hcp organizations iam set-policy
Command: hcp organizations iam set-policy
The hcp organizations iam set-policy command sets the IAM policy for the
organization. Setting the entire policy must be done with great care. If adding
or removing a single principal from the policy, prefer using hcp organizations
iam add-binding and the related hcp organizations iam delete-binding.
The policy file is expected to be a file encoded in JSON that contains the IAM policy.
The format for the policy JSON file is an object with the following format:
{{ "bindings": [ { "role_id": "ROLE_ID", "members": [ { "member_id": "PRINCIPAL_ID", "member_type": "USER" | "GROUP" | "SERVICE_PRINCIPAL" } ] } ], "etag": "ETAG"}If set, the etag of the policy must be equal to that of the existing policy. To
view the existing policy and its etag, run hcp organizations iam read-policy
--format=json. If unset, the existing policy's etag will be fetched and used.
Usage
$ hcp organizations iam set-policy --policy-file=PATH [Optional Flags]Examples
Set the IAM Policy for the organization:
$ cat >policy.json <<EOF{ "bindings": [ { "role_id": "roles/viewer", "members": [ { "member_id": "97e2c752-4285-419e-a5cc-bf05ce811d7d", "member_type": "USER" }, { "member_id": "334514c1-4650-4699-891a-a7261fba9607", "member_type": "GROUP" } ] }, { "role_id": "roles/admin", "members": [ { "member_id": "efa07942-17e8-4ef4-ae2d-ec51d32a0767", "member_type": "SERVICE_PRINCIPAL" } ] } ], "etag": "14124142"}EOF$ hcp organizations iam set-policy --policy-file=policy.jsonRequired flags
--policy-file=PATH- The path to a file containing an IAM policy object.