forked from hashicorp/terraform-provider-google
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add explanation for member field (hashicorp#809)
- Loading branch information
Showing
3 changed files
with
26 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -26,7 +26,7 @@ data "google_iam_policy" "admin" { | |
| role = "roles/storage.objectViewer" | ||
| members = [ | ||
| "user:evanbrown@google.com", | ||
| "user:jane@example.com", | ||
| ] | ||
| } | ||
| } | ||
|
|
@@ -53,11 +53,15 @@ each accept the following arguments: | |
|
|
||
| * `role` (Required) - The role/permission that will be granted to the members. | ||
| See the [IAM Roles](https://cloud.google.com/compute/docs/access/iam) documentation for a complete list of roles. | ||
| * `members` (Required) - An array of users/principals that will be granted | ||
| the privilege in the `role`. For a human user, prefix the user's e-mail | ||
| address with `user:` (e.g., `user:[email protected]`). For a service | ||
| account, prefix the service account e-mail address with `serviceAccount:` | ||
| (e.g., `serviceAccount:[email protected]`). | ||
|
|
||
| * `members` (Required) - An array of identites that will be granted the privilege in the `role`. | ||
| Each entry can have one of the following values: | ||
| * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. | ||
| * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. | ||
| * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected]. | ||
| * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected]. | ||
| * **group:{emailid}**: An email address that represents a Google group. For example, [email protected]. | ||
| * **domain:{domain}**: A Google Apps domain name that represents all the users of that domain. For example, google.com or example.com. | ||
|
|
||
| ## Attributes Reference | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -32,7 +32,14 @@ resource "google_project_iam_binding" "project" { | |
|
|
||
| The following arguments are supported: | ||
|
|
||
| * `members` - (Required) A list of users that the role should apply to. | ||
| * `members` (Required) - An array of identites that will be granted the privilege in the `role`. | ||
| Each entry can have one of the following values: | ||
| * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. | ||
| * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. | ||
| * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected]. | ||
| * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected]. | ||
| * **group:{emailid}**: An email address that represents a Google group. For example, [email protected]. | ||
| * **domain:{domain}**: A Google Apps domain name that represents all the users of that domain. For example, google.com or example.com. | ||
|
|
||
| * `role` - (Required) The role that should be applied. Only one | ||
| `google_project_iam_binding` can be used per role. | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -30,7 +30,14 @@ resource "google_project_iam_member" "project" { | |
|
|
||
| The following arguments are supported: | ||
|
|
||
| * `member` - (Required) The user that the role should apply to. | ||
| * `member` - (Required) The identity that will be granted the privilege in the `role`. | ||
| This field can have one of the following values: | ||
| * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. | ||
| * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. | ||
| * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected]. | ||
| * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected]. | ||
| * **group:{emailid}**: An email address that represents a Google group. For example, [email protected]. | ||
| * **domain:{domain}**: A Google Apps domain name that represents all the users of that domain. For example, google.com or example.com. | ||
|
|
||
| * `role` - (Required) The role that should be applied. | ||
|
|
||
|
|
||