googleIamTestablePermissions
Retrieve a list of testable permissions for a resource. Testable permissions mean the permissions that user can add or remove in a role at a given resource. The resource can be referenced either via the full resource name or via a URI.
Example Usage
Retrieve all the supported permissions able to be set on myProject that are in either GA or BETA. This is useful for dynamically constructing custom roles.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.dataGoogleIamTestablePermissions.DataGoogleIamTestablePermissions(
this,
"perms",
{
full_resource_name:
"//cloudresourcemanager.googleapis.com/projects/my-project",
stages: ["GA", "BETA"],
}
);
Argument Reference
The following arguments are supported:
fullResourceName- (Required) See full resource name documentation for more detail.stages- (Optional) The acceptable release stages of the permission in the output. Note thatbetadoes not include permissions inga, but you can specify both with["ga", "beta"]for example. Can be a list of"alpha","beta","ga","deprecated". Default is["ga"].customSupportLevel- (Optional) The level of support for custom roles. Can be one of"notSupported","supported","testing". Default is"supported"
Attributes Reference
The following attributes are exported:
permissions- A list of permissions matching the provided input. Structure is defined below.
The permissions block supports:
name- Name of the permission.title- Human readable title of the permission.stage- Release stage of the permission.customSupportLevel- The the support level of this permission for custom roles.apiDisabled- Whether the corresponding API has been enabled for the resource.