Google Cloud v8.22.0, Mar 13 25

Google Cloud v8.22.0 published on Thursday, Mar 13, 2025 by Pulumi

gcp.iam.ProjectsPolicyBinding

Explore with Pulumi AI

Google Cloud v8.22.0 published on Thursday, Mar 13, 2025 by Pulumi

pulumi/pulumi-gcp

Example Usage

Iam Projects Policy Binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as time from "@pulumi/time";

const project = gcp.organizations.getProject({});
const pabPolicy = new gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy", {
    organization: "123456789",
    location: "global",
    displayName: "binding for all principals in the project",
    principalAccessBoundaryPolicyId: "my-pab-policy",
});
const wait60Seconds = new time.index.Sleep("wait_60_seconds", {createDuration: "60s"}, {
    dependsOn: [pabPolicy],
});
const binding_for_all_project_principals = new gcp.iam.ProjectsPolicyBinding("binding-for-all-project-principals", {
    project: project.then(project => project.projectId),
    location: "global",
    displayName: "binding for all principals in the project",
    policyKind: "PRINCIPAL_ACCESS_BOUNDARY",
    policyBindingId: "binding-for-all-project-principals",
    policy: pulumi.interpolate`organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}`,
    target: {
        principalSet: project.then(project => `//cloudresourcemanager.googleapis.com/projects/${project.projectId}`),
    },
}, {
    dependsOn: [wait60Seconds],
});

import pulumi
import pulumi_gcp as gcp
import pulumi_time as time

project = gcp.organizations.get_project()
pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
    organization="123456789",
    location="global",
    display_name="binding for all principals in the project",
    principal_access_boundary_policy_id="my-pab-policy")
wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s,
opts = pulumi.ResourceOptions(depends_on=[pab_policy]))
binding_for_all_project_principals = gcp.iam.ProjectsPolicyBinding("binding-for-all-project-principals",
    project=project.project_id,
    location="global",
    display_name="binding for all principals in the project",
    policy_kind="PRINCIPAL_ACCESS_BOUNDARY",
    policy_binding_id="binding-for-all-project-principals",
    policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
    target={
        "principal_set": f"//cloudresourcemanager.googleapis.com/projects/{project.project_id}",
    },
    opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/iam"
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
	"github.com/pulumi/pulumi-time/sdk/go/time"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
		if err != nil {
			return err
		}
		pabPolicy, err := iam.NewPrincipalAccessBoundaryPolicy(ctx, "pab_policy", &iam.PrincipalAccessBoundaryPolicyArgs{
			Organization:                    pulumi.String("123456789"),
			Location:                        pulumi.String("global"),
			DisplayName:                     pulumi.String("binding for all principals in the project"),
			PrincipalAccessBoundaryPolicyId: pulumi.String("my-pab-policy"),
		})
		if err != nil {
			return err
		}
		wait60Seconds, err := time.NewSleep(ctx, "wait_60_seconds", &time.SleepArgs{
			CreateDuration: "60s",
		}, pulumi.DependsOn([]pulumi.Resource{
			pabPolicy,
		}))
		if err != nil {
			return err
		}
		_, err = iam.NewProjectsPolicyBinding(ctx, "binding-for-all-project-principals", &iam.ProjectsPolicyBindingArgs{
			Project:         pulumi.String(project.ProjectId),
			Location:        pulumi.String("global"),
			DisplayName:     pulumi.String("binding for all principals in the project"),
			PolicyKind:      pulumi.String("PRINCIPAL_ACCESS_BOUNDARY"),
			PolicyBindingId: pulumi.String("binding-for-all-project-principals"),
			Policy: pabPolicy.PrincipalAccessBoundaryPolicyId.ApplyT(func(principalAccessBoundaryPolicyId string) (string, error) {
				return fmt.Sprintf("organizations/123456789/locations/global/principalAccessBoundaryPolicies/%v", principalAccessBoundaryPolicyId), nil
			}).(pulumi.StringOutput),
			Target: &iam.ProjectsPolicyBindingTargetArgs{
				PrincipalSet: pulumi.Sprintf("//cloudresourcemanager.googleapis.com/projects/%v", project.ProjectId),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			wait60Seconds,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Time = Pulumi.Time;

return await Deployment.RunAsync(() => 
{
    var project = Gcp.Organizations.GetProject.Invoke();

    var pabPolicy = new Gcp.Iam.PrincipalAccessBoundaryPolicy("pab_policy", new()
    {
        Organization = "123456789",
        Location = "global",
        DisplayName = "binding for all principals in the project",
        PrincipalAccessBoundaryPolicyId = "my-pab-policy",
    });

    var wait60Seconds = new Time.Index.Sleep("wait_60_seconds", new()
    {
        CreateDuration = "60s",
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            pabPolicy,
        },
    });

    var binding_for_all_project_principals = new Gcp.Iam.ProjectsPolicyBinding("binding-for-all-project-principals", new()
    {
        Project = project.Apply(getProjectResult => getProjectResult.ProjectId),
        Location = "global",
        DisplayName = "binding for all principals in the project",
        PolicyKind = "PRINCIPAL_ACCESS_BOUNDARY",
        PolicyBindingId = "binding-for-all-project-principals",
        Policy = pabPolicy.PrincipalAccessBoundaryPolicyId.Apply(principalAccessBoundaryPolicyId => $"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principalAccessBoundaryPolicyId}"),
        Target = new Gcp.Iam.Inputs.ProjectsPolicyBindingTargetArgs
        {
            PrincipalSet = $"//cloudresourcemanager.googleapis.com/projects/{project.Apply(getProjectResult => getProjectResult.ProjectId)}",
        },
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            wait60Seconds,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicy;
import com.pulumi.gcp.iam.PrincipalAccessBoundaryPolicyArgs;
import com.pulumi.time.sleep;
import com.pulumi.time.SleepArgs;
import com.pulumi.gcp.iam.ProjectsPolicyBinding;
import com.pulumi.gcp.iam.ProjectsPolicyBindingArgs;
import com.pulumi.gcp.iam.inputs.ProjectsPolicyBindingTargetArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var project = OrganizationsFunctions.getProject();

        var pabPolicy = new PrincipalAccessBoundaryPolicy("pabPolicy", PrincipalAccessBoundaryPolicyArgs.builder()
            .organization("123456789")
            .location("global")
            .displayName("binding for all principals in the project")
            .principalAccessBoundaryPolicyId("my-pab-policy")
            .build());

        var wait60Seconds = new Sleep("wait60Seconds", SleepArgs.builder()
            .createDuration("60s")
            .build(), CustomResourceOptions.builder()
                .dependsOn(pabPolicy)
                .build());

        var binding_for_all_project_principals = new ProjectsPolicyBinding("binding-for-all-project-principals", ProjectsPolicyBindingArgs.builder()
            .project(project.applyValue(getProjectResult -> getProjectResult.projectId()))
            .location("global")
            .displayName("binding for all principals in the project")
            .policyKind("PRINCIPAL_ACCESS_BOUNDARY")
            .policyBindingId("binding-for-all-project-principals")
            .policy(pabPolicy.principalAccessBoundaryPolicyId().applyValue(principalAccessBoundaryPolicyId -> String.format("organizations/123456789/locations/global/principalAccessBoundaryPolicies/%s", principalAccessBoundaryPolicyId)))
            .target(ProjectsPolicyBindingTargetArgs.builder()
                .principalSet(String.format("//cloudresourcemanager.googleapis.com/projects/%s", project.applyValue(getProjectResult -> getProjectResult.projectId())))
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(wait60Seconds)
                .build());

    }
}

resources:
  pabPolicy:
    type: gcp:iam:PrincipalAccessBoundaryPolicy
    name: pab_policy
    properties:
      organization: '123456789'
      location: global
      displayName: binding for all principals in the project
      principalAccessBoundaryPolicyId: my-pab-policy
  wait60Seconds:
    type: time:sleep
    name: wait_60_seconds
    properties:
      createDuration: 60s
    options:
      dependsOn:
        - ${pabPolicy}
  binding-for-all-project-principals:
    type: gcp:iam:ProjectsPolicyBinding
    properties:
      project: ${project.projectId}
      location: global
      displayName: binding for all principals in the project
      policyKind: PRINCIPAL_ACCESS_BOUNDARY
      policyBindingId: binding-for-all-project-principals
      policy: organizations/123456789/locations/global/principalAccessBoundaryPolicies/${pabPolicy.principalAccessBoundaryPolicyId}
      target:
        principalSet: //cloudresourcemanager.googleapis.com/projects/${project.projectId}
    options:
      dependsOn:
        - ${wait60Seconds}
variables:
  project:
    fn::invoke:
      function: gcp:organizations:getProject
      arguments: {}

Create ProjectsPolicyBinding Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ProjectsPolicyBinding(name: string, args: ProjectsPolicyBindingArgs, opts?: CustomResourceOptions);

@overload
def ProjectsPolicyBinding(resource_name: str,
                          args: ProjectsPolicyBindingArgs,
                          opts: Optional[ResourceOptions] = None)

@overload
def ProjectsPolicyBinding(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          location: Optional[str] = None,
                          policy: Optional[str] = None,
                          policy_binding_id: Optional[str] = None,
                          target: Optional[ProjectsPolicyBindingTargetArgs] = None,
                          annotations: Optional[Mapping[str, str]] = None,
                          condition: Optional[ProjectsPolicyBindingConditionArgs] = None,
                          display_name: Optional[str] = None,
                          policy_kind: Optional[str] = None,
                          project: Optional[str] = None)

func NewProjectsPolicyBinding(ctx *Context, name string, args ProjectsPolicyBindingArgs, opts ...ResourceOption) (*ProjectsPolicyBinding, error)

public ProjectsPolicyBinding(string name, ProjectsPolicyBindingArgs args, CustomResourceOptions? opts = null)

public ProjectsPolicyBinding(String name, ProjectsPolicyBindingArgs args)
public ProjectsPolicyBinding(String name, ProjectsPolicyBindingArgs args, CustomResourceOptions options)

type: gcp:iam:ProjectsPolicyBinding
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ProjectsPolicyBindingArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ProjectsPolicyBindingArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ProjectsPolicyBindingArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ProjectsPolicyBindingArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ProjectsPolicyBindingArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var projectsPolicyBindingResource = new Gcp.Iam.ProjectsPolicyBinding("projectsPolicyBindingResource", new()
{
    Location = "string",
    Policy = "string",
    PolicyBindingId = "string",
    Target = new Gcp.Iam.Inputs.ProjectsPolicyBindingTargetArgs
    {
        PrincipalSet = "string",
    },
    Annotations = 
    {
        { "string", "string" },
    },
    Condition = new Gcp.Iam.Inputs.ProjectsPolicyBindingConditionArgs
    {
        Description = "string",
        Expression = "string",
        Location = "string",
        Title = "string",
    },
    DisplayName = "string",
    PolicyKind = "string",
    Project = "string",
});

example, err := iam.NewProjectsPolicyBinding(ctx, "projectsPolicyBindingResource", &iam.ProjectsPolicyBindingArgs{
	Location:        pulumi.String("string"),
	Policy:          pulumi.String("string"),
	PolicyBindingId: pulumi.String("string"),
	Target: &iam.ProjectsPolicyBindingTargetArgs{
		PrincipalSet: pulumi.String("string"),
	},
	Annotations: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	Condition: &iam.ProjectsPolicyBindingConditionArgs{
		Description: pulumi.String("string"),
		Expression:  pulumi.String("string"),
		Location:    pulumi.String("string"),
		Title:       pulumi.String("string"),
	},
	DisplayName: pulumi.String("string"),
	PolicyKind:  pulumi.String("string"),
	Project:     pulumi.String("string"),
})

var projectsPolicyBindingResource = new ProjectsPolicyBinding("projectsPolicyBindingResource", ProjectsPolicyBindingArgs.builder()
    .location("string")
    .policy("string")
    .policyBindingId("string")
    .target(ProjectsPolicyBindingTargetArgs.builder()
        .principalSet("string")
        .build())
    .annotations(Map.of("string", "string"))
    .condition(ProjectsPolicyBindingConditionArgs.builder()
        .description("string")
        .expression("string")
        .location("string")
        .title("string")
        .build())
    .displayName("string")
    .policyKind("string")
    .project("string")
    .build());

projects_policy_binding_resource = gcp.iam.ProjectsPolicyBinding("projectsPolicyBindingResource",
    location="string",
    policy="string",
    policy_binding_id="string",
    target={
        "principal_set": "string",
    },
    annotations={
        "string": "string",
    },
    condition={
        "description": "string",
        "expression": "string",
        "location": "string",
        "title": "string",
    },
    display_name="string",
    policy_kind="string",
    project="string")

const projectsPolicyBindingResource = new gcp.iam.ProjectsPolicyBinding("projectsPolicyBindingResource", {
    location: "string",
    policy: "string",
    policyBindingId: "string",
    target: {
        principalSet: "string",
    },
    annotations: {
        string: "string",
    },
    condition: {
        description: "string",
        expression: "string",
        location: "string",
        title: "string",
    },
    displayName: "string",
    policyKind: "string",
    project: "string",
});

type: gcp:iam:ProjectsPolicyBinding
properties:
    annotations:
        string: string
    condition:
        description: string
        expression: string
        location: string
        title: string
    displayName: string
    location: string
    policy: string
    policyBindingId: string
    policyKind: string
    project: string
    target:
        principalSet: string

ProjectsPolicyBinding Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ProjectsPolicyBinding resource accepts the following input properties:

Location string: The location of the Policy Binding
Policy string: Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
PolicyBindingId string: The Policy Binding ID.
Target ProjectsPolicyBindingTarget: Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
Annotations Dictionary<string, string>: Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
Condition ProjectsPolicyBindingCondition: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
DisplayName string: Optional. The description of the policy binding. Must be less than or equal to 63 characters.
PolicyKind string: Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
Project string

Location string: The location of the Policy Binding
Policy string: Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
PolicyBindingId string: The Policy Binding ID.
Target ProjectsPolicyBindingTargetArgs: Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
Annotations map[string]string: Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
Condition ProjectsPolicyBindingConditionArgs: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
DisplayName string: Optional. The description of the policy binding. Must be less than or equal to 63 characters.
PolicyKind string: Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
Project string

location String: The location of the Policy Binding
policy String: Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
policyBindingId String: The Policy Binding ID.
target ProjectsPolicyBindingTarget: Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
annotations Map<String,String>: Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
condition ProjectsPolicyBindingCondition: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
displayName String: Optional. The description of the policy binding. Must be less than or equal to 63 characters.
policyKind String: Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
project String

location string: The location of the Policy Binding
policy string: Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
policyBindingId string: The Policy Binding ID.
target ProjectsPolicyBindingTarget: Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
annotations {[key: string]: string}: Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
condition ProjectsPolicyBindingCondition: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
displayName string: Optional. The description of the policy binding. Must be less than or equal to 63 characters.
policyKind string: Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
project string

location str: The location of the Policy Binding
policy str: Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
policy_binding_id str: The Policy Binding ID.
target ProjectsPolicyBindingTargetArgs: Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
annotations Mapping[str, str]: Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
condition ProjectsPolicyBindingConditionArgs: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
display_name str: Optional. The description of the policy binding. Must be less than or equal to 63 characters.
policy_kind str: Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
project str

location String: The location of the Policy Binding
policy String: Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
policyBindingId String: The Policy Binding ID.
target Property Map: Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
annotations Map<String>: Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
condition Property Map: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
displayName String: Optional. The description of the policy binding. Must be less than or equal to 63 characters.
policyKind String: Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
project String

Outputs

All input properties are implicitly available as output properties. Additionally, the ProjectsPolicyBinding resource produces the following output properties:

CreateTime string: Output only. The time when the policy binding was created.
EffectiveAnnotations Dictionary<string, string>
Etag string: Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
Id string: The provider-assigned unique ID for this managed resource.
Name string: The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
PolicyUid string: Output only. The globally unique ID of the policy to be bound.
Uid string: Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
UpdateTime string: Output only. The time when the policy binding was most recently updated.

CreateTime string: Output only. The time when the policy binding was created.
EffectiveAnnotations map[string]string
Etag string: Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
Id string: The provider-assigned unique ID for this managed resource.
Name string: The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
PolicyUid string: Output only. The globally unique ID of the policy to be bound.
Uid string: Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
UpdateTime string: Output only. The time when the policy binding was most recently updated.

createTime String: Output only. The time when the policy binding was created.
effectiveAnnotations Map<String,String>
etag String: Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
id String: The provider-assigned unique ID for this managed resource.
name String: The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
policyUid String: Output only. The globally unique ID of the policy to be bound.
uid String: Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
updateTime String: Output only. The time when the policy binding was most recently updated.

createTime string: Output only. The time when the policy binding was created.
effectiveAnnotations {[key: string]: string}
etag string: Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
id string: The provider-assigned unique ID for this managed resource.
name string: The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
policyUid string: Output only. The globally unique ID of the policy to be bound.
uid string: Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
updateTime string: Output only. The time when the policy binding was most recently updated.

create_time str: Output only. The time when the policy binding was created.
effective_annotations Mapping[str, str]
etag str: Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
id str: The provider-assigned unique ID for this managed resource.
name str: The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
policy_uid str: Output only. The globally unique ID of the policy to be bound.
uid str: Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
update_time str: Output only. The time when the policy binding was most recently updated.

createTime String: Output only. The time when the policy binding was created.
effectiveAnnotations Map<String>
etag String: Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
id String: The provider-assigned unique ID for this managed resource.
name String: The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
policyUid String: Output only. The globally unique ID of the policy to be bound.
uid String: Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
updateTime String: Output only. The time when the policy binding was most recently updated.

Look up Existing ProjectsPolicyBinding Resource

Get an existing ProjectsPolicyBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ProjectsPolicyBindingState, opts?: CustomResourceOptions): ProjectsPolicyBinding

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        annotations: Optional[Mapping[str, str]] = None,
        condition: Optional[ProjectsPolicyBindingConditionArgs] = None,
        create_time: Optional[str] = None,
        display_name: Optional[str] = None,
        effective_annotations: Optional[Mapping[str, str]] = None,
        etag: Optional[str] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        policy: Optional[str] = None,
        policy_binding_id: Optional[str] = None,
        policy_kind: Optional[str] = None,
        policy_uid: Optional[str] = None,
        project: Optional[str] = None,
        target: Optional[ProjectsPolicyBindingTargetArgs] = None,
        uid: Optional[str] = None,
        update_time: Optional[str] = None) -> ProjectsPolicyBinding

func GetProjectsPolicyBinding(ctx *Context, name string, id IDInput, state *ProjectsPolicyBindingState, opts ...ResourceOption) (*ProjectsPolicyBinding, error)

public static ProjectsPolicyBinding Get(string name, Input<string> id, ProjectsPolicyBindingState? state, CustomResourceOptions? opts = null)

public static ProjectsPolicyBinding get(String name, Output<String> id, ProjectsPolicyBindingState state, CustomResourceOptions options)

resources:  _:    type: gcp:iam:ProjectsPolicyBinding    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Annotations Dictionary<string, string>: Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
Condition ProjectsPolicyBindingCondition: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
CreateTime string: Output only. The time when the policy binding was created.
DisplayName string: Optional. The description of the policy binding. Must be less than or equal to 63 characters.
EffectiveAnnotations Dictionary<string, string>
Etag string: Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
Location string: The location of the Policy Binding
Name string: The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
Policy string: Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
PolicyBindingId string: The Policy Binding ID.
PolicyKind string: Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
PolicyUid string: Output only. The globally unique ID of the policy to be bound.
Project string
Target ProjectsPolicyBindingTarget: Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
Uid string: Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
UpdateTime string: Output only. The time when the policy binding was most recently updated.

Annotations map[string]string: Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
Condition ProjectsPolicyBindingConditionArgs: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
CreateTime string: Output only. The time when the policy binding was created.
DisplayName string: Optional. The description of the policy binding. Must be less than or equal to 63 characters.
EffectiveAnnotations map[string]string
Etag string: Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
Location string: The location of the Policy Binding
Name string: The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
Policy string: Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
PolicyBindingId string: The Policy Binding ID.
PolicyKind string: Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
PolicyUid string: Output only. The globally unique ID of the policy to be bound.
Project string
Target ProjectsPolicyBindingTargetArgs: Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
Uid string: Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
UpdateTime string: Output only. The time when the policy binding was most recently updated.

annotations Map<String,String>: Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
condition ProjectsPolicyBindingCondition: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
createTime String: Output only. The time when the policy binding was created.
displayName String: Optional. The description of the policy binding. Must be less than or equal to 63 characters.
effectiveAnnotations Map<String,String>
etag String: Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
location String: The location of the Policy Binding
name String: The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
policy String: Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
policyBindingId String: The Policy Binding ID.
policyKind String: Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
policyUid String: Output only. The globally unique ID of the policy to be bound.
project String
target ProjectsPolicyBindingTarget: Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
uid String: Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
updateTime String: Output only. The time when the policy binding was most recently updated.

annotations {[key: string]: string}: Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
condition ProjectsPolicyBindingCondition: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
createTime string: Output only. The time when the policy binding was created.
displayName string: Optional. The description of the policy binding. Must be less than or equal to 63 characters.
effectiveAnnotations {[key: string]: string}
etag string: Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
location string: The location of the Policy Binding
name string: The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
policy string: Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
policyBindingId string: The Policy Binding ID.
policyKind string: Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
policyUid string: Output only. The globally unique ID of the policy to be bound.
project string
target ProjectsPolicyBindingTarget: Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
uid string: Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
updateTime string: Output only. The time when the policy binding was most recently updated.

annotations Mapping[str, str]: Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
condition ProjectsPolicyBindingConditionArgs: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
create_time str: Output only. The time when the policy binding was created.
display_name str: Optional. The description of the policy binding. Must be less than or equal to 63 characters.
effective_annotations Mapping[str, str]
etag str: Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
location str: The location of the Policy Binding
name str: The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
policy str: Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
policy_binding_id str: The Policy Binding ID.
policy_kind str: Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
policy_uid str: Output only. The globally unique ID of the policy to be bound.
project str
target ProjectsPolicyBindingTargetArgs: Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
uid str: Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
update_time str: Output only. The time when the policy binding was most recently updated.

annotations Map<String>: Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field 'effective_annotations' for all of the annotations present on the resource.
condition Property Map: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
createTime String: Output only. The time when the policy binding was created.
displayName String: Optional. The description of the policy binding. Must be less than or equal to 63 characters.
effectiveAnnotations Map<String>
etag String: Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
location String: The location of the Policy Binding
name String: The name of the policy binding in the format {binding_parent/locations/{location}/policyBindings/{policy_binding_id}
policy String: Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
policyBindingId String: The Policy Binding ID.
policyKind String: Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind Possible values: POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
policyUid String: Output only. The globally unique ID of the policy to be bound.
project String
target Property Map: Target is the full resource name of the resource to which the policy will be bound. Immutable once set. Structure is documented below.
uid String: Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
updateTime String: Output only. The time when the policy binding was most recently updated.

Supporting Types

ProjectsPolicyBindingCondition, ProjectsPolicyBindingConditionArgs

Description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string: Textual representation of an expression in Common Expression Language syntax.
Location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

Description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
Expression string: Textual representation of an expression in Common Expression Language syntax.
Location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
Title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression String: Textual representation of an expression in Common Expression Language syntax.
location String: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title String: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description string: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression string: Textual representation of an expression in Common Expression Language syntax.
location string: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title string: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description str: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression str: Textual representation of an expression in Common Expression Language syntax.
location str: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title str: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

description String: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
expression String: Textual representation of an expression in Common Expression Language syntax.
location String: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
title String: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.