Generates an IAM policy document that may be referenced by and applied to other Google Cloud Platform resources, such as the google_project
resource.
data "google_iam_policy" "admin" { binding { role = "roles/compute.instanceAdmin" members = [ "serviceAccount:[email protected]", ] } binding { role = "roles/storage.objectViewer" members = [ "user:[email protected]", ] } }
This data source is used to define IAM policies to apply to other resources. Currently, defining a policy through a datasource and referencing that policy from another resource is the only way to apply an IAM policy to a resource.
Note: Several restrictions apply when setting IAM policies through this API. See the setIamPolicy docs for a list of these restrictions.
The following arguments are supported:
binding
(Required) - A nested configuration block (described below) defining a binding to be included in the policy document. Multiple binding
arguments are supported. Each document configuration must have one or more binding
blocks, which each accept the following arguments:
role
(Required) - The role/permission that will be granted to the members. See the IAM Roles documentation for a complete list of roles. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}
.
members
(Required) - An array of identites that will be granted the privilege in the role
. Each entry can have one of the following values:
google_project
resource. google_project
resource. The following attribute is exported:
policy_data
- The above bindings serialized in a format suitable for referencing from a resource that supports IAM.
© 2018 HashiCorpLicensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/google/d/google_iam_policy.html