hcp projects iam set-policy
Command: hcp projects iam set-policy
The hcp projects iam set-policy command sets the IAM policy for the project,
given a project ID and a file encoded in JSON that contains the IAM policy. If
adding or removing a single principal from the policy, prefer using hcp
projects iam add-binding and the related hcp projects iam delete-binding.
The policy file is expected to be a file encoded in JSON that contains the IAM policy.
The format for the policy JSON file is an object with the following format:
{ "bindings": [ { "role_id": "ROLE_ID", "members": [ { "member_id": "PRINCIPAL_ID", "member_type": "USER" | "GROUP" | "SERVICE_PRINCIPAL" } ] } ], "etag": "ETAG"}If set, the etag of the policy must be equal to that of the existing policy. To
view the existing policy and its etag, run hcp projects iam read-policy
--format=json. If unset, the existing policy's etag will be fetched and used.
Usage
$ hcp projects iam set-policy --policy-file=PATH [Optional Flags]Examples
Set the IAM Policy for a project:
$ cat >policy.json <<EOF{ "bindings": [ { "role_id": "roles/viewer", "members": [ { "member_id": "97e2c752-4285-419e-a5cc-bf05ce811d7d", "member_type": "USER" }, { "member_id": "334514c1-4650-4699-891a-a7261fba9607", "member_type": "GROUP" } ] }, { "role_id": "roles/admin", "members": [ { "member_id": "efa07942-17e8-4ef4-ae2d-ec51d32a0767", "member_type": "SERVICE_PRINCIPAL" } ] } ], "etag": "14124142"}EOF$ hcp projects iam set-policy \ --policy-file=policy.json \ --project=8647ae06-ca65-467a-b72d-edba1f908fc8Required flags
--policy-file=PATH- The path to a file containing an IAM policy object.