HashiCorp Vault

v5.1.0 published on Thursday, Dec 30, 2021 by Pulumi

getPolicyDocument

This is a data source which can be used to construct a HCL representation of an Vault policy document, for use with resources which expect policy documents, such as the vault.Policy resource.

Example Usage

using Pulumi;
using Vault = Pulumi.Vault;

class MyStack : Stack
{
    public MyStack()
    {
        var examplePolicyDocument = Output.Create(Vault.GetPolicyDocument.InvokeAsync(new Vault.GetPolicyDocumentArgs
        {
            Rules = 
            {
                new Vault.Inputs.GetPolicyDocumentRuleArgs
                {
                    Path = "secret/*",
                    Capabilities = 
                    {
                        "create",
                        "read",
                        "update",
                        "delete",
                        "list",
                    },
                    Description = "allow all on secrets",
                },
            },
        }));
        var examplePolicy = new Vault.Policy("examplePolicy", new Vault.PolicyArgs
        {
            Policy = examplePolicyDocument.Apply(examplePolicyDocument => examplePolicyDocument.Hcl),
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		examplePolicyDocument, err := vault.GetPolicyDocument(ctx, &GetPolicyDocumentArgs{
			Rules: []GetPolicyDocumentRule{
				GetPolicyDocumentRule{
					Path: "secret/*",
					Capabilities: []string{
						"create",
						"read",
						"update",
						"delete",
						"list",
					},
					Description: "allow all on secrets",
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = vault.NewPolicy(ctx, "examplePolicy", &vault.PolicyArgs{
			Policy: pulumi.String(examplePolicyDocument.Hcl),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_vault as vault

example_policy_document = vault.get_policy_document(rules=[vault.GetPolicyDocumentRuleArgs(
    path="secret/*",
    capabilities=[
        "create",
        "read",
        "update",
        "delete",
        "list",
    ],
    description="allow all on secrets",
)])
example_policy = vault.Policy("examplePolicy", policy=example_policy_document.hcl)
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const examplePolicyDocument = vault.getPolicyDocument({
    rules: [{
        path: "secret/*",
        capabilities: [
            "create",
            "read",
            "update",
            "delete",
            "list",
        ],
        description: "allow all on secrets",
    }],
});
const examplePolicy = new vault.Policy("examplePolicy", {policy: examplePolicyDocument.then(examplePolicyDocument => examplePolicyDocument.hcl)});

Using getPolicyDocument

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getPolicyDocument(args: GetPolicyDocumentArgs, opts?: InvokeOptions): Promise<GetPolicyDocumentResult>
function getPolicyDocumentOutput(args: GetPolicyDocumentOutputArgs, opts?: InvokeOptions): Output<GetPolicyDocumentResult>
def get_policy_document(rules: Optional[Sequence[GetPolicyDocumentRule]] = None,
                        opts: Optional[InvokeOptions] = None) -> GetPolicyDocumentResult
def get_policy_document_output(rules: Optional[pulumi.Input[Sequence[pulumi.Input[GetPolicyDocumentRuleArgs]]]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetPolicyDocumentResult]
func GetPolicyDocument(ctx *Context, args *GetPolicyDocumentArgs, opts ...InvokeOption) (*GetPolicyDocumentResult, error)
func GetPolicyDocumentOutput(ctx *Context, args *GetPolicyDocumentOutputArgs, opts ...InvokeOption) GetPolicyDocumentResultOutput

> Note: This function is named GetPolicyDocument in the Go SDK.

public static class GetPolicyDocument 
{
    public static Task<GetPolicyDocumentResult> InvokeAsync(GetPolicyDocumentArgs args, InvokeOptions? opts = null)
    public static Output<GetPolicyDocumentResult> Invoke(GetPolicyDocumentInvokeArgs args, InvokeOptions? opts = null)
}

The following arguments are supported:

getPolicyDocument Result

The following output properties are available:

Hcl string
The above arguments serialized as a standard Vault HCL policy document.
Id string
The provider-assigned unique ID for this managed resource.
Rules List<GetPolicyDocumentRule>
Hcl string
The above arguments serialized as a standard Vault HCL policy document.
Id string
The provider-assigned unique ID for this managed resource.
Rules []GetPolicyDocumentRule
hcl string
The above arguments serialized as a standard Vault HCL policy document.
id string
The provider-assigned unique ID for this managed resource.
rules GetPolicyDocumentRule[]
hcl str
The above arguments serialized as a standard Vault HCL policy document.
id str
The provider-assigned unique ID for this managed resource.
rules Sequence[GetPolicyDocumentRule]

Supporting Types

GetPolicyDocumentRule

Capabilities List<string>
A list of capabilities that this rule apply to path. For example, [“read”, “write”].
Path string
A path in Vault that this rule applies to.
AllowedParameters List<GetPolicyDocumentRuleAllowedParameter>
Whitelists a list of keys and values that are permitted on the given path. See Parameters below.
DeniedParameters List<GetPolicyDocumentRuleDeniedParameter>
Blacklists a list of parameter and values. Any values specified here take precedence over allowed_parameter. See Parameters below.
Description string
Description of the rule. Will be added as a comment to rendered rule.
MaxWrappingTtl string
The maximum allowed TTL that clients can specify for a wrapped response.
MinWrappingTtl string
The minimum allowed TTL that clients can specify for a wrapped response.
RequiredParameters List<string>
A list of parameters that must be specified.
Capabilities []string
A list of capabilities that this rule apply to path. For example, [“read”, “write”].
Path string
A path in Vault that this rule applies to.
AllowedParameters []GetPolicyDocumentRuleAllowedParameter
Whitelists a list of keys and values that are permitted on the given path. See Parameters below.
DeniedParameters []GetPolicyDocumentRuleDeniedParameter
Blacklists a list of parameter and values. Any values specified here take precedence over allowed_parameter. See Parameters below.
Description string
Description of the rule. Will be added as a comment to rendered rule.
MaxWrappingTtl string
The maximum allowed TTL that clients can specify for a wrapped response.
MinWrappingTtl string
The minimum allowed TTL that clients can specify for a wrapped response.
RequiredParameters []string
A list of parameters that must be specified.
capabilities string[]
A list of capabilities that this rule apply to path. For example, [“read”, “write”].
path string
A path in Vault that this rule applies to.
allowedParameters GetPolicyDocumentRuleAllowedParameter[]
Whitelists a list of keys and values that are permitted on the given path. See Parameters below.
deniedParameters GetPolicyDocumentRuleDeniedParameter[]
Blacklists a list of parameter and values. Any values specified here take precedence over allowed_parameter. See Parameters below.
description string
Description of the rule. Will be added as a comment to rendered rule.
maxWrappingTtl string
The maximum allowed TTL that clients can specify for a wrapped response.
minWrappingTtl string
The minimum allowed TTL that clients can specify for a wrapped response.
requiredParameters string[]
A list of parameters that must be specified.
capabilities Sequence[str]
A list of capabilities that this rule apply to path. For example, [“read”, “write”].
path str
A path in Vault that this rule applies to.
allowed_parameters Sequence[GetPolicyDocumentRuleAllowedParameter]
Whitelists a list of keys and values that are permitted on the given path. See Parameters below.
denied_parameters Sequence[GetPolicyDocumentRuleDeniedParameter]
Blacklists a list of parameter and values. Any values specified here take precedence over allowed_parameter. See Parameters below.
description str
Description of the rule. Will be added as a comment to rendered rule.
max_wrapping_ttl str
The maximum allowed TTL that clients can specify for a wrapped response.
min_wrapping_ttl str
The minimum allowed TTL that clients can specify for a wrapped response.
required_parameters Sequence[str]
A list of parameters that must be specified.

GetPolicyDocumentRuleAllowedParameter

Key string
name of permitted or denied parameter.
Values List<string>
list of values what are permitted or denied by policy rule.
Key string
name of permitted or denied parameter.
Values []string
list of values what are permitted or denied by policy rule.
key string
name of permitted or denied parameter.
values string[]
list of values what are permitted or denied by policy rule.
key str
name of permitted or denied parameter.
values Sequence[str]
list of values what are permitted or denied by policy rule.

GetPolicyDocumentRuleDeniedParameter

Key string
name of permitted or denied parameter.
Values List<string>
list of values what are permitted or denied by policy rule.
Key string
name of permitted or denied parameter.
Values []string
list of values what are permitted or denied by policy rule.
key string
name of permitted or denied parameter.
values string[]
list of values what are permitted or denied by policy rule.
key str
name of permitted or denied parameter.
values Sequence[str]
list of values what are permitted or denied by policy rule.

Package Details

Repository
https://github.com/pulumi/pulumi-vault
License
Apache-2.0
Notes
This Pulumi package is based on the vault Terraform Provider.