1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15# Replace ${PROJECT_ID?} below with your desired project ID.
16apiVersion: iam.cnrm.cloud.google.com/v1beta1
17kind: IAMPolicyMember
18metadata:
19 name: iampolicymember-sample-condition
20spec:
21 member: serviceAccount:iampolicymember-dep-condition@${PROJECT_ID?}.iam.gserviceaccount.com
22 role: roles/cloudkms.admin
23 condition:
24 title: expires_after_2019_12_31
25 description: Expires at midnight of 2019-12-31
26 expression: request.time < timestamp("2020-01-01T00:00:00Z")
27 resourceRef:
28 kind: KMSKeyRing
29 name: iampolicymember-dep-condition
View as plain text