Looking for the setIamPolicy, saw that is possible to set a condition for the policy. For example:
bindings:
- members:
- serviceAccount:my-project-id@appspot.gserviceaccount.com
role: roles/resourcemanager.organizationAdmin
condition:
title: expirable access
description: Does not grant access after Sep 2020
expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
Source: https://cloud.google.com/kms/docs/reference/rest/v1/Policy
I would like to create a custom condition, which the Policy will be removed after the account is removed. Is it possible? Didn't found any example in the link below:
https://cloud.google.com/iam/docs/conditions-overview#attributes
Cloud IAM Conditions is currently in private beta the chances of a community member to be whitelisted for this feature are incredibly low.
I advise you to ask directly to Google if the feature to set IAM policy as a condition is supported