HashiCorp Vault

Pulumi Official
Package maintained by Pulumi
v5.5.0 published on Tuesday, May 31, 2022 by Pulumi

getPolicyDocument

This is a data source which can be used to construct a HCL representation of an Vault policy document, for use with resources which expect policy documents, such as the vault.Policy resource.

Example Usage

using Pulumi;
using Vault = Pulumi.Vault;

class MyStack : Stack
{
    public MyStack()
    {
        var examplePolicyDocument = Output.Create(Vault.GetPolicyDocument.InvokeAsync(new Vault.GetPolicyDocumentArgs
        {
            Rules = 
            {
                new Vault.Inputs.GetPolicyDocumentRuleArgs
                {
                    Path = "secret/*",
                    Capabilities = 
                    {
                        "create",
                        "read",
                        "update",
                        "delete",
                        "list",
                    },
                    Description = "allow all on secrets",
                },
            },
        }));
        var examplePolicy = new Vault.Policy("examplePolicy", new Vault.PolicyArgs
        {
            Policy = examplePolicyDocument.Apply(examplePolicyDocument => examplePolicyDocument.Hcl),
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		examplePolicyDocument, err := vault.GetPolicyDocument(ctx, &GetPolicyDocumentArgs{
			Rules: []GetPolicyDocumentRule{
				GetPolicyDocumentRule{
					Path: "secret/*",
					Capabilities: []string{
						"create",
						"read",
						"update",
						"delete",
						"list",
					},
					Description: pulumi.StringRef("allow all on secrets"),
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = vault.NewPolicy(ctx, "examplePolicy", &vault.PolicyArgs{
			Policy: pulumi.String(examplePolicyDocument.Hcl),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import pulumi_vault as vault

example_policy_document = vault.get_policy_document(rules=[vault.GetPolicyDocumentRuleArgs(
    path="secret/*",
    capabilities=[
        "create",
        "read",
        "update",
        "delete",
        "list",
    ],
    description="allow all on secrets",
)])
example_policy = vault.Policy("examplePolicy", policy=example_policy_document.hcl)
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const examplePolicyDocument = vault.getPolicyDocument({
    rules: [{
        path: "secret/*",
        capabilities: [
            "create",
            "read",
            "update",
            "delete",
            "list",
        ],
        description: "allow all on secrets",
    }],
});
const examplePolicy = new vault.Policy("examplePolicy", {policy: examplePolicyDocument.then(examplePolicyDocument => examplePolicyDocument.hcl)});

Coming soon!

Using getPolicyDocument

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getPolicyDocument(args: GetPolicyDocumentArgs, opts?: InvokeOptions): Promise<GetPolicyDocumentResult>
function getPolicyDocumentOutput(args: GetPolicyDocumentOutputArgs, opts?: InvokeOptions): Output<GetPolicyDocumentResult>
def get_policy_document(rules: Optional[Sequence[GetPolicyDocumentRule]] = None,
                        opts: Optional[InvokeOptions] = None) -> GetPolicyDocumentResult
def get_policy_document_output(rules: Optional[pulumi.Input[Sequence[pulumi.Input[GetPolicyDocumentRuleArgs]]]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetPolicyDocumentResult]
func GetPolicyDocument(ctx *Context, args *GetPolicyDocumentArgs, opts ...InvokeOption) (*GetPolicyDocumentResult, error)
func GetPolicyDocumentOutput(ctx *Context, args *GetPolicyDocumentOutputArgs, opts ...InvokeOption) GetPolicyDocumentResultOutput

> Note: This function is named GetPolicyDocument in the Go SDK.

public static class GetPolicyDocument 
{
    public static Task<GetPolicyDocumentResult> InvokeAsync(GetPolicyDocumentArgs args, InvokeOptions? opts = null)
    public static Output<GetPolicyDocumentResult> Invoke(GetPolicyDocumentInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetPolicyDocumentResult> getPolicyDocument(GetPolicyDocumentArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
Fn::Invoke:
  Function: vault:index/getPolicyDocument:getPolicyDocument
  Arguments:
    # Arguments dictionary

The following arguments are supported:

getPolicyDocument Result

The following output properties are available:

Hcl string

The above arguments serialized as a standard Vault HCL policy document.

Id string

The provider-assigned unique ID for this managed resource.

Rules List<GetPolicyDocumentRule>
Hcl string

The above arguments serialized as a standard Vault HCL policy document.

Id string

The provider-assigned unique ID for this managed resource.

Rules []GetPolicyDocumentRule
hcl String

The above arguments serialized as a standard Vault HCL policy document.

id String

The provider-assigned unique ID for this managed resource.

rules List<GetPolicyDocumentRule>
hcl string

The above arguments serialized as a standard Vault HCL policy document.

id string

The provider-assigned unique ID for this managed resource.

rules GetPolicyDocumentRule[]
hcl str

The above arguments serialized as a standard Vault HCL policy document.

id str

The provider-assigned unique ID for this managed resource.

rules Sequence[GetPolicyDocumentRule]
hcl String

The above arguments serialized as a standard Vault HCL policy document.

id String

The provider-assigned unique ID for this managed resource.

rules List<Property Map>

Supporting Types

GetPolicyDocumentRule

Capabilities List<string>

A list of capabilities that this rule apply to path. For example, ["read", "write"].

Path string

A path in Vault that this rule applies to.

AllowedParameters List<GetPolicyDocumentRuleAllowedParameter>

Whitelists a list of keys and values that are permitted on the given path. See Parameters below.

DeniedParameters List<GetPolicyDocumentRuleDeniedParameter>

Blacklists a list of parameter and values. Any values specified here take precedence over allowed_parameter. See Parameters below.

Description string

Description of the rule. Will be added as a comment to rendered rule.

MaxWrappingTtl string

The maximum allowed TTL that clients can specify for a wrapped response.

MinWrappingTtl string

The minimum allowed TTL that clients can specify for a wrapped response.

RequiredParameters List<string>

A list of parameters that must be specified.

Capabilities []string

A list of capabilities that this rule apply to path. For example, ["read", "write"].

Path string

A path in Vault that this rule applies to.

AllowedParameters []GetPolicyDocumentRuleAllowedParameter

Whitelists a list of keys and values that are permitted on the given path. See Parameters below.

DeniedParameters []GetPolicyDocumentRuleDeniedParameter

Blacklists a list of parameter and values. Any values specified here take precedence over allowed_parameter. See Parameters below.

Description string

Description of the rule. Will be added as a comment to rendered rule.

MaxWrappingTtl string

The maximum allowed TTL that clients can specify for a wrapped response.

MinWrappingTtl string

The minimum allowed TTL that clients can specify for a wrapped response.

RequiredParameters []string

A list of parameters that must be specified.

capabilities List<String>

A list of capabilities that this rule apply to path. For example, ["read", "write"].

path String

A path in Vault that this rule applies to.

allowedParameters List<GetPolicyDocumentRuleAllowedParameter>

Whitelists a list of keys and values that are permitted on the given path. See Parameters below.

deniedParameters List<GetPolicyDocumentRuleDeniedParameter>

Blacklists a list of parameter and values. Any values specified here take precedence over allowed_parameter. See Parameters below.

description String

Description of the rule. Will be added as a comment to rendered rule.

maxWrappingTtl String

The maximum allowed TTL that clients can specify for a wrapped response.

minWrappingTtl String

The minimum allowed TTL that clients can specify for a wrapped response.

requiredParameters List<String>

A list of parameters that must be specified.

capabilities string[]

A list of capabilities that this rule apply to path. For example, ["read", "write"].

path string

A path in Vault that this rule applies to.

allowedParameters GetPolicyDocumentRuleAllowedParameter[]

Whitelists a list of keys and values that are permitted on the given path. See Parameters below.

deniedParameters GetPolicyDocumentRuleDeniedParameter[]

Blacklists a list of parameter and values. Any values specified here take precedence over allowed_parameter. See Parameters below.

description string

Description of the rule. Will be added as a comment to rendered rule.

maxWrappingTtl string

The maximum allowed TTL that clients can specify for a wrapped response.

minWrappingTtl string

The minimum allowed TTL that clients can specify for a wrapped response.

requiredParameters string[]

A list of parameters that must be specified.

capabilities Sequence[str]

A list of capabilities that this rule apply to path. For example, ["read", "write"].

path str

A path in Vault that this rule applies to.

allowed_parameters Sequence[GetPolicyDocumentRuleAllowedParameter]

Whitelists a list of keys and values that are permitted on the given path. See Parameters below.

denied_parameters Sequence[GetPolicyDocumentRuleDeniedParameter]

Blacklists a list of parameter and values. Any values specified here take precedence over allowed_parameter. See Parameters below.

description str

Description of the rule. Will be added as a comment to rendered rule.

max_wrapping_ttl str

The maximum allowed TTL that clients can specify for a wrapped response.

min_wrapping_ttl str

The minimum allowed TTL that clients can specify for a wrapped response.

required_parameters Sequence[str]

A list of parameters that must be specified.

capabilities List<String>

A list of capabilities that this rule apply to path. For example, ["read", "write"].

path String

A path in Vault that this rule applies to.

allowedParameters List<Property Map>

Whitelists a list of keys and values that are permitted on the given path. See Parameters below.

deniedParameters List<Property Map>

Blacklists a list of parameter and values. Any values specified here take precedence over allowed_parameter. See Parameters below.

description String

Description of the rule. Will be added as a comment to rendered rule.

maxWrappingTtl String

The maximum allowed TTL that clients can specify for a wrapped response.

minWrappingTtl String

The minimum allowed TTL that clients can specify for a wrapped response.

requiredParameters List<String>

A list of parameters that must be specified.

GetPolicyDocumentRuleAllowedParameter

Key string

name of permitted or denied parameter.

Values List<string>

list of values what are permitted or denied by policy rule.

Key string

name of permitted or denied parameter.

Values []string

list of values what are permitted or denied by policy rule.

key String

name of permitted or denied parameter.

values List<String>

list of values what are permitted or denied by policy rule.

key string

name of permitted or denied parameter.

values string[]

list of values what are permitted or denied by policy rule.

key str

name of permitted or denied parameter.

values Sequence[str]

list of values what are permitted or denied by policy rule.

key String

name of permitted or denied parameter.

values List<String>

list of values what are permitted or denied by policy rule.

GetPolicyDocumentRuleDeniedParameter

Key string

name of permitted or denied parameter.

Values List<string>

list of values what are permitted or denied by policy rule.

Key string

name of permitted or denied parameter.

Values []string

list of values what are permitted or denied by policy rule.

key String

name of permitted or denied parameter.

values List<String>

list of values what are permitted or denied by policy rule.

key string

name of permitted or denied parameter.

values string[]

list of values what are permitted or denied by policy rule.

key str

name of permitted or denied parameter.

values Sequence[str]

list of values what are permitted or denied by policy rule.

key String

name of permitted or denied parameter.

values List<String>

list of values what are permitted or denied by policy rule.

Package Details

Repository
https://github.com/pulumi/pulumi-vault
License
Apache-2.0
Notes

This Pulumi package is based on the vault Terraform Provider.