Skip to content

Commit

Permalink
add new resource iam_folders_policy_binding. addresses /issues/20198 (#…
Browse files Browse the repository at this point in the history 
…12265) (#20297)

[upstream:aebe93555584da9fb0d78672e4f2e74ccf230155]

Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
@modular-magician
modular-magician authored Nov 11, 2024
1 parent 863bc41 commit 6579712
Show file tree
Hide file tree
Showing 3 changed files with 238 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .changelog/12265.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:new-resource
`google_iam_folders_policy_binding` (beta)
```
3 changes: 3 additions & 0 deletions google/services/iam3/resource_iam_folders_policy_binding_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package iam3_test
232 changes: 232 additions & 0 deletions website/docs/r/iam_folders_policy_binding.html.markdown
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,232 @@
---
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** Type: MMv1 ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file in
# .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
subcategory: "Cloud IAM"
description: |-
A policy binding to a folder
---

# google_iam_folders_policy_binding

A policy binding to a folder

~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.

To get more information about FoldersPolicyBinding, see:

* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v3beta/folders.locations.policyBindings)
* How-to Guides
* [Apply a policy binding](https://cloud.google.com/iam/docs/principal-access-boundary-policies-create#create_binding)

## Example Usage - Iam Folders Policy Binding


```hcl
resource "google_iam_principal_access_boundary_policy" "pab_policy" {
provider = google-beta
organization = "123456789"
location = "global"
display_name = "test folder binding"
principal_access_boundary_policy_id = "my-pab-policy"
}
resource "google_folder" "folder" {
provider = google-beta
display_name = "test folder"
parent = "organizations/123456789"
deletion_protection = false
}
resource "time_sleep" "wait_120s" {
depends_on = [google_folder.folder]
create_duration = "120s"
}
resource "google_iam_folders_policy_binding" "my-folder-binding" {
provider = google-beta
folder = google_folder.folder.folder_id
location = "global"
display_name = "test folder binding"
policy_kind = "PRINCIPAL_ACCESS_BOUNDARY"
policy_binding_id = "test-folder-binding"
policy = "organizations/123456789/locations/global/principalAccessBoundaryPolicies/${google_iam_principal_access_boundary_policy.pab_policy.principal_access_boundary_policy_id}"
target {
principal_set = "//cloudresourcemanager.googleapis.com/folders/${google_folder.folder.folder_id}"
}
depends_on = [time_sleep.wait_120s]
}
```

## Argument Reference

The following arguments are supported:


* `target` -
(Required)
Target is the full resource name of the resource to which the policy will be bound. Immutable once set.
Structure is [documented below](#nested_target).

* `policy` -
(Required)
Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).

* `folder` -
(Required)
The parent folder for the PolicyBinding.

* `location` -
(Required)
The location of the PolicyBinding.

* `policy_binding_id` -
(Required)
The Policy Binding ID.


<a name="nested_target"></a>The `target` block supports:

* `principal_set` -
(Optional)
Required. Immutable. The resource name of the policy to be bound.
The binding parent and policy must belong to the same Organization (or Project).

- - -


* `display_name` -
(Optional)
Optional. The description of the policy binding. Must be less than or equal to 63 characters.

* `annotations` -
(Optional)
Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations

**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.
Please refer to the field `effective_annotations` for all of the annotations present on the resource.

* `policy_kind` -
(Optional)
Immutable. The kind of the policy to attach in this binding. This
field must be one of the following: - Left empty (will be automatically set
to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS

* `condition` -
(Optional)
Represents a textual expression in the Common Expression Language
(CEL) syntax. CEL is a C-like expression language. The syntax and semantics of
CEL are documented at https://github.com/google/cel-spec.
Example (Comparison):
title: \"Summary size limit\"
description: \"Determines if a summary is less than 100 chars\"
expression: \"document.summary.size() < 100\"
Example
(Equality):
title: \"Requestor is owner\"
description: \"Determines if requestor is the document owner\"
expression: \"document.owner == request.auth.claims.email\" Example
(Logic):
title: \"Public documents\"
description: \"Determine whether the document should be publicly visible\"
expression: \"document.type != 'private' && document.type != 'internal'\"
Example (Data Manipulation):
title: \"Notification string\"
description: \"Create a notification string with a timestamp.\"
expression: \"'New message received at ' + string(document.create_time)\"
The exact variables and functions that may be referenced within an expression are
determined by the service that evaluates it. See the service documentation for
additional information.
Structure is [documented below](#nested_condition).


<a name="nested_condition"></a>The `condition` block supports:

* `expression` -
(Optional)
Textual representation of an expression in Common Expression Language syntax.

* `title` -
(Optional)
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

* `description` -
(Optional)
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

* `location` -
(Optional)
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

## Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

* `id` - an identifier for the resource with format `folders/{{folder}}/locations/{{location}}/policyBindings/{{policy_binding_id}}`

* `name` -
The name of the policy binding in the format `{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`

* `uid` -
Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.

* `etag` -
Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.

* `policy_uid` -
Output only. The globally unique ID of the policy to be bound.

* `create_time` -
Output only. The time when the policy binding was created.

* `update_time` -
Output only. The time when the policy binding was most recently updated.

* `effective_annotations` -
All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.


## Timeouts

This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

- `create` - Default is 20 minutes.
- `update` - Default is 20 minutes.
- `delete` - Default is 20 minutes.

## Import


FoldersPolicyBinding can be imported using any of these accepted formats:

* `folders/{{folder}}/locations/{{location}}/policyBindings/{{policy_binding_id}}`
* `{{folder}}/{{location}}/{{policy_binding_id}}`


In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import FoldersPolicyBinding using one of the formats above. For example:

```tf
import {
id = "folders/{{folder}}/locations/{{location}}/policyBindings/{{policy_binding_id}}"
to = google_iam_folders_policy_binding.default
}
```

When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), FoldersPolicyBinding can be imported using one of the formats above. For example:

```
$ terraform import google_iam_folders_policy_binding.default folders/{{folder}}/locations/{{location}}/policyBindings/{{policy_binding_id}}
$ terraform import google_iam_folders_policy_binding.default {{folder}}/{{location}}/{{policy_binding_id}}
```

0 comments on commit 6579712

Please sign in to comment.