@pulumiverse/scaleway
Version:
A Pulumi package for creating and managing Scaleway cloud resources.
287 lines • 9.57 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* Creates and manages Scaleway IAM Policies. For more information refer to the [IAM API documentation](https://www.scaleway.com/en/developers/api/iam/#path-policies-create-a-new-policy).
*
* > You can find a detailed list of all permission sets available at Scaleway in the permission sets [reference page](https://www.scaleway.com/en/docs/iam/reference-content/permission-sets/).
*
* ## Example Usage
*
* ### Create a policy for an organization's project
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as scaleway from "@pulumiverse/scaleway";
*
* const _default = scaleway.account.getProject({
* name: "default",
* });
* const app = new scaleway.iam.Application("app", {name: "my app"});
* const objectReadOnly = new scaleway.iam.Policy("object_read_only", {
* name: "my policy",
* description: "gives app readonly access to object storage in project",
* applicationId: app.id,
* rules: [{
* projectIds: [_default.then(_default => _default.id)],
* permissionSetNames: ["ObjectStorageReadOnly"],
* }],
* });
* ```
*
* ### Create a policy for all current and future projects in an organization
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as scaleway from "@pulumiverse/scaleway";
*
* const app = new scaleway.iam.Application("app", {name: "my app"});
* const objectReadOnly = new scaleway.iam.Policy("object_read_only", {
* name: "my policy",
* description: "gives app readonly access to object storage in project",
* applicationId: app.id,
* rules: [{
* organizationId: app.organizationId,
* permissionSetNames: ["ObjectStorageReadOnly"],
* }],
* });
* ```
*
* ### Create a permission for multiple users using a group
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as scaleway from "@pulumiverse/scaleway";
* import * as std from "@pulumi/std";
*
* const users = [
* "user1@mail.com",
* "user2@mail.com",
* ];
* const projectName = "default";
* const project = scaleway.account.getProject({
* name: projectName,
* });
* const usersGetUser = .reduce((__obj, [__key, __value]) => ({ ...__obj, [String(__key)]: scaleway.iam.getUser({
* email: __value,
* }) }), {});
* const withUsers = new scaleway.iam.Group("with_users", {
* name: "developers",
* userIds: Object.values(usersGetUser).map(user => (user.id)),
* });
* const iamTfStoragePolicy = new scaleway.iam.Policy("iam_tf_storage_policy", {
* name: "developers permissions",
* groupId: withUsers.id,
* rules: [{
* projectIds: [project.then(project => project.id)],
* permissionSetNames: ["InstancesReadOnly"],
* }],
* });
* ```
*
* ### Create a policy with a particular condition
*
* IAM policy rule can use a condition to be applied.
* The following variables are available:
*
* - `request.ip`
* - `request.user_agent`
* - `request.time`
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as scaleway from "@pulumiverse/scaleway";
*
* const main = new scaleway.iam.Policy("main", {
* name: "tf_tests_policy_condition",
* noPrincipal: true,
* rules: [{
* organizationId: "%s",
* permissionSetNames: ["AllProductsFullAccess"],
* condition: "request.user_agent == 'My User Agent'",
* }],
* });
* ```
*
* ## Import
*
* Policies can be imported using the `{id}`, e.g.
*
* ```sh
* $ pulumi import scaleway:iam/policy:Policy main 11111111-1111-1111-1111-111111111111
* ```
*/
export declare class Policy extends pulumi.CustomResource {
/**
* Get an existing Policy resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicyState, opts?: pulumi.CustomResourceOptions): Policy;
/**
* Returns true if the given object is an instance of Policy. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Policy;
/**
* ID of the application the policy will be linked to
*/
readonly applicationId: pulumi.Output<string | undefined>;
/**
* The date and time of the creation of the policy.
*/
readonly createdAt: pulumi.Output<string>;
/**
* The description of the IAM policy.
*/
readonly description: pulumi.Output<string | undefined>;
/**
* Whether the policy is editable.
*/
readonly editable: pulumi.Output<boolean>;
/**
* ID of the group the policy will be linked to
*/
readonly groupId: pulumi.Output<string | undefined>;
/**
* The name of the IAM policy.
*/
readonly name: pulumi.Output<string>;
/**
* If the policy doesn't apply to a principal.
*
* > **Important** Only one of `userId`, `groupId`, `applicationId` and `noPrincipal` may be set.
*/
readonly noPrincipal: pulumi.Output<boolean | undefined>;
/**
* `organizationId`) The ID of the organization the policy is associated with.
*/
readonly organizationId: pulumi.Output<string>;
/**
* List of rules in the policy.
*/
readonly rules: pulumi.Output<outputs.iam.PolicyRule[]>;
/**
* The tags associated with the IAM policy.
*/
readonly tags: pulumi.Output<string[] | undefined>;
/**
* The date and time of the last update of the policy.
*/
readonly updatedAt: pulumi.Output<string>;
/**
* ID of the user the policy will be linked to
*/
readonly userId: pulumi.Output<string | undefined>;
/**
* Create a Policy resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: PolicyArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Policy resources.
*/
export interface PolicyState {
/**
* ID of the application the policy will be linked to
*/
applicationId?: pulumi.Input<string | undefined>;
/**
* The date and time of the creation of the policy.
*/
createdAt?: pulumi.Input<string | undefined>;
/**
* The description of the IAM policy.
*/
description?: pulumi.Input<string | undefined>;
/**
* Whether the policy is editable.
*/
editable?: pulumi.Input<boolean | undefined>;
/**
* ID of the group the policy will be linked to
*/
groupId?: pulumi.Input<string | undefined>;
/**
* The name of the IAM policy.
*/
name?: pulumi.Input<string | undefined>;
/**
* If the policy doesn't apply to a principal.
*
* > **Important** Only one of `userId`, `groupId`, `applicationId` and `noPrincipal` may be set.
*/
noPrincipal?: pulumi.Input<boolean | undefined>;
/**
* `organizationId`) The ID of the organization the policy is associated with.
*/
organizationId?: pulumi.Input<string | undefined>;
/**
* List of rules in the policy.
*/
rules?: pulumi.Input<pulumi.Input<inputs.iam.PolicyRule>[] | undefined>;
/**
* The tags associated with the IAM policy.
*/
tags?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* The date and time of the last update of the policy.
*/
updatedAt?: pulumi.Input<string | undefined>;
/**
* ID of the user the policy will be linked to
*/
userId?: pulumi.Input<string | undefined>;
}
/**
* The set of arguments for constructing a Policy resource.
*/
export interface PolicyArgs {
/**
* ID of the application the policy will be linked to
*/
applicationId?: pulumi.Input<string | undefined>;
/**
* The description of the IAM policy.
*/
description?: pulumi.Input<string | undefined>;
/**
* ID of the group the policy will be linked to
*/
groupId?: pulumi.Input<string | undefined>;
/**
* The name of the IAM policy.
*/
name?: pulumi.Input<string | undefined>;
/**
* If the policy doesn't apply to a principal.
*
* > **Important** Only one of `userId`, `groupId`, `applicationId` and `noPrincipal` may be set.
*/
noPrincipal?: pulumi.Input<boolean | undefined>;
/**
* `organizationId`) The ID of the organization the policy is associated with.
*/
organizationId?: pulumi.Input<string | undefined>;
/**
* List of rules in the policy.
*/
rules: pulumi.Input<pulumi.Input<inputs.iam.PolicyRule>[]>;
/**
* The tags associated with the IAM policy.
*/
tags?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* ID of the user the policy will be linked to
*/
userId?: pulumi.Input<string | undefined>;
}
//# sourceMappingURL=policy.d.ts.map