Package com.pulumi.gcp.dataproc

Class ClusterIAMPolicy

  • public class ClusterIAMPolicy
extends com.pulumi.resources.CustomResource
    Three different resources help you manage IAM policies on dataproc clusters. Each of these resources serves a different use case: * `gcp.dataproc.ClusterIAMPolicy`: Authoritative. Sets the IAM policy for the cluster and replaces any existing policy already attached. * `gcp.dataproc.ClusterIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cluster are preserved. * `gcp.dataproc.ClusterIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cluster are preserved. > **Note:** `gcp.dataproc.ClusterIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.ClusterIAMBinding` and `gcp.dataproc.ClusterIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the cluster as `gcp.dataproc.ClusterIAMPolicy` replaces the entire policy. > **Note:** `gcp.dataproc.ClusterIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.ClusterIAMMember` resources **only if** they do not grant privilege to the same role. ## google\_dataproc\_cluster\_iam\_policy ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.organizations.OrganizationsFunctions; import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; import com.pulumi.gcp.dataproc.ClusterIAMPolicy; import com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() .bindings(GetIAMPolicyBindingArgs.builder() .role("roles/editor") .members("user:[email protected]") .build()) .build()); var editor = new ClusterIAMPolicy("editor", ClusterIAMPolicyArgs.builder() .project("your-project") .region("your-region") .cluster("your-dataproc-cluster") .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) .build()); } } ``` ## google\_dataproc\_cluster\_iam\_binding ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.dataproc.ClusterIAMBinding; import com.pulumi.gcp.dataproc.ClusterIAMBindingArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var editor = new ClusterIAMBinding("editor", ClusterIAMBindingArgs.builder() .cluster("your-dataproc-cluster") .members("user:[email protected]") .role("roles/editor") .build()); } } ``` ## google\_dataproc\_cluster\_iam\_member ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.dataproc.ClusterIAMMember; import com.pulumi.gcp.dataproc.ClusterIAMMemberArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var editor = new ClusterIAMMember("editor", ClusterIAMMemberArgs.builder() .cluster("your-dataproc-cluster") .member("user:[email protected]") .role("roles/editor") .build()); } } ``` ## Import Cluster IAM resources can be imported using the project, region, cluster name, role and/or member. ```sh $ pulumi import gcp:dataproc/clusterIAMPolicy:ClusterIAMPolicy editor "projects/{project}/regions/{region}/clusters/{cluster}" ``` ```sh $ pulumi import gcp:dataproc/clusterIAMPolicy:ClusterIAMPolicy editor "projects/{project}/regions/{region}/clusters/{cluster} roles/editor" ``` ```sh $ pulumi import gcp:dataproc/clusterIAMPolicy:ClusterIAMPolicy editor "projects/{project}/regions/{region}/clusters/{cluster} roles/editor user:[email protected]" ``` -> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

    • Nested Class Summary

      • Nested classes/interfaces inherited from class com.pulumi.resources.CustomResource

        com.pulumi.resources.CustomResource.CustomResourceInternal

      • Nested classes/interfaces inherited from class com.pulumi.resources.Resource

        com.pulumi.resources.Resource.LazyField<T extends java.lang.Object>, com.pulumi.resources.Resource.LazyFields, com.pulumi.resources.Resource.ResourceInternal

    • Field Summary

      • Fields inherited from class com.pulumi.resources.Resource

        childResources, remote

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      com.pulumi.core.Output<java.lang.String> cluster()  
      com.pulumi.core.Output<java.lang.String> etag()  
      static ClusterIAMPolicy get​(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, ClusterIAMPolicyState state, com.pulumi.resources.CustomResourceOptions options)
      Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
      com.pulumi.core.Output<java.lang.String> policyData()  
      com.pulumi.core.Output<java.lang.String> project()  
      com.pulumi.core.Output<java.lang.String> region()  

      • Methods inherited from class com.pulumi.resources.CustomResource

        getId, idFuture

      • Methods inherited from class com.pulumi.resources.Resource

        getChildResources, getResourceName, getResourceType, getUrn

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • ClusterIAMPolicy

        public ClusterIAMPolicy​(java.lang.String name)
        Parameters:
        name - The _unique_ name of the resulting resource.

      • ClusterIAMPolicy

        public ClusterIAMPolicy​(java.lang.String name,
                        ClusterIAMPolicyArgs args)
        Parameters:
        name - The _unique_ name of the resulting resource.
        args - The arguments to use to populate this resource's properties.

      • ClusterIAMPolicy

        public ClusterIAMPolicy​(java.lang.String name,
                        ClusterIAMPolicyArgs args,
                        @Nullable
                        com.pulumi.resources.CustomResourceOptions options)
        Parameters:
        name - The _unique_ name of the resulting resource.
        args - The arguments to use to populate this resource's properties.
        options - A bag of options that control this resource's behavior.

    • Method Detail

      • cluster

        public com.pulumi.core.Output<java.lang.String> cluster()
        Returns:
        The name or relative resource id of the cluster to manage IAM policies for. For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected]. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected]. * **group:{emailid}**: An email address that represents a Google group. For example, [email protected]. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

      • etag

        public com.pulumi.core.Output<java.lang.String> etag()
        Returns:
        (Computed) The etag of the clusters's IAM policy.

      • policyData

        public com.pulumi.core.Output<java.lang.String> policyData()
        Returns:
        The policy data generated by a `gcp.organizations.getIAMPolicy` data source. ***

      • project

        public com.pulumi.core.Output<java.lang.String> project()
        Returns:
        The project in which the cluster belongs. If it is not provided, the provider will use a default.

      • region

        public com.pulumi.core.Output<java.lang.String> region()
        Returns:
        The region in which the cluster belongs. If it is not provided, the provider will use a default.

      • get

        public static ClusterIAMPolicy get​(java.lang.String name,
                                   com.pulumi.core.Output<java.lang.String> id,
                                   @Nullable
                                   ClusterIAMPolicyState state,
                                   @Nullable
                                   com.pulumi.resources.CustomResourceOptions options)
        Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
        Parameters:
        name - The _unique_ name of the resulting resource.
        id - The _unique_ provider ID of the resource to lookup.
        state -
        options - Optional settings to control the behavior of the CustomResource.