Docs Home
Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi
gcp.iam.getTestablePermissions
Explore with Pulumi AI
Retrieve a list of testable permissions for a resource. Testable permissions mean the permissions that user can add or remove in a role at a given resource. The resource can be referenced either via the full resource name or via a URI.
Example Usage
Retrieve all the supported permissions able to be set on my-project that are in either GA or BETA. This is useful for dynamically constructing custom roles.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const perms = gcp.iam.getTestablePermissions({
fullResourceName: "//cloudresourcemanager.googleapis.com/projects/my-project",
stages: [
"GA",
"BETA",
],
});
import pulumi
import pulumi_gcp as gcp
perms = gcp.iam.get_testable_permissions(full_resource_name="//cloudresourcemanager.googleapis.com/projects/my-project",
stages=[
"GA",
"BETA",
])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iam.GetTestablePermissions(ctx, &iam.GetTestablePermissionsArgs{
FullResourceName: "//cloudresourcemanager.googleapis.com/projects/my-project",
Stages: []string{
"GA",
"BETA",
},
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var perms = Gcp.Iam.GetTestablePermissions.Invoke(new()
{
FullResourceName = "//cloudresourcemanager.googleapis.com/projects/my-project",
Stages = new[]
{
"GA",
"BETA",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.iam.IamFunctions;
import com.pulumi.gcp.iam.inputs.GetTestablePermissionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var perms = IamFunctions.getTestablePermissions(GetTestablePermissionsArgs.builder()
.fullResourceName("//cloudresourcemanager.googleapis.com/projects/my-project")
.stages(
"GA",
"BETA")
.build());
}
}
variables:
perms:
fn::invoke:
function: gcp:iam:getTestablePermissions
arguments:
fullResourceName: //cloudresourcemanager.googleapis.com/projects/my-project
stages:
- GA
- BETA
Using getTestablePermissions
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getTestablePermissions(args: GetTestablePermissionsArgs, opts?: InvokeOptions): Promise<GetTestablePermissionsResult>
function getTestablePermissionsOutput(args: GetTestablePermissionsOutputArgs, opts?: InvokeOptions): Output<GetTestablePermissionsResult>def get_testable_permissions(custom_support_level: Optional[str] = None,
full_resource_name: Optional[str] = None,
stages: Optional[Sequence[str]] = None,
opts: Optional[InvokeOptions] = None) -> GetTestablePermissionsResult
def get_testable_permissions_output(custom_support_level: Optional[pulumi.Input[str]] = None,
full_resource_name: Optional[pulumi.Input[str]] = None,
stages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetTestablePermissionsResult]func GetTestablePermissions(ctx *Context, args *GetTestablePermissionsArgs, opts ...InvokeOption) (*GetTestablePermissionsResult, error)
func GetTestablePermissionsOutput(ctx *Context, args *GetTestablePermissionsOutputArgs, opts ...InvokeOption) GetTestablePermissionsResultOutput> Note: This function is named GetTestablePermissions in the Go SDK.
public static class GetTestablePermissions
{
public static Task<GetTestablePermissionsResult> InvokeAsync(GetTestablePermissionsArgs args, InvokeOptions? opts = null)
public static Output<GetTestablePermissionsResult> Invoke(GetTestablePermissionsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetTestablePermissionsResult> getTestablePermissions(GetTestablePermissionsArgs args, InvokeOptions options)
public static Output<GetTestablePermissionsResult> getTestablePermissions(GetTestablePermissionsArgs args, InvokeOptions options)
fn::invoke:
function: gcp:iam/getTestablePermissions:getTestablePermissions
arguments:
# arguments dictionaryThe following arguments are supported:
- Full
Resource stringName - See full resource name documentation for more detail.
- Custom
Support stringLevel - The level of support for custom roles. Can be one of
"NOT_SUPPORTED","SUPPORTED","TESTING". Default is"SUPPORTED" - Stages List<string>
- The acceptable release stages of the permission in the output. Note that
BETAdoes not include permissions inGA, but you can specify both with["GA", "BETA"]for example. Can be a list of"ALPHA","BETA","GA","DEPRECATED". Default is["GA"].
- Full
Resource stringName - See full resource name documentation for more detail.
- Custom
Support stringLevel - The level of support for custom roles. Can be one of
"NOT_SUPPORTED","SUPPORTED","TESTING". Default is"SUPPORTED" - Stages []string
- The acceptable release stages of the permission in the output. Note that
BETAdoes not include permissions inGA, but you can specify both with["GA", "BETA"]for example. Can be a list of"ALPHA","BETA","GA","DEPRECATED". Default is["GA"].
- full
Resource StringName - See full resource name documentation for more detail.
- custom
Support StringLevel - The level of support for custom roles. Can be one of
"NOT_SUPPORTED","SUPPORTED","TESTING". Default is"SUPPORTED" - stages List<String>
- The acceptable release stages of the permission in the output. Note that
BETAdoes not include permissions inGA, but you can specify both with["GA", "BETA"]for example. Can be a list of"ALPHA","BETA","GA","DEPRECATED". Default is["GA"].
- full
Resource stringName - See full resource name documentation for more detail.
- custom
Support stringLevel - The level of support for custom roles. Can be one of
"NOT_SUPPORTED","SUPPORTED","TESTING". Default is"SUPPORTED" - stages string[]
- The acceptable release stages of the permission in the output. Note that
BETAdoes not include permissions inGA, but you can specify both with["GA", "BETA"]for example. Can be a list of"ALPHA","BETA","GA","DEPRECATED". Default is["GA"].
- full_
resource_ strname - See full resource name documentation for more detail.
- custom_
support_ strlevel - The level of support for custom roles. Can be one of
"NOT_SUPPORTED","SUPPORTED","TESTING". Default is"SUPPORTED" - stages Sequence[str]
- The acceptable release stages of the permission in the output. Note that
BETAdoes not include permissions inGA, but you can specify both with["GA", "BETA"]for example. Can be a list of"ALPHA","BETA","GA","DEPRECATED". Default is["GA"].
- full
Resource StringName - See full resource name documentation for more detail.
- custom
Support StringLevel - The level of support for custom roles. Can be one of
"NOT_SUPPORTED","SUPPORTED","TESTING". Default is"SUPPORTED" - stages List<String>
- The acceptable release stages of the permission in the output. Note that
BETAdoes not include permissions inGA, but you can specify both with["GA", "BETA"]for example. Can be a list of"ALPHA","BETA","GA","DEPRECATED". Default is["GA"].
getTestablePermissions Result
The following output properties are available:
- Full
Resource stringName - Id string
- The provider-assigned unique ID for this managed resource.
- Permissions
List<Get
Testable Permissions Permission> - A list of permissions matching the provided input. Structure is defined below.
- Custom
Support stringLevel - The the support level of this permission for custom roles.
- Stages List<string>
- Full
Resource stringName - Id string
- The provider-assigned unique ID for this managed resource.
- Permissions
[]Get
Testable Permissions Permission - A list of permissions matching the provided input. Structure is defined below.
- Custom
Support stringLevel - The the support level of this permission for custom roles.
- Stages []string
- full
Resource StringName - id String
- The provider-assigned unique ID for this managed resource.
- permissions
List<Get
Testable Permissions Permission> - A list of permissions matching the provided input. Structure is defined below.
- custom
Support StringLevel - The the support level of this permission for custom roles.
- stages List<String>
- full
Resource stringName - id string
- The provider-assigned unique ID for this managed resource.
- permissions
Get
Testable Permissions Permission[] - A list of permissions matching the provided input. Structure is defined below.
- custom
Support stringLevel - The the support level of this permission for custom roles.
- stages string[]
- full_
resource_ strname - id str
- The provider-assigned unique ID for this managed resource.
- permissions
Sequence[Get
Testable Permissions Permission] - A list of permissions matching the provided input. Structure is defined below.
- custom_
support_ strlevel - The the support level of this permission for custom roles.
- stages Sequence[str]
- full
Resource StringName - id String
- The provider-assigned unique ID for this managed resource.
- permissions List<Property Map>
- A list of permissions matching the provided input. Structure is defined below.
- custom
Support StringLevel - The the support level of this permission for custom roles.
- stages List<String>
Supporting Types
GetTestablePermissionsPermission
- Api
Disabled bool - Whether the corresponding API has been enabled for the resource.
- Custom
Support stringLevel - The level of support for custom roles. Can be one of
"NOT_SUPPORTED","SUPPORTED","TESTING". Default is"SUPPORTED" - Name string
- Name of the permission.
- Stage string
- Release stage of the permission.
- Title string
- Human readable title of the permission.
- Api
Disabled bool - Whether the corresponding API has been enabled for the resource.
- Custom
Support stringLevel - The level of support for custom roles. Can be one of
"NOT_SUPPORTED","SUPPORTED","TESTING". Default is"SUPPORTED" - Name string
- Name of the permission.
- Stage string
- Release stage of the permission.
- Title string
- Human readable title of the permission.
- api
Disabled Boolean - Whether the corresponding API has been enabled for the resource.
- custom
Support StringLevel - The level of support for custom roles. Can be one of
"NOT_SUPPORTED","SUPPORTED","TESTING". Default is"SUPPORTED" - name String
- Name of the permission.
- stage String
- Release stage of the permission.
- title String
- Human readable title of the permission.
- api
Disabled boolean - Whether the corresponding API has been enabled for the resource.
- custom
Support stringLevel - The level of support for custom roles. Can be one of
"NOT_SUPPORTED","SUPPORTED","TESTING". Default is"SUPPORTED" - name string
- Name of the permission.
- stage string
- Release stage of the permission.
- title string
- Human readable title of the permission.
- api_
disabled bool - Whether the corresponding API has been enabled for the resource.
- custom_
support_ strlevel - The level of support for custom roles. Can be one of
"NOT_SUPPORTED","SUPPORTED","TESTING". Default is"SUPPORTED" - name str
- Name of the permission.
- stage str
- Release stage of the permission.
- title str
- Human readable title of the permission.
- api
Disabled Boolean - Whether the corresponding API has been enabled for the resource.
- custom
Support StringLevel - The level of support for custom roles. Can be one of
"NOT_SUPPORTED","SUPPORTED","TESTING". Default is"SUPPORTED" - name String
- Name of the permission.
- stage String
- Release stage of the permission.
- title String
- Human readable title of the permission.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.