Retrieve a list of testable permissions for a resource. Testable permissions mean the permissions that user can add or remove in a role at a given resource. The resource can be referenced either via the full resource name or via a URI.
Retrieve all the supported permissions able to be set on my-project
that are in either GA or BETA. This is useful for dynamically constructing custom roles.
data "google_iam_testable_permissions" "perms" {
full_resource_name = "//cloudresourcemanager.googleapis.com/projects/my-project"
stages = ["GA", "BETA"]
}
The following arguments are supported:
full_resource_name
- (Required) See full resource name documentation for more detail.stages
- (Optional) The acceptable release stages of the permission in the output. Note that BETA
does not include permissions in GA
, but you can specify both with ["GA", "BETA"]
for example. Can be a list of "ALPHA"
, "BETA"
, "GA"
, "DEPRECATED"
. Default is ["GA"]
.custom_support_level
- (Optional) The level of support for custom roles. Can be one of "NOT_SUPPORTED"
, "SUPPORTED"
, "TESTING"
. Default is "SUPPORTED"
The following attributes are exported:
permissions
- A list of permissions matching the provided input. Structure is defined below.The permissions
block supports:
name
- Name of the permission.title
- Human readable title of the permission.stage
- Release stage of the permission.custom_support_level
- The the support level of this permission for custom roles.api_disabled
- Whether the corresponding API has been enabled for the resource.