jprdonnelly/opentf
1
0
Fork 0
mirror of https://github.com/opentffoundation/opentf.git synced 2026-03-14 13:01:34 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
551eedcf2616376b00d7da170b09f682bbfa3445
opentf/website/source/docs/providers/google/d/google_iam_policy.html.markdown
George Christou 61277c0dbd website/docs: Run terraform fmt on code examples (#12075) 
* docs/vsphere: Fix code block

* docs: Convert `...` to `# ...` to allow `terraform fmt`ing

* docs: Trim trailing whitespace

* docs: First-pass run of `terraform fmt` on code examples
2017-02-19 00:48:50 +02:00

2.3 KiB
Raw Blame History

layout, page_title, sidebar_current, description
layout page_title sidebar_current description
google Google: google_iam_policy docs-google-datasource-iam-policy Generates an IAM policy that can be referenced by other resources, applying the policy to them.

google_iam_policy

Generates an IAM policy document that may be referenced by and applied to other Google Cloud Platform resources, such as the google_project resource.

data "google_iam_policy" "admin" {
  binding {
    role = "roles/compute.instanceAdmin"

    members = [
      "serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com",
    ]
  }

  binding {
    role = "roles/storage.objectViewer"

    members = [
      "user:evanbrown@google.com",
    ]
  }
}

This data source is used to define IAM policies to apply to other resources. Currently, defining a policy through a datasource and referencing that policy from another resource is the only way to apply an IAM policy to a resource.

Note: Several restrictions apply when setting IAM policies through this API. See the setIamPolicy docs for a list of these restrictions.

Argument Reference

The following arguments are supported:

  • binding (Required) - A nested configuration block (described below) defining a binding to be included in the policy document. Multiple binding arguments are supported.

Each document configuration must have one or more binding blocks, which each accept the following arguments:

  • role (Required) - The role/permission that will be granted to the members. See the IAM Roles documentation for a complete list of roles.
  • members (Required) - An array of users/principals that will be granted the privilege in the role. For a human user, prefix the user's e-mail address with user: (e.g., user:evandbrown@gmail.com). For a service account, prefix the service account e-mail address with serviceAccount: (e.g., serviceAccount:your-service-account@your-project.iam.gserviceaccount.com).

Attributes Reference

The following attribute is exported:

  • policy_data - The above bindings serialized in a format suitable for referencing from a resource that supports IAM.
Reference in New Issue View Git Blame Copy Permalink