HashiCorp Cloud Platform
hcp iam groups iam set-policy
Command: hcp iam groups iam set-policy
The hcp iam groups iam set-policy
command sets the IAM policy for the group,
given a group name and a file encoded in JSON that contains the IAM policy. If
adding or removing a single principal from the policy, prefer using hcp iam
groups iam add-binding
and the related hcp iam groups iam delete-binding
.
The policy file is expected to be a file encoded in JSON that contains the IAM policy.
The format for the policy JSON file is an object with the following format:
{
"bindings": [
{
"role_id": "ROLE_ID",
"members": [
{
"member_id": "PRINCIPAL_ID",
"member_type": "USER"
}
]
}
],
"etag": "ETAG"
}
If set, the etag of the policy must be equal to that of the existing policy. To
view the existing policy and its etag, run hcp iam groups iam read-policy
--format=json
. If unset, the existing policy's etag will be fetched and used.
Note that the only supported member_type is USER
and the only supported
role_id is roles/iam.group-manager
".
Usage
$ hcp iam groups iam set-policy --group=NAME --policy-file=PATH [Optional Flags]
Examples
Set the IAM Policy for a group:
$ cat >policy.json <<EOF
{
"bindings": [
{
"role_id": "roles/iam.group-manager",
"members": [
{
"member_id": "97e2c752-4285-419e-a5cc-bf05ce811d7d",
"member_type": "USER"
}
]
},
],
"etag": "14124142"
}
EOF
$ hcp iam groups iam set-policy \
--group=Group-Name
--policy-file=policy.json \
Required flags
-g, --group=NAME
- The name of the group to set the policy on.-p, --policy-file=PATH
- The path to a file containing an IAM policy object.