ucloud 1.39.1 published on Monday, Apr 14, 2025 by ucloud
ucloud.getIamPolicyDocument
Start a Neo task
Explain and create an ucloud.getIamPolicyDocument resource
Generates an IAM policy document in JSON format for use with resources that expect policy documents such as ucloud_iam_policy.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as ucloud from "@pulumi/ucloud";
const fooIamPolicyDocument = ucloud.getIamPolicyDocument({
version: "1",
statements: [
{
effect: "Allow",
actions: [
"uhost:TerminateUHostInstance",
"uhost:DeleteIsolationGroup",
],
resources: ["ucs:uhost:*:<company-id>:instance/uhost-xxx"],
},
{
effect: "Allow",
actions: ["uhost:DescribeUHostInstance"],
resources: ["*"],
},
],
});
const fooIamPolicy = new ucloud.IamPolicy("fooIamPolicy", {
comment: "comment",
policy: fooIamPolicyDocument.then(fooIamPolicyDocument => fooIamPolicyDocument.json),
scope: "Project",
});
import pulumi
import pulumi_ucloud as ucloud
foo_iam_policy_document = ucloud.get_iam_policy_document(version="1",
statements=[
{
"effect": "Allow",
"actions": [
"uhost:TerminateUHostInstance",
"uhost:DeleteIsolationGroup",
],
"resources": ["ucs:uhost:*:<company-id>:instance/uhost-xxx"],
},
{
"effect": "Allow",
"actions": ["uhost:DescribeUHostInstance"],
"resources": ["*"],
},
])
foo_iam_policy = ucloud.IamPolicy("fooIamPolicy",
comment="comment",
policy=foo_iam_policy_document.json,
scope="Project")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ucloud/ucloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
fooIamPolicyDocument, err := ucloud.GetIamPolicyDocument(ctx, &ucloud.GetIamPolicyDocumentArgs{
Version: pulumi.StringRef("1"),
Statements: []ucloud.GetIamPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Actions: []string{
"uhost:TerminateUHostInstance",
"uhost:DeleteIsolationGroup",
},
Resources: []string{
"ucs:uhost:*:<company-id>:instance/uhost-xxx",
},
},
{
Effect: pulumi.StringRef("Allow"),
Actions: []string{
"uhost:DescribeUHostInstance",
},
Resources: []string{
"*",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = ucloud.NewIamPolicy(ctx, "fooIamPolicy", &ucloud.IamPolicyArgs{
Comment: pulumi.String("comment"),
Policy: pulumi.String(fooIamPolicyDocument.Json),
Scope: pulumi.String("Project"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ucloud = Pulumi.Ucloud;
return await Deployment.RunAsync(() =>
{
var fooIamPolicyDocument = Ucloud.GetIamPolicyDocument.Invoke(new()
{
Version = "1",
Statements = new[]
{
new Ucloud.Inputs.GetIamPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"uhost:TerminateUHostInstance",
"uhost:DeleteIsolationGroup",
},
Resources = new[]
{
"ucs:uhost:*:<company-id>:instance/uhost-xxx",
},
},
new Ucloud.Inputs.GetIamPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"uhost:DescribeUHostInstance",
},
Resources = new[]
{
"*",
},
},
},
});
var fooIamPolicy = new Ucloud.IamPolicy("fooIamPolicy", new()
{
Comment = "comment",
Policy = fooIamPolicyDocument.Apply(getIamPolicyDocumentResult => getIamPolicyDocumentResult.Json),
Scope = "Project",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ucloud.UcloudFunctions;
import com.pulumi.ucloud.inputs.GetIamPolicyDocumentArgs;
import com.pulumi.ucloud.IamPolicy;
import com.pulumi.ucloud.IamPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var fooIamPolicyDocument = UcloudFunctions.getIamPolicyDocument(GetIamPolicyDocumentArgs.builder()
.version("1")
.statements(
GetIamPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions(
"uhost:TerminateUHostInstance",
"uhost:DeleteIsolationGroup")
.resources("ucs:uhost:*:<company-id>:instance/uhost-xxx")
.build(),
GetIamPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("uhost:DescribeUHostInstance")
.resources("*")
.build())
.build());
var fooIamPolicy = new IamPolicy("fooIamPolicy", IamPolicyArgs.builder()
.comment("comment")
.policy(fooIamPolicyDocument.applyValue(getIamPolicyDocumentResult -> getIamPolicyDocumentResult.json()))
.scope("Project")
.build());
}
}
resources:
fooIamPolicy:
type: ucloud:IamPolicy
properties:
comment: comment
policy: ${fooIamPolicyDocument.json}
scope: Project
variables:
fooIamPolicyDocument:
fn::invoke:
function: ucloud:getIamPolicyDocument
arguments:
version: '1'
statements:
- effect: Allow
actions:
- uhost:TerminateUHostInstance
- uhost:DeleteIsolationGroup
resources:
- ucs:uhost:*:<company-id>:instance/uhost-xxx
- effect: Allow
actions:
- uhost:DescribeUHostInstance
resources:
- '*'
Using getIamPolicyDocument
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getIamPolicyDocument(args: GetIamPolicyDocumentArgs, opts?: InvokeOptions): Promise<GetIamPolicyDocumentResult>
function getIamPolicyDocumentOutput(args: GetIamPolicyDocumentOutputArgs, opts?: InvokeOptions): Output<GetIamPolicyDocumentResult>def get_iam_policy_document(id: Optional[str] = None,
output_file: Optional[str] = None,
statements: Optional[Sequence[GetIamPolicyDocumentStatement]] = None,
version: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetIamPolicyDocumentResult
def get_iam_policy_document_output(id: Optional[pulumi.Input[str]] = None,
output_file: Optional[pulumi.Input[str]] = None,
statements: Optional[pulumi.Input[Sequence[pulumi.Input[GetIamPolicyDocumentStatementArgs]]]] = None,
version: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetIamPolicyDocumentResult]func GetIamPolicyDocument(ctx *Context, args *GetIamPolicyDocumentArgs, opts ...InvokeOption) (*GetIamPolicyDocumentResult, error)
func GetIamPolicyDocumentOutput(ctx *Context, args *GetIamPolicyDocumentOutputArgs, opts ...InvokeOption) GetIamPolicyDocumentResultOutput> Note: This function is named GetIamPolicyDocument in the Go SDK.
public static class GetIamPolicyDocument
{
public static Task<GetIamPolicyDocumentResult> InvokeAsync(GetIamPolicyDocumentArgs args, InvokeOptions? opts = null)
public static Output<GetIamPolicyDocumentResult> Invoke(GetIamPolicyDocumentInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetIamPolicyDocumentResult> getIamPolicyDocument(GetIamPolicyDocumentArgs args, InvokeOptions options)
public static Output<GetIamPolicyDocumentResult> getIamPolicyDocument(GetIamPolicyDocumentArgs args, InvokeOptions options)
fn::invoke:
function: ucloud:index/getIamPolicyDocument:getIamPolicyDocument
arguments:
# arguments dictionaryThe following arguments are supported:
- Id string
- Output
File string - File name where to save data source results (after running pulumi preview).
- Statements
List<Get
Iam Policy Document Statement> - Statement of the IAM policy document. See the following Block statement.
- Version string
- Version of the IAM policy document. Valid value is 1. Default value is 1.
- Id string
- Output
File string - File name where to save data source results (after running pulumi preview).
- Statements
[]Get
Iam Policy Document Statement - Statement of the IAM policy document. See the following Block statement.
- Version string
- Version of the IAM policy document. Valid value is 1. Default value is 1.
- id String
- output
File String - File name where to save data source results (after running pulumi preview).
- statements
List<Get
Iam Policy Document Statement> - Statement of the IAM policy document. See the following Block statement.
- version String
- Version of the IAM policy document. Valid value is 1. Default value is 1.
- id string
- output
File string - File name where to save data source results (after running pulumi preview).
- statements
Get
Iam Policy Document Statement[] - Statement of the IAM policy document. See the following Block statement.
- version string
- Version of the IAM policy document. Valid value is 1. Default value is 1.
- id str
- output_
file str - File name where to save data source results (after running pulumi preview).
- statements
Sequence[Get
Iam Policy Document Statement] - Statement of the IAM policy document. See the following Block statement.
- version str
- Version of the IAM policy document. Valid value is 1. Default value is 1.
- id String
- output
File String - File name where to save data source results (after running pulumi preview).
- statements List<Property Map>
- Statement of the IAM policy document. See the following Block statement.
- version String
- Version of the IAM policy document. Valid value is 1. Default value is 1.
getIamPolicyDocument Result
The following output properties are available:
- Id string
- Json string
- Policy JSON representation rendered based on the arguments above.
- Output
File string - Statements
List<Get
Iam Policy Document Statement> - Version string
- Id string
- Json string
- Policy JSON representation rendered based on the arguments above.
- Output
File string - Statements
[]Get
Iam Policy Document Statement - Version string
- id String
- json String
- Policy JSON representation rendered based on the arguments above.
- output
File String - statements
List<Get
Iam Policy Document Statement> - version String
- id string
- json string
- Policy JSON representation rendered based on the arguments above.
- output
File string - statements
Get
Iam Policy Document Statement[] - version string
- id str
- json str
- Policy JSON representation rendered based on the arguments above.
- output_
file str - statements
Sequence[Get
Iam Policy Document Statement] - version str
- id String
- json String
- Policy JSON representation rendered based on the arguments above.
- output
File String - statements List<Property Map>
- version String
Supporting Types
GetIamPolicyDocumentStatement
- Actions List<string>
- Actions list of the IAM policy document. The format is
<product-name>:<api-name> - Effect string
- This parameter indicates whether the
actionis allowed. Valid values areAllowandDeny. Default value isAllow. - Resources List<string>
- List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be
ucs:uhost:*:<company-id>:instance/<uhost-id>orucs:ucdn:*:<company-id>:instance/<domain-id>
- Actions []string
- Actions list of the IAM policy document. The format is
<product-name>:<api-name> - Effect string
- This parameter indicates whether the
actionis allowed. Valid values areAllowandDeny. Default value isAllow. - Resources []string
- List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be
ucs:uhost:*:<company-id>:instance/<uhost-id>orucs:ucdn:*:<company-id>:instance/<domain-id>
- actions List<String>
- Actions list of the IAM policy document. The format is
<product-name>:<api-name> - effect String
- This parameter indicates whether the
actionis allowed. Valid values areAllowandDeny. Default value isAllow. - resources List<String>
- List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be
ucs:uhost:*:<company-id>:instance/<uhost-id>orucs:ucdn:*:<company-id>:instance/<domain-id>
- actions string[]
- Actions list of the IAM policy document. The format is
<product-name>:<api-name> - effect string
- This parameter indicates whether the
actionis allowed. Valid values areAllowandDeny. Default value isAllow. - resources string[]
- List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be
ucs:uhost:*:<company-id>:instance/<uhost-id>orucs:ucdn:*:<company-id>:instance/<domain-id>
- actions Sequence[str]
- Actions list of the IAM policy document. The format is
<product-name>:<api-name> - effect str
- This parameter indicates whether the
actionis allowed. Valid values areAllowandDeny. Default value isAllow. - resources Sequence[str]
- List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be
ucs:uhost:*:<company-id>:instance/<uhost-id>orucs:ucdn:*:<company-id>:instance/<domain-id>
- actions List<String>
- Actions list of the IAM policy document. The format is
<product-name>:<api-name> - effect String
- This parameter indicates whether the
actionis allowed. Valid values areAllowandDeny. Default value isAllow. - resources List<String>
- List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be
ucs:uhost:*:<company-id>:instance/<uhost-id>orucs:ucdn:*:<company-id>:instance/<domain-id>
Package Details
- Repository
- ucloud ucloud/terraform-provider-ucloud
- License
- Notes
- This Pulumi package is based on the
ucloudTerraform Provider.
