hcp organizations iam set-policy

Command: hcp organizations iam set-policy

The hcp organizations iam set-policy command sets the IAM policy for the organization. Setting the entire policy must be done with great care. If adding or removing a single principal from the policy, prefer using hcp organizations iam add-binding and the related hcp organizations iam delete-binding.

The policy file is expected to be a file encoded in JSON that contains the IAM policy.

The format for the policy JSON file is an object with the following format:

{
{
  "bindings": [
    {
      "role_id": "ROLE_ID",
      "members": [
        {
          "member_id": "PRINCIPAL_ID",
          "member_type": "USER" | "GROUP" | "SERVICE_PRINCIPAL"
        }
      ]
    }
  ],
  "etag": "ETAG"
}

If set, the etag of the policy must be equal to that of the existing policy. To view the existing policy and its etag, run hcp organizations iam read-policy --format=json. If unset, the existing policy's etag will be fetched and used.

Usage

$ hcp organizations iam set-policy --policy-file=PATH [Optional Flags]

Examples

Set the IAM Policy for the organization:

$ cat >policy.json <<EOF
{
  "bindings": [
    {
      "role_id": "roles/viewer",
      "members": [
      {
        "member_id": "97e2c752-4285-419e-a5cc-bf05ce811d7d",
        "member_type": "USER"
      },
      {
        "member_id": "334514c1-4650-4699-891a-a7261fba9607",
        "member_type": "GROUP"
      }
    ]
  },
  {
    "role_id": "roles/admin",
    "members": [
      {
        "member_id": "efa07942-17e8-4ef4-ae2d-ec51d32a0767",
        "member_type": "SERVICE_PRINCIPAL"
      }
    ]
  }
  ],
  "etag": "14124142"
}
EOF
$ hcp organizations iam set-policy --policy-file=policy.json

Required flags

• --policy-file=PATH - The path to a file containing an IAM policy object.