffectiveAnnotations Dictionary<string, string>
Etag string
Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
Folder Changes to this property will trigger replacement. string
The parent folder for the PolicyBinding.
Location Changes to this property will trigger replacement. string
The location of the PolicyBinding.
Name string
The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
Policy Changes to this property will trigger replacement. string
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
PolicyBindingId Changes to this property will trigger replacement. string
The Policy Binding ID.
PolicyKind Changes to this property will trigger replacement. string
Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
PolicyUid string
Output only. The globally unique ID of the policy to be bound.
Target FoldersPolicyBindingTarget
Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
Uid string
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
UpdateTime string
Output only. The time when the policy binding was most recently updated.
Annotations map[string]string
Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
Condition FoldersPolicyBindingConditionArgs
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
CreateTime string
Output only. The time when the policy binding was created.
DisplayName string
Optional. The description of the policy binding. Must be less than or equal to 63 characters.
EffectiveAnnotations map[string]string
Etag string
Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
Folder Changes to this property will trigger replacement. string
The parent folder for the PolicyBinding.
Location Changes to this property will trigger replacement. string
The location of the PolicyBinding.
Name string
The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
Policy Changes to this property will trigger replacement. string
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
PolicyBindingId Changes to this property will trigger replacement. string
The Policy Binding ID.
PolicyKind Changes to this property will trigger replacement. string
Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
PolicyUid string
Output only. The globally unique ID of the policy to be bound.
Target FoldersPolicyBindingTargetArgs
Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
Uid string
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
UpdateTime string
Output only. The time when the policy binding was most recently updated.
annotations Map<String,String>
Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
condition FoldersPolicyBindingCondition
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
createTime String
Output only. The time when the policy binding was created.
displayName String
Optional. The description of the policy binding. Must be less than or equal to 63 characters.
effectiveAnnotations Map<String,String>
etag String
Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
folder Changes to this property will trigger replacement. String
The parent folder for the PolicyBinding.
location Changes to this property will trigger replacement. String
The location of the PolicyBinding.
name String
The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
policy Changes to this property will trigger replacement. String
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
policyBindingId Changes to this property will trigger replacement. String
The Policy Binding ID.
policyKind Changes to this property will trigger replacement. String
Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
policyUid String
Output only. The globally unique ID of the policy to be bound.
target FoldersPolicyBindingTarget
Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
uid String
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
updateTime String
Output only. The time when the policy binding was most recently updated.
annotations {[key: string]: string}
Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
condition FoldersPolicyBindingCondition
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
createTime string
Output only. The time when the policy binding was created.
displayName string
Optional. The description of the policy binding. Must be less than or equal to 63 characters.
effectiveAnnotations {[key: string]: string}
etag string
Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
folder Changes to this property will trigger replacement. string
The parent folder for the PolicyBinding.
location Changes to this property will trigger replacement. string
The location of the PolicyBinding.
name string
The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
policy Changes to this property will trigger replacement. string
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
policyBindingId Changes to this property will trigger replacement. string
The Policy Binding ID.
policyKind Changes to this property will trigger replacement. string
Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
policyUid string
Output only. The globally unique ID of the policy to be bound.
target FoldersPolicyBindingTarget
Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
uid string
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
updateTime string
Output only. The time when the policy binding was most recently updated.
annotations Mapping[str, str]
Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
condition FoldersPolicyBindingConditionArgs
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
create_time str
Output only. The time when the policy binding was created.
display_name str
Optional. The description of the policy binding. Must be less than or equal to 63 characters.
effective_annotations Mapping[str, str]
etag str
Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
folder Changes to this property will trigger replacement. str
The parent folder for the PolicyBinding.
location Changes to this property will trigger replacement. str
The location of the PolicyBinding.
name str
The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
policy Changes to this property will trigger replacement. str
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
policy_binding_id Changes to this property will trigger replacement. str
The Policy Binding ID.
policy_kind Changes to this property will trigger replacement. str
Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
policy_uid str
Output only. The globally unique ID of the policy to be bound.
target FoldersPolicyBindingTargetArgs
Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
uid str
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
update_time str
Output only. The time when the policy binding was most recently updated.
annotations Map<String>
Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
condition Property Map
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
createTime String
Output only. The time when the policy binding was created.
displayName String
Optional. The description of the policy binding. Must be less than or equal to 63 characters.
effectiveAnnotations Map<String>
etag String
Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
folder Changes to this property will trigger replacement. String
The parent folder for the PolicyBinding.
location Changes to this property will trigger replacement. String
The location of the PolicyBinding.
name String
The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
policy Changes to this property will trigger replacement. String
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
policyBindingId Changes to this property will trigger replacement. String
The Policy Binding ID.
policyKind Changes to this property will trigger replacement. String
Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
policyUid String
Output only. The globally unique ID of the policy to be bound.
target Property Map
Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
uid String
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
updateTime String
Output only. The time when the policy binding was most recently updated.

Supporting Types

FoldersPolicyBindingCondition
, FoldersPolicyBindingConditionArgs

Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string
Textual representation of an expression in Common Expression Language syntax.
Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
Description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string
Textual representation of an expression in Common Expression Language syntax.
Location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
description String
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression String
Textual representation of an expression in Common Expression Language syntax.
location String
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title String
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
description string
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression string
Textual representation of an expression in Common Expression Language syntax.
location string
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title string
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
description str
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression str
Textual representation of an expression in Common Expression Language syntax.
location str
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title str
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
description String
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression String
Textual representation of an expression in Common Expression Language syntax.
location String
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title String
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

FoldersPolicyBindingTarget
, FoldersPolicyBindingTargetArgs

PrincipalSet Changes to this property will trigger replacement. string
Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings. Examples for each one of the following supported principal set types:

  • Folder: //cloudresourcemanager.googleapis.com/folders/FOLDER_ID It must be parent by the policy binding's parent (the folder).

PrincipalSet Changes to this property will trigger replacement. string
Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings. Examples for each one of the following supported principal set types:

  • Folder: //cloudresourcemanager.googleapis.com/folders/FOLDER_ID It must be parent by the policy binding's parent (the folder).

principalSet Changes to this property will trigger replacement. String
Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings. Examples for each one of the following supported principal set types:

  • Folder: //cloudresourcemanager.googleapis.com/folders/FOLDER_ID It must be parent by the policy binding's parent (the folder).

principalSet Changes to this property will trigger replacement. string
Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings. Examples for each one of the following supported principal set types:

  • Folder: //cloudresourcemanager.googleapis.com/folders/FOLDER_ID It must be parent by the policy binding's parent (the folder).

principal_set Changes to this property will trigger replacement. str
Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings. Examples for each one of the following supported principal set types:

  • Folder: //cloudresourcemanager.googleapis.com/folders/FOLDER_ID It must be parent by the policy binding's parent (the folder).

principalSet Changes to this property will trigger replacement. String
Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings. Examples for each one of the following supported principal set types:

  • Folder: //cloudresourcemanager.googleapis.com/folders/FOLDER_ID It must be parent by the policy binding's parent (the folder).

Import

FoldersPolicyBinding can be imported using any of these accepted formats:

  • folders/{{folder}}/locations/{{location}}/policyBindings/{{policy_binding_id}}

  • {{folder}}/{{location}}/{{policy_binding_id}}

When using the pulumi import command, FoldersPolicyBinding can be imported using one of the formats above. For example:

$ pulumi import gcp:iam/foldersPolicyBinding:FoldersPolicyBinding default folders/{{folder}}/locations/{{location}}/policyBindings/{{policy_binding_id}}
Copy
$ pulumi import gcp:iam/foldersPolicyBinding:FoldersPolicyBinding default {{folder}}/{{location}}/{{policy_binding_id}}
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
Google Cloud (GCP) Classic pulumi/pulumi-gcp
License
Apache-2.0
Notes
This Pulumi package is based on the google-beta Terraform Provider.