Google Cloud Healthcare Consent Store IAM

google_healthcare_consent_store_iam (Terraform)

The Consent Store IAM in Cloud Healthcare can be configured in Terraform with the resource name google_healthcare_consent_store_iam. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

The following arguments are supported:

• consent_store_id - (Required) Used to find the parent resource to bind the IAM policy to

• dataset - (Required) Identifies the dataset addressed by this request. Must be in the format 'projects/[project]/locations/[location]/datasets/[dataset]' Used to find the parent resource to bind the IAM policy to

• member/members - (Required) Identities that will be granted the privilege in role. Each entry can have one of the following values:

  • allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
  • allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
  • user:[emailid]: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
  • serviceAccount:[emailid]: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:[emailid]: An email address that represents a Google group. For example, admins@example.com.
  • domain:[domain]: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
  • projectOwner:projectid: Owners of the given project. For example, "projectOwner:my-example-project"
  • projectEditor:projectid: Editors of the given project. For example, "projectEditor:my-example-project"
  • projectViewer:projectid: Viewers of the given project. For example, "projectViewer:my-example-project"

• role - (Required) The role that should be applied. Only one google_healthcare_consent_store_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/[parent-name]/roles/[role-name].

• policy_data - (Required only by google_healthcare_consent_store_iam_policy) The policy data generated by a google_iam_policy data source.

In addition to the arguments listed above, the following computed attributes are exported:

• etag - (Computed) The etag of the IAM policy.

Explanation in Terraform Registry

Three different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:

• google_healthcare_consent_store_iam_policy: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.
• google_healthcare_consent_store_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.
• google_healthcare_consent_store_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.

  Note: google_healthcare_consent_store_iam_policy cannot be used in conjunction with google_healthcare_consent_store_iam_binding and google_healthcare_consent_store_iam_member or they will fight over what your policy should be.

  Note: google_healthcare_consent_store_iam_binding resources can be used in conjunction with google_healthcare_consent_store_iam_member resources only if they do not grant privilege to the same role.