IAM policy for Cloud Pub/Sub Schema

Three different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:

A data source can be used to retrieve policy data in advent you do not need creation

google_pubsub_schema_iam_policy

data "google_iam_policy" "admin" {
  binding {
    role = "roles/viewer"
    members = [
      "user:jane@example.com",
    ]
  }
}

resource "google_pubsub_schema_iam_policy" "policy" {
  project = google_pubsub_schema.example.project
  schema = google_pubsub_schema.example.name
  policy_data = data.google_iam_policy.admin.policy_data
}

google_pubsub_schema_iam_binding

resource "google_pubsub_schema_iam_binding" "binding" {
  project = google_pubsub_schema.example.project
  schema = google_pubsub_schema.example.name
  role = "roles/viewer"
  members = [
    "user:jane@example.com",
  ]
}

google_pubsub_schema_iam_member

resource "google_pubsub_schema_iam_member" "member" {
  project = google_pubsub_schema.example.project
  schema = google_pubsub_schema.example.name
  role = "roles/viewer"
  member = "user:jane@example.com"
}

Argument Reference

The following arguments are supported:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Import

For all import syntaxes, the "resource in question" can take any of the following forms:

Any variables not passed in the import command will be taken from the provider configuration.

Cloud Pub/Sub schema IAM resources can be imported using the resource identifiers, role, and member.

IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.

$ terraform import google_pubsub_schema_iam_member.editor "projects/{{project}}/schemas/{{schema}} roles/viewer user:jane@example.com"

IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.

$ terraform import google_pubsub_schema_iam_binding.editor "projects/{{project}}/schemas/{{schema}} roles/viewer"

IAM policy imports use the identifier of the resource in question, e.g.

$ terraform import google_pubsub_schema_iam_policy.editor projects/{{project}}/schemas/{{schema}}

User Project Overrides

This resource supports User Project Overrides.