1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: iam.cnrm.cloud.google.com/v1beta1
16kind: IAMPolicy
17metadata:
18 labels:
19 label-one: value-one
20 name: iampolicy-sample-condition
21spec:
22 resourceRef:
23 kind: KMSKeyRing
24 name: iampolicy-dep-condition
25 bindings:
26 - role: roles/cloudkms.admin
27 condition:
28 title: expires_after_2019_12_31
29 description: Expires at midnight of 2019-12-31
30 expression: request.time < timestamp("2020-01-01T00:00:00Z")
31 members:
32 # replace ${PROJECT_ID?} with your project name
33 - serviceAccount:iampolicy-dep-condition@${PROJECT_ID?}.iam.gserviceaccount.com
View as plain text