Add new resource iam_projects_policy_binding. addresses #20198 (#12302) (#20438)

[upstream:bd1c0c0ca95b750d88a138997f5ef26dbac35db0]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/12302.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+`google_iam_projects_policy_binding` (beta)
+```

google/services/iam3/resource_iam_projects_policy_binding_test.go

@@ -0,0 +1,3 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+package iam3_test

website/docs/r/iam_projects_policy_binding.html.markdown

@@ -0,0 +1,228 @@
+---
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in
+#     .github/CONTRIBUTING.md.
+#
+# ----------------------------------------------------------------------------
+subcategory: "Cloud IAM"
+description: |-
+  A policy binding to a Project
+---
+
+# google_iam_projects_policy_binding
+
+A policy binding to a Project
+
+~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
+See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.
+
+To get more information about ProjectsPolicyBinding, see:
+
+* [API documentation](https://cloud.google.com/iam/docs/reference/rest/v3beta/projects.locations.policyBindings)
+* How-to Guides
+    * [Apply a policy binding](https://cloud.google.com/iam/docs/principal-access-boundary-policies-create#create_binding)
+
+## Example Usage - Iam Projects Policy Binding
+
+
+```hcl
+data "google_project" "project" {
+  provider = google-beta
+}
+
+resource "google_iam_principal_access_boundary_policy" "pab_policy" {
+  provider = google-beta
+  organization   = "123456789"
+  location       = "global"
+  display_name   = "test project binding"
+  principal_access_boundary_policy_id = "my-pab-policy"
+}
+
+resource "google_iam_projects_policy_binding" "my-project-binding" {
+  provider = google-beta
+  project        = data.google_project.project.project_id
+  location       = "global"
+  display_name   = "test project binding"
+  policy_kind    = "PRINCIPAL_ACCESS_BOUNDARY"
+  policy_binding_id = "test-project-binding"
+  policy         = "organizations/123456789/locations/global/principalAccessBoundaryPolicies/${google_iam_principal_access_boundary_policy.pab_policy.principal_access_boundary_policy_id}"
+  target {
+    principal_set = "//cloudresourcemanager.googleapis.com/projects/${data.google_project.project.project_id}"
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+
+* `target` -
+  (Required)
+  Target is the full resource name of the resource to which the policy will be bound. Immutable once set.
+  Structure is [documented below](#nested_target).
+
+* `policy` -
+  (Required)
+  Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same Organization (or Project).
+
+* `location` -
+  (Required)
+  The location of the Policy Binding
+
+* `policy_binding_id` -
+  (Required)
+  The Policy Binding ID.
+
+
+<a name="nested_target"></a>The `target` block supports:
+
+* `principal_set` -
+  (Optional)
+  Required. Immutable. The resource name of the policy to be bound.
+  The binding parent and policy must belong to the same Organization (or Project).
+
+- - -
+
+
+* `display_name` -
+  (Optional)
+  Optional. The description of the policy binding. Must be less than or equal to 63 characters.
+
+* `annotations` -
+  (Optional)
+  Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations
+
+  **Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.
+  Please refer to the field `effective_annotations` for all of the annotations present on the resource.
+
+* `policy_kind` -
+  (Optional)
+  Immutable. The kind of the policy to attach in this binding. This
+  field must be one of the following:  - Left empty (will be automatically set
+  to the policy kind) - The input policy kind   Possible values:  POLICY_KIND_UNSPECIFIED PRINCIPAL_ACCESS_BOUNDARY ACCESS
+
+* `condition` -
+  (Optional)
+  Represents a textual expression in the Common Expression Language
+  (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of
+  CEL are documented at https://github.com/google/cel-spec.
+  Example (Comparison):
+  title: \"Summary size limit\"
+  description: \"Determines if a summary is less than 100 chars\"
+  expression: \"document.summary.size() < 100\"
+  Example
+  (Equality):
+  title: \"Requestor is owner\"
+  description: \"Determines if requestor is the document owner\"
+  expression: \"document.owner == request.auth.claims.email\"  Example
+  (Logic):
+  title: \"Public documents\"
+  description: \"Determine whether the document should be publicly visible\"
+  expression: \"document.type != 'private' && document.type != 'internal'\"
+  Example (Data Manipulation):
+  title: \"Notification string\"
+  description: \"Create a notification string with a timestamp.\"
+  expression: \"'New message received at ' + string(document.create_time)\"
+  The exact variables and functions that may be referenced within an expression are
+  determined by the service that evaluates it. See the service documentation for
+  additional information.
+  Structure is [documented below](#nested_condition).
+
+* `project` - (Optional) The ID of the project in which the resource belongs.
+    If it is not provided, the provider project is used.
+
+
+<a name="nested_condition"></a>The `condition` block supports:
+
+* `expression` -
+  (Optional)
+  Textual representation of an expression in Common Expression Language syntax.
+
+* `title` -
+  (Optional)
+  Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
+
+* `description` -
+  (Optional)
+  Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
+
+* `location` -
+  (Optional)
+  Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
+
+## Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are exported:
+
+* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/policyBindings/{{policy_binding_id}}`
+
+* `name` -
+  The name of the policy binding in the format `{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`
+
+* `uid` -
+  Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.
+
+* `etag` -
+  Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.
+
+* `policy_uid` -
+  Output only. The globally unique ID of the policy to be bound.
+
+* `create_time` -
+  Output only. The time when the policy binding was created.
+
+* `update_time` -
+  Output only. The time when the policy binding was most recently updated.
+
+* `effective_annotations` -
+  All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
+
+
+## Timeouts
+
+This resource provides the following
+[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
+
+- `create` - Default is 20 minutes.
+- `update` - Default is 20 minutes.
+- `delete` - Default is 20 minutes.
+
+## Import
+
+
+ProjectsPolicyBinding can be imported using any of these accepted formats:
+
+* `projects/{{project}}/locations/{{location}}/policyBindings/{{policy_binding_id}}`
+* `{{project}}/{{location}}/{{policy_binding_id}}`
+* `{{location}}/{{policy_binding_id}}`
+
+
+In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import ProjectsPolicyBinding using one of the formats above. For example:
+
+```tf
+import {
+  id = "projects/{{project}}/locations/{{location}}/policyBindings/{{policy_binding_id}}"
+  to = google_iam_projects_policy_binding.default
+}
+```
+
+When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), ProjectsPolicyBinding can be imported using one of the formats above. For example:
+
+```
+$ terraform import google_iam_projects_policy_binding.default projects/{{project}}/locations/{{location}}/policyBindings/{{policy_binding_id}}
+$ terraform import google_iam_projects_policy_binding.default {{project}}/{{location}}/{{policy_binding_id}}
+$ terraform import google_iam_projects_policy_binding.default {{location}}/{{policy_binding_id}}
+```
+
+## User Project Overrides
+
+This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).