Docs
Packagesvault.getPolicyDocument
Explore with Pulumi AI
This is a data source which can be used to construct a HCL representation of an Vault policy document, for use with resources which expect policy documents, such as the vault.Policy resource.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var examplePolicyDocument = Vault.GetPolicyDocument.Invoke(new()
{
Rules = new[]
{
new Vault.Inputs.GetPolicyDocumentRuleInputArgs
{
Path = "secret/*",
Capabilities = new[]
{
"create",
"read",
"update",
"delete",
"list",
},
Description = "allow all on secrets",
},
},
});
var examplePolicy = new Vault.Policy("examplePolicy", new()
{
PolicyContents = examplePolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Hcl),
});
});
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v5/go/vault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
examplePolicyDocument, err := vault.GetPolicyDocument(ctx, &vault.GetPolicyDocumentArgs{
Rules: []vault.GetPolicyDocumentRule{
{
Path: "secret/*",
Capabilities: []string{
"create",
"read",
"update",
"delete",
"list",
},
Description: pulumi.StringRef("allow all on secrets"),
},
},
}, nil)
if err != nil {
return err
}
_, err = vault.NewPolicy(ctx, "examplePolicy", &vault.PolicyArgs{
Policy: *pulumi.String(examplePolicyDocument.Hcl),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.VaultFunctions;
import com.pulumi.vault.inputs.GetPolicyDocumentArgs;
import com.pulumi.vault.Policy;
import com.pulumi.vault.PolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var examplePolicyDocument = VaultFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.rules(GetPolicyDocumentRuleArgs.builder()
.path("secret/*")
.capabilities(
"create",
"read",
"update",
"delete",
"list")
.description("allow all on secrets")
.build())
.build());
var examplePolicy = new Policy("examplePolicy", PolicyArgs.builder()
.policy(examplePolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.hcl()))
.build());
}
}
import pulumi
import pulumi_vault as vault
example_policy_document = vault.get_policy_document(rules=[vault.GetPolicyDocumentRuleArgs(
path="secret/*",
capabilities=[
"create",
"read",
"update",
"delete",
"list",
],
description="allow all on secrets",
)])
example_policy = vault.Policy("examplePolicy", policy=example_policy_document.hcl)
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const examplePolicyDocument = vault.getPolicyDocument({
rules: [{
path: "secret/*",
capabilities: [
"create",
"read",
"update",
"delete",
"list",
],
description: "allow all on secrets",
}],
});
const examplePolicy = new vault.Policy("examplePolicy", {policy: examplePolicyDocument.then(examplePolicyDocument => examplePolicyDocument.hcl)});
resources:
examplePolicy:
type: vault:Policy
properties:
policy: ${examplePolicyDocument.hcl}
variables:
examplePolicyDocument:
fn::invoke:
Function: vault:getPolicyDocument
Arguments:
rules:
- path: secret/*
capabilities:
- create
- read
- update
- delete
- list
description: allow all on secrets
Using getPolicyDocument
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getPolicyDocument(args: GetPolicyDocumentArgs, opts?: InvokeOptions): Promise<GetPolicyDocumentResult>
function getPolicyDocumentOutput(args: GetPolicyDocumentOutputArgs, opts?: InvokeOptions): Output<GetPolicyDocumentResult>def get_policy_document(namespace: Optional[str] = None,
rules: Optional[Sequence[GetPolicyDocumentRule]] = None,
opts: Optional[InvokeOptions] = None) -> GetPolicyDocumentResult
def get_policy_document_output(namespace: Optional[pulumi.Input[str]] = None,
rules: Optional[pulumi.Input[Sequence[pulumi.Input[GetPolicyDocumentRuleArgs]]]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetPolicyDocumentResult]func GetPolicyDocument(ctx *Context, args *GetPolicyDocumentArgs, opts ...InvokeOption) (*GetPolicyDocumentResult, error)
func GetPolicyDocumentOutput(ctx *Context, args *GetPolicyDocumentOutputArgs, opts ...InvokeOption) GetPolicyDocumentResultOutput> Note: This function is named GetPolicyDocument in the Go SDK.
public static class GetPolicyDocument
{
public static Task<GetPolicyDocumentResult> InvokeAsync(GetPolicyDocumentArgs args, InvokeOptions? opts = null)
public static Output<GetPolicyDocumentResult> Invoke(GetPolicyDocumentInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetPolicyDocumentResult> getPolicyDocument(GetPolicyDocumentArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: vault:index/getPolicyDocument:getPolicyDocument
arguments:
# arguments dictionaryThe following arguments are supported:
- namespace String
- rules List<Property Map>
getPolicyDocument Result
The following output properties are available:
- Hcl string
The above arguments serialized as a standard Vault HCL policy document.
- Id string
The provider-assigned unique ID for this managed resource.
- Rules
List<Get
Policy Document Rule> - Namespace string
- Hcl string
The above arguments serialized as a standard Vault HCL policy document.
- Id string
The provider-assigned unique ID for this managed resource.
- Rules
[]Get
Policy Document Rule - Namespace string
- hcl String
The above arguments serialized as a standard Vault HCL policy document.
- id String
The provider-assigned unique ID for this managed resource.
- rules
List<Get
Policy Document Rule> - namespace String
- hcl string
The above arguments serialized as a standard Vault HCL policy document.
- id string
The provider-assigned unique ID for this managed resource.
- rules
Get
Policy Document Rule[] - namespace string
- hcl str
The above arguments serialized as a standard Vault HCL policy document.
- id str
The provider-assigned unique ID for this managed resource.
- rules
Sequence[Get
Policy Document Rule] - namespace str
- hcl String
The above arguments serialized as a standard Vault HCL policy document.
- id String
The provider-assigned unique ID for this managed resource.
- rules List<Property Map>
- namespace String
Supporting Types
GetPolicyDocumentRule
- Capabilities List<string>
A list of capabilities that this rule apply to
path. For example, ["read", "write"].- Path string
A path in Vault that this rule applies to.
- Allowed
Parameters List<GetPolicy Document Rule Allowed Parameter> Whitelists a list of keys and values that are permitted on the given path. See Parameters below.
- Denied
Parameters List<GetPolicy Document Rule Denied Parameter> Blacklists a list of parameter and values. Any values specified here take precedence over
allowed_parameter. See Parameters below.- Description string
Description of the rule. Will be added as a comment to rendered rule.
- Max
Wrapping stringTtl The maximum allowed TTL that clients can specify for a wrapped response.
- Min
Wrapping stringTtl The minimum allowed TTL that clients can specify for a wrapped response.
- Required
Parameters List<string> A list of parameters that must be specified.
- Capabilities []string
A list of capabilities that this rule apply to
path. For example, ["read", "write"].- Path string
A path in Vault that this rule applies to.
- Allowed
Parameters []GetPolicy Document Rule Allowed Parameter Whitelists a list of keys and values that are permitted on the given path. See Parameters below.
- Denied
Parameters []GetPolicy Document Rule Denied Parameter Blacklists a list of parameter and values. Any values specified here take precedence over
allowed_parameter. See Parameters below.- Description string
Description of the rule. Will be added as a comment to rendered rule.
- Max
Wrapping stringTtl The maximum allowed TTL that clients can specify for a wrapped response.
- Min
Wrapping stringTtl The minimum allowed TTL that clients can specify for a wrapped response.
- Required
Parameters []string A list of parameters that must be specified.
- capabilities List<String>
A list of capabilities that this rule apply to
path. For example, ["read", "write"].- path String
A path in Vault that this rule applies to.
- allowed
Parameters List<GetPolicy Document Rule Allowed Parameter> Whitelists a list of keys and values that are permitted on the given path. See Parameters below.
- denied
Parameters List<GetPolicy Document Rule Denied Parameter> Blacklists a list of parameter and values. Any values specified here take precedence over
allowed_parameter. See Parameters below.- description String
Description of the rule. Will be added as a comment to rendered rule.
- max
Wrapping StringTtl The maximum allowed TTL that clients can specify for a wrapped response.
- min
Wrapping StringTtl The minimum allowed TTL that clients can specify for a wrapped response.
- required
Parameters List<String> A list of parameters that must be specified.
- capabilities string[]
A list of capabilities that this rule apply to
path. For example, ["read", "write"].- path string
A path in Vault that this rule applies to.
- allowed
Parameters GetPolicy Document Rule Allowed Parameter[] Whitelists a list of keys and values that are permitted on the given path. See Parameters below.
- denied
Parameters GetPolicy Document Rule Denied Parameter[] Blacklists a list of parameter and values. Any values specified here take precedence over
allowed_parameter. See Parameters below.- description string
Description of the rule. Will be added as a comment to rendered rule.
- max
Wrapping stringTtl The maximum allowed TTL that clients can specify for a wrapped response.
- min
Wrapping stringTtl The minimum allowed TTL that clients can specify for a wrapped response.
- required
Parameters string[] A list of parameters that must be specified.
- capabilities Sequence[str]
A list of capabilities that this rule apply to
path. For example, ["read", "write"].- path str
A path in Vault that this rule applies to.
- allowed_
parameters Sequence[GetPolicy Document Rule Allowed Parameter] Whitelists a list of keys and values that are permitted on the given path. See Parameters below.
- denied_
parameters Sequence[GetPolicy Document Rule Denied Parameter] Blacklists a list of parameter and values. Any values specified here take precedence over
allowed_parameter. See Parameters below.- description str
Description of the rule. Will be added as a comment to rendered rule.
- max_
wrapping_ strttl The maximum allowed TTL that clients can specify for a wrapped response.
- min_
wrapping_ strttl The minimum allowed TTL that clients can specify for a wrapped response.
- required_
parameters Sequence[str] A list of parameters that must be specified.
- capabilities List<String>
A list of capabilities that this rule apply to
path. For example, ["read", "write"].- path String
A path in Vault that this rule applies to.
- allowed
Parameters List<Property Map> Whitelists a list of keys and values that are permitted on the given path. See Parameters below.
- denied
Parameters List<Property Map> Blacklists a list of parameter and values. Any values specified here take precedence over
allowed_parameter. See Parameters below.- description String
Description of the rule. Will be added as a comment to rendered rule.
- max
Wrapping StringTtl The maximum allowed TTL that clients can specify for a wrapped response.
- min
Wrapping StringTtl The minimum allowed TTL that clients can specify for a wrapped response.
- required
Parameters List<String> A list of parameters that must be specified.
GetPolicyDocumentRuleAllowedParameter
GetPolicyDocumentRuleDeniedParameter
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
vaultTerraform Provider.