IssueTracker

According to the instructions here the only suggested way to enable PAM is via the Cloud Console. I understand from GCP support that enabling PAM at an org or folder level will automatically enable it on all contained folders and projects. This is very useful to ensure that PAM is enabled on new projects automatically.

In order to avoid point-and-click configuration and capture all changes in infra-as-code, it would be very useful to be able to make this change via Terraform. In order to do that, it would first have to be possible to make this change via the API. According to support, this is not yet possible.

I realise that we could iterate over all projects and enable the PAM API on each one, but this is not a direct equivalent.

Even without Terraform support, a run-book or script that has gcloud commands to execute would be a big improvement over a GUI setup.

In summary, please allow enabling of PAM at org or folder level via:

• gcloud CLI
• API
• Terraform provider