Yandex

v0.10.0 published on Thursday, Nov 18, 2021 by Pulumi

getIamPolicy

Generates an [IAM] policy document that may be referenced by and applied to other Yandex.Cloud Platform resources, such as the yandex.ResourcemanagerFolder resource.

import * as pulumi from "@pulumi/pulumi";
import * as yandex from "@pulumi/yandex";

const admin = pulumi.output(yandex.getIamPolicy({
    bindings: [
        {
            members: ["userAccount:user_id_1"],
            role: "admin",
        },
        {
            members: ["userAccount:user_id_2"],
            role: "viewer",
        },
    ],
}));
import pulumi
import pulumi_yandex as yandex

admin = yandex.get_iam_policy(bindings=[
    yandex.GetIamPolicyBindingArgs(
        members=["userAccount:user_id_1"],
        role="admin",
    ),
    yandex.GetIamPolicyBindingArgs(
        members=["userAccount:user_id_2"],
        role="viewer",
    ),
])
using Pulumi;
using Yandex = Pulumi.Yandex;

class MyStack : Stack
{
    public MyStack()
    {
        var admin = Output.Create(Yandex.GetIamPolicy.InvokeAsync(new Yandex.GetIamPolicyArgs
        {
            Bindings = 
            {
                new Yandex.Inputs.GetIamPolicyBindingArgs
                {
                    Members = 
                    {
                        "userAccount:user_id_1",
                    },
                    Role = "admin",
                },
                new Yandex.Inputs.GetIamPolicyBindingArgs
                {
                    Members = 
                    {
                        "userAccount:user_id_2",
                    },
                    Role = "viewer",
                },
            },
        }));
    }

}
package main

import (
	"github.com/pulumi/pulumi-yandex/sdk/go/yandex"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := yandex.GetIamPolicy(ctx, &GetIamPolicyArgs{
			Bindings: []GetIamPolicyBinding{
				GetIamPolicyBinding{
					Members: []string{
						"userAccount:user_id_1",
					},
					Role: "admin",
				},
				GetIamPolicyBinding{
					Members: []string{
						"userAccount:user_id_2",
					},
					Role: "viewer",
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

This data source is used to define [IAM] policies to apply to other resources. Currently, defining a policy through a data source and referencing that policy from another resource is the only way to apply an IAM policy to a resource.

Using getIamPolicy

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getIamPolicy(args: GetIamPolicyArgs, opts?: InvokeOptions): Promise<GetIamPolicyResult>
function getIamPolicyOutput(args: GetIamPolicyOutputArgs, opts?: InvokeOptions): Output<GetIamPolicyResult>
def get_iam_policy(bindings: Optional[Sequence[GetIamPolicyBinding]] = None,
                   opts: Optional[InvokeOptions] = None) -> GetIamPolicyResult
def get_iam_policy_output(bindings: Optional[pulumi.Input[Sequence[pulumi.Input[GetIamPolicyBindingArgs]]]] = None,
                   opts: Optional[InvokeOptions] = None) -> Output[GetIamPolicyResult]
func GetIamPolicy(ctx *Context, args *GetIamPolicyArgs, opts ...InvokeOption) (*GetIamPolicyResult, error)
func GetIamPolicyOutput(ctx *Context, args *GetIamPolicyOutputArgs, opts ...InvokeOption) GetIamPolicyResultOutput

> Note: This function is named GetIamPolicy in the Go SDK.

public static class GetIamPolicy 
{
    public static Task<GetIamPolicyResult> InvokeAsync(GetIamPolicyArgs args, InvokeOptions? opts = null)
    public static Output<GetIamPolicyResult> Invoke(GetIamPolicyInvokeArgs args, InvokeOptions? opts = null)
}

The following arguments are supported:

Bindings List<GetIamPolicyBinding>
A nested configuration block (described below) that defines a binding to be included in the policy document. Multiple binding arguments are supported.
Bindings []GetIamPolicyBinding
A nested configuration block (described below) that defines a binding to be included in the policy document. Multiple binding arguments are supported.
bindings GetIamPolicyBinding[]
A nested configuration block (described below) that defines a binding to be included in the policy document. Multiple binding arguments are supported.
bindings Sequence[GetIamPolicyBinding]
A nested configuration block (described below) that defines a binding to be included in the policy document. Multiple binding arguments are supported.

getIamPolicy Result

The following output properties are available:

Bindings List<GetIamPolicyBinding>
Id string
The provider-assigned unique ID for this managed resource.
PolicyData string
The above bindings serialized in a format suitable for referencing from a resource that supports IAM.
Bindings []GetIamPolicyBinding
Id string
The provider-assigned unique ID for this managed resource.
PolicyData string
The above bindings serialized in a format suitable for referencing from a resource that supports IAM.
bindings GetIamPolicyBinding[]
id string
The provider-assigned unique ID for this managed resource.
policyData string
The above bindings serialized in a format suitable for referencing from a resource that supports IAM.
bindings Sequence[GetIamPolicyBinding]
id str
The provider-assigned unique ID for this managed resource.
policy_data str
The above bindings serialized in a format suitable for referencing from a resource that supports IAM.

Supporting Types

GetIamPolicyBinding

Members List<string>

An array of identities that will be granted the privilege in the role. Each entry can have one of the following values:

  • userAccount:{user_id}: A unique user ID that represents a specific Yandex account.
  • serviceAccount:{service_account_id}: A unique service account ID.
Role string
The role/permission that will be granted to the members. See the [IAM Roles] documentation for a complete list of roles.
Members []string

An array of identities that will be granted the privilege in the role. Each entry can have one of the following values:

  • userAccount:{user_id}: A unique user ID that represents a specific Yandex account.
  • serviceAccount:{service_account_id}: A unique service account ID.
Role string
The role/permission that will be granted to the members. See the [IAM Roles] documentation for a complete list of roles.
members string[]

An array of identities that will be granted the privilege in the role. Each entry can have one of the following values:

  • userAccount:{user_id}: A unique user ID that represents a specific Yandex account.
  • serviceAccount:{service_account_id}: A unique service account ID.
role string
The role/permission that will be granted to the members. See the [IAM Roles] documentation for a complete list of roles.
members Sequence[str]

An array of identities that will be granted the privilege in the role. Each entry can have one of the following values:

  • userAccount:{user_id}: A unique user ID that represents a specific Yandex account.
  • serviceAccount:{service_account_id}: A unique service account ID.
role str
The role/permission that will be granted to the members. See the [IAM Roles] documentation for a complete list of roles.

Package Details

Repository
https://github.com/pulumi/pulumi-yandex
License
Apache-2.0
Notes
This Pulumi package is based on the yandex Terraform Provider.