Docs Home
athenz 1.0.45 published on Tuesday, Apr 15, 2025 by athenz
athenz.Policy
Explore with Pulumi AI
athenz.Policy provides an Athenz policy resource.
Example Usage
IMPORTANT NOTE: please do NOT use json syntax but only hcl syntax
import * as pulumi from "@pulumi/pulumi";
import * as athenz from "@pulumi/athenz";
const fooPolicy = new athenz.Policy("fooPolicy", {
assertions: [
{
action: "some_action",
effect: "ALLOW",
resource: "some_domain:some_resource",
role: "some_role_name",
},
{
action: "SOME_ACTION",
caseSensitive: true,
effect: "ALLOW",
resource: "some_domain:some_resource",
role: "some_role_name",
},
],
auditRef: "create policy",
domain: "some_domain",
});
import pulumi
import pulumi_athenz as athenz
foo_policy = athenz.Policy("fooPolicy",
assertions=[
{
"action": "some_action",
"effect": "ALLOW",
"resource": "some_domain:some_resource",
"role": "some_role_name",
},
{
"action": "SOME_ACTION",
"case_sensitive": True,
"effect": "ALLOW",
"resource": "some_domain:some_resource",
"role": "some_role_name",
},
],
audit_ref="create policy",
domain="some_domain")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := athenz.NewPolicy(ctx, "fooPolicy", &athenz.PolicyArgs{
Assertions: athenz.PolicyAssertionArray{
&athenz.PolicyAssertionArgs{
Action: pulumi.String("some_action"),
Effect: pulumi.String("ALLOW"),
Resource: pulumi.String("some_domain:some_resource"),
Role: pulumi.String("some_role_name"),
},
&athenz.PolicyAssertionArgs{
Action: pulumi.String("SOME_ACTION"),
CaseSensitive: pulumi.Bool(true),
Effect: pulumi.String("ALLOW"),
Resource: pulumi.String("some_domain:some_resource"),
Role: pulumi.String("some_role_name"),
},
},
AuditRef: pulumi.String("create policy"),
Domain: pulumi.String("some_domain"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Athenz = Pulumi.Athenz;
return await Deployment.RunAsync(() =>
{
var fooPolicy = new Athenz.Policy("fooPolicy", new()
{
Assertions = new[]
{
new Athenz.Inputs.PolicyAssertionArgs
{
Action = "some_action",
Effect = "ALLOW",
Resource = "some_domain:some_resource",
Role = "some_role_name",
},
new Athenz.Inputs.PolicyAssertionArgs
{
Action = "SOME_ACTION",
CaseSensitive = true,
Effect = "ALLOW",
Resource = "some_domain:some_resource",
Role = "some_role_name",
},
},
AuditRef = "create policy",
Domain = "some_domain",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.athenz.Policy;
import com.pulumi.athenz.PolicyArgs;
import com.pulumi.athenz.inputs.PolicyAssertionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var fooPolicy = new Policy("fooPolicy", PolicyArgs.builder()
.assertions(
PolicyAssertionArgs.builder()
.action("some_action")
.effect("ALLOW")
.resource("some_domain:some_resource")
.role("some_role_name")
.build(),
PolicyAssertionArgs.builder()
.action("SOME_ACTION")
.caseSensitive(true)
.effect("ALLOW")
.resource("some_domain:some_resource")
.role("some_role_name")
.build())
.auditRef("create policy")
.domain("some_domain")
.build());
}
}
resources:
fooPolicy:
type: athenz:Policy
properties:
assertions:
- action: some_action
effect: ALLOW
resource: some_domain:some_resource
role: some_role_name
- action: SOME_ACTION
caseSensitive: true
effect: ALLOW
resource: some_domain:some_resource
role: some_role_name
auditRef: create policy
domain: some_domain
Create Policy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);@overload
def Policy(resource_name: str,
args: PolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Policy(resource_name: str,
opts: Optional[ResourceOptions] = None,
domain: Optional[str] = None,
assertions: Optional[Sequence[PolicyAssertionArgs]] = None,
audit_ref: Optional[str] = None,
name: Optional[str] = None,
policy_id: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)
public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)
type: athenz:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyResource = new Athenz.Policy("policyResource", new()
{
Domain = "string",
Assertions = new[]
{
new Athenz.Inputs.PolicyAssertionArgs
{
Action = "string",
Effect = "string",
Resource = "string",
Role = "string",
CaseSensitive = false,
Conditions = new[]
{
new Athenz.Inputs.PolicyAssertionConditionArgs
{
Enforcementstate = new Athenz.Inputs.PolicyAssertionConditionEnforcementstateArgs
{
Value = "string",
Operator = 0,
},
Instances = new Athenz.Inputs.PolicyAssertionConditionInstancesArgs
{
Value = "string",
Operator = 0,
},
Scopeall = new Athenz.Inputs.PolicyAssertionConditionScopeallArgs
{
Value = "string",
Operator = 0,
},
Scopeaws = new Athenz.Inputs.PolicyAssertionConditionScopeawsArgs
{
Value = "string",
Operator = 0,
},
Scopeonprem = new Athenz.Inputs.PolicyAssertionConditionScopeonpremArgs
{
Value = "string",
Operator = 0,
},
Id = 0,
},
},
Id = 0,
},
},
AuditRef = "string",
Name = "string",
PolicyId = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := athenz.NewPolicy(ctx, "policyResource", &athenz.PolicyArgs{
Domain: pulumi.String("string"),
Assertions: athenz.PolicyAssertionArray{
&athenz.PolicyAssertionArgs{
Action: pulumi.String("string"),
Effect: pulumi.String("string"),
Resource: pulumi.String("string"),
Role: pulumi.String("string"),
CaseSensitive: pulumi.Bool(false),
Conditions: athenz.PolicyAssertionConditionArray{
&athenz.PolicyAssertionConditionArgs{
Enforcementstate: &athenz.PolicyAssertionConditionEnforcementstateArgs{
Value: pulumi.String("string"),
Operator: pulumi.Float64(0),
},
Instances: &athenz.PolicyAssertionConditionInstancesArgs{
Value: pulumi.String("string"),
Operator: pulumi.Float64(0),
},
Scopeall: &athenz.PolicyAssertionConditionScopeallArgs{
Value: pulumi.String("string"),
Operator: pulumi.Float64(0),
},
Scopeaws: &athenz.PolicyAssertionConditionScopeawsArgs{
Value: pulumi.String("string"),
Operator: pulumi.Float64(0),
},
Scopeonprem: &athenz.PolicyAssertionConditionScopeonpremArgs{
Value: pulumi.String("string"),
Operator: pulumi.Float64(0),
},
Id: pulumi.Float64(0),
},
},
Id: pulumi.Float64(0),
},
},
AuditRef: pulumi.String("string"),
Name: pulumi.String("string"),
PolicyId: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var policyResource = new Policy("policyResource", PolicyArgs.builder()
.domain("string")
.assertions(PolicyAssertionArgs.builder()
.action("string")
.effect("string")
.resource("string")
.role("string")
.caseSensitive(false)
.conditions(PolicyAssertionConditionArgs.builder()
.enforcementstate(PolicyAssertionConditionEnforcementstateArgs.builder()
.value("string")
.operator(0)
.build())
.instances(PolicyAssertionConditionInstancesArgs.builder()
.value("string")
.operator(0)
.build())
.scopeall(PolicyAssertionConditionScopeallArgs.builder()
.value("string")
.operator(0)
.build())
.scopeaws(PolicyAssertionConditionScopeawsArgs.builder()
.value("string")
.operator(0)
.build())
.scopeonprem(PolicyAssertionConditionScopeonpremArgs.builder()
.value("string")
.operator(0)
.build())
.id(0)
.build())
.id(0)
.build())
.auditRef("string")
.name("string")
.policyId("string")
.tags(Map.of("string", "string"))
.build());
policy_resource = athenz.Policy("policyResource",
domain="string",
assertions=[{
"action": "string",
"effect": "string",
"resource": "string",
"role": "string",
"case_sensitive": False,
"conditions": [{
"enforcementstate": {
"value": "string",
"operator": 0,
},
"instances": {
"value": "string",
"operator": 0,
},
"scopeall": {
"value": "string",
"operator": 0,
},
"scopeaws": {
"value": "string",
"operator": 0,
},
"scopeonprem": {
"value": "string",
"operator": 0,
},
"id": 0,
}],
"id": 0,
}],
audit_ref="string",
name="string",
policy_id="string",
tags={
"string": "string",
})
const policyResource = new athenz.Policy("policyResource", {
domain: "string",
assertions: [{
action: "string",
effect: "string",
resource: "string",
role: "string",
caseSensitive: false,
conditions: [{
enforcementstate: {
value: "string",
operator: 0,
},
instances: {
value: "string",
operator: 0,
},
scopeall: {
value: "string",
operator: 0,
},
scopeaws: {
value: "string",
operator: 0,
},
scopeonprem: {
value: "string",
operator: 0,
},
id: 0,
}],
id: 0,
}],
auditRef: "string",
name: "string",
policyId: "string",
tags: {
string: "string",
},
});
type: athenz:Policy
properties:
assertions:
- action: string
caseSensitive: false
conditions:
- enforcementstate:
operator: 0
value: string
id: 0
instances:
operator: 0
value: string
scopeall:
operator: 0
value: string
scopeaws:
operator: 0
value: string
scopeonprem:
operator: 0
value: string
effect: string
id: 0
resource: string
role: string
auditRef: string
domain: string
name: string
policyId: string
tags:
string: string
Policy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Policy resource accepts the following input properties:
- Domain string
- Name of the domain that policy belongs to
- Assertions
List<Policy
Assertion> - A set of assertions that govern usage of resources. where \n\n is \n\n \n\n to \n\n on \n\n.
- Audit
Ref string - Name string
- Name of the policy
- Policy
Id string - The ID of this resource.
- Dictionary<string, string>
- Domain string
- Name of the domain that policy belongs to
- Assertions
[]Policy
Assertion Args - A set of assertions that govern usage of resources. where \n\n is \n\n \n\n to \n\n on \n\n.
- Audit
Ref string - Name string
- Name of the policy
- Policy
Id string - The ID of this resource.
- map[string]string
- domain String
- Name of the domain that policy belongs to
- assertions
List<Policy
Assertion> - A set of assertions that govern usage of resources. where \n\n is \n\n \n\n to \n\n on \n\n.
- audit
Ref String - name String
- Name of the policy
- policy
Id String - The ID of this resource.
- Map<String,String>
- domain string
- Name of the domain that policy belongs to
- assertions
Policy
Assertion[] - A set of assertions that govern usage of resources. where \n\n is \n\n \n\n to \n\n on \n\n.
- audit
Ref string - name string
- Name of the policy
- policy
Id string - The ID of this resource.
- {[key: string]: string}
- domain str
- Name of the domain that policy belongs to
- assertions
Sequence[Policy
Assertion Args] - A set of assertions that govern usage of resources. where \n\n is \n\n \n\n to \n\n on \n\n.
- audit_
ref str - name str
- Name of the policy
- policy_
id str - The ID of this resource.
- Mapping[str, str]
- domain String
- Name of the domain that policy belongs to
- assertions List<Property Map>
- A set of assertions that govern usage of resources. where \n\n is \n\n \n\n to \n\n on \n\n.
- audit
Ref String - name String
- Name of the policy
- policy
Id String - The ID of this resource.
- Map<String>
Outputs
All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Policy Resource
Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
assertions: Optional[Sequence[PolicyAssertionArgs]] = None,
audit_ref: Optional[str] = None,
domain: Optional[str] = None,
name: Optional[str] = None,
policy_id: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None) -> Policyfunc GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)public static Policy get(String name, Output<String> id, PolicyState state, CustomResourceOptions options)resources: _: type: athenz:Policy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Assertions
List<Policy
Assertion> - A set of assertions that govern usage of resources. where \n\n is \n\n \n\n to \n\n on \n\n.
- Audit
Ref string - Domain string
- Name of the domain that policy belongs to
- Name string
- Name of the policy
- Policy
Id string - The ID of this resource.
- Dictionary<string, string>
- Assertions
[]Policy
Assertion Args - A set of assertions that govern usage of resources. where \n\n is \n\n \n\n to \n\n on \n\n.
- Audit
Ref string - Domain string
- Name of the domain that policy belongs to
- Name string
- Name of the policy
- Policy
Id string - The ID of this resource.
- map[string]string
- assertions
List<Policy
Assertion> - A set of assertions that govern usage of resources. where \n\n is \n\n \n\n to \n\n on \n\n.
- audit
Ref String - domain String
- Name of the domain that policy belongs to
- name String
- Name of the policy
- policy
Id String - The ID of this resource.
- Map<String,String>
- assertions
Policy
Assertion[] - A set of assertions that govern usage of resources. where \n\n is \n\n \n\n to \n\n on \n\n.
- audit
Ref string - domain string
- Name of the domain that policy belongs to
- name string
- Name of the policy
- policy
Id string - The ID of this resource.
- {[key: string]: string}
- assertions
Sequence[Policy
Assertion Args] - A set of assertions that govern usage of resources. where \n\n is \n\n \n\n to \n\n on \n\n.
- audit_
ref str - domain str
- Name of the domain that policy belongs to
- name str
- Name of the policy
- policy_
id str - The ID of this resource.
- Mapping[str, str]
- assertions List<Property Map>
- A set of assertions that govern usage of resources. where \n\n is \n\n \n\n to \n\n on \n\n.
- audit
Ref String - domain String
- Name of the domain that policy belongs to
- name String
- Name of the policy
- policy
Id String - The ID of this resource.
- Map<String>
Supporting Types
PolicyAssertion, PolicyAssertionArgs
- Action string
- The action is the domain administrator defined action available for the resource (e.g. read, write, delete).
- Effect string
- The value effect must be either ALLOW or DENY.
- Resource string
- The resource is the YRN of the resource this assertion applies to. MUST provide fully qualified name:
<domain name>:<resource name>
- The resource is the YRN of the resource this assertion applies to. MUST provide fully qualified name:
- Role string
- The name of the role this assertion applies to. MUST be the role name only (without the prefix
<domain name>:role)
- The name of the role this assertion applies to. MUST be the role name only (without the prefix
- Case
Sensitive bool - If true, action and resource will be case-sensitive.
- Conditions
List<Policy
Assertion Condition> - Id double
- The ID of this resource.
- Action string
- The action is the domain administrator defined action available for the resource (e.g. read, write, delete).
- Effect string
- The value effect must be either ALLOW or DENY.
- Resource string
- The resource is the YRN of the resource this assertion applies to. MUST provide fully qualified name:
<domain name>:<resource name>
- The resource is the YRN of the resource this assertion applies to. MUST provide fully qualified name:
- Role string
- The name of the role this assertion applies to. MUST be the role name only (without the prefix
<domain name>:role)
- The name of the role this assertion applies to. MUST be the role name only (without the prefix
- Case
Sensitive bool - If true, action and resource will be case-sensitive.
- Conditions
[]Policy
Assertion Condition - Id float64
- The ID of this resource.
- action String
- The action is the domain administrator defined action available for the resource (e.g. read, write, delete).
- effect String
- The value effect must be either ALLOW or DENY.
- resource String
- The resource is the YRN of the resource this assertion applies to. MUST provide fully qualified name:
<domain name>:<resource name>
- The resource is the YRN of the resource this assertion applies to. MUST provide fully qualified name:
- role String
- The name of the role this assertion applies to. MUST be the role name only (without the prefix
<domain name>:role)
- The name of the role this assertion applies to. MUST be the role name only (without the prefix
- case
Sensitive Boolean - If true, action and resource will be case-sensitive.
- conditions
List<Policy
Assertion Condition> - id Double
- The ID of this resource.
- action string
- The action is the domain administrator defined action available for the resource (e.g. read, write, delete).
- effect string
- The value effect must be either ALLOW or DENY.
- resource string
- The resource is the YRN of the resource this assertion applies to. MUST provide fully qualified name:
<domain name>:<resource name>
- The resource is the YRN of the resource this assertion applies to. MUST provide fully qualified name:
- role string
- The name of the role this assertion applies to. MUST be the role name only (without the prefix
<domain name>:role)
- The name of the role this assertion applies to. MUST be the role name only (without the prefix
- case
Sensitive boolean - If true, action and resource will be case-sensitive.
- conditions
Policy
Assertion Condition[] - id number
- The ID of this resource.
- action str
- The action is the domain administrator defined action available for the resource (e.g. read, write, delete).
- effect str
- The value effect must be either ALLOW or DENY.
- resource str
- The resource is the YRN of the resource this assertion applies to. MUST provide fully qualified name:
<domain name>:<resource name>
- The resource is the YRN of the resource this assertion applies to. MUST provide fully qualified name:
- role str
- The name of the role this assertion applies to. MUST be the role name only (without the prefix
<domain name>:role)
- The name of the role this assertion applies to. MUST be the role name only (without the prefix
- case_
sensitive bool - If true, action and resource will be case-sensitive.
- conditions
Sequence[Policy
Assertion Condition] - id float
- The ID of this resource.
- action String
- The action is the domain administrator defined action available for the resource (e.g. read, write, delete).
- effect String
- The value effect must be either ALLOW or DENY.
- resource String
- The resource is the YRN of the resource this assertion applies to. MUST provide fully qualified name:
<domain name>:<resource name>
- The resource is the YRN of the resource this assertion applies to. MUST provide fully qualified name:
- role String
- The name of the role this assertion applies to. MUST be the role name only (without the prefix
<domain name>:role)
- The name of the role this assertion applies to. MUST be the role name only (without the prefix
- case
Sensitive Boolean - If true, action and resource will be case-sensitive.
- conditions List<Property Map>
- id Number
- The ID of this resource.
PolicyAssertionCondition, PolicyAssertionConditionArgs
- enforcementstate Property Map
- instances Property Map
- scopeall Property Map
- scopeaws Property Map
- scopeonprem Property Map
- id Number
- The ID of this resource.
PolicyAssertionConditionEnforcementstate, PolicyAssertionConditionEnforcementstateArgs
PolicyAssertionConditionInstances, PolicyAssertionConditionInstancesArgs
PolicyAssertionConditionScopeall, PolicyAssertionConditionScopeallArgs
PolicyAssertionConditionScopeaws, PolicyAssertionConditionScopeawsArgs
PolicyAssertionConditionScopeonprem, PolicyAssertionConditionScopeonpremArgs
Package Details
- Repository
- athenz athenz/terraform-provider-athenz
- License
- Notes
- This Pulumi package is based on the
athenzTerraform Provider.