1. Packages
  2. Ucloud Provider
  3. API Docs
  4. getIamPolicyDocument
ucloud 1.39.1 published on Monday, Apr 14, 2025 by ucloud

ucloud.getIamPolicyDocument

Explore with Pulumi AI

Generates an IAM policy document in JSON format for use with resources that expect policy documents such as ucloud_iam_policy.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as ucloud from "@pulumi/ucloud";

const fooIamPolicyDocument = ucloud.getIamPolicyDocument({
    version: "1",
    statements: [
        {
            effect: "Allow",
            actions: [
                "uhost:TerminateUHostInstance",
                "uhost:DeleteIsolationGroup",
            ],
            resources: ["ucs:uhost:*:<company-id>:instance/uhost-xxx"],
        },
        {
            effect: "Allow",
            actions: ["uhost:DescribeUHostInstance"],
            resources: ["*"],
        },
    ],
});
const fooIamPolicy = new ucloud.IamPolicy("fooIamPolicy", {
    comment: "comment",
    policy: fooIamPolicyDocument.then(fooIamPolicyDocument => fooIamPolicyDocument.json),
    scope: "Project",
});
Copy
import pulumi
import pulumi_ucloud as ucloud

foo_iam_policy_document = ucloud.get_iam_policy_document(version="1",
    statements=[
        {
            "effect": "Allow",
            "actions": [
                "uhost:TerminateUHostInstance",
                "uhost:DeleteIsolationGroup",
            ],
            "resources": ["ucs:uhost:*:<company-id>:instance/uhost-xxx"],
        },
        {
            "effect": "Allow",
            "actions": ["uhost:DescribeUHostInstance"],
            "resources": ["*"],
        },
    ])
foo_iam_policy = ucloud.IamPolicy("fooIamPolicy",
    comment="comment",
    policy=foo_iam_policy_document.json,
    scope="Project")
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ucloud/ucloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		fooIamPolicyDocument, err := ucloud.GetIamPolicyDocument(ctx, &ucloud.GetIamPolicyDocumentArgs{
			Version: pulumi.StringRef("1"),
			Statements: []ucloud.GetIamPolicyDocumentStatement{
				{
					Effect: pulumi.StringRef("Allow"),
					Actions: []string{
						"uhost:TerminateUHostInstance",
						"uhost:DeleteIsolationGroup",
					},
					Resources: []string{
						"ucs:uhost:*:<company-id>:instance/uhost-xxx",
					},
				},
				{
					Effect: pulumi.StringRef("Allow"),
					Actions: []string{
						"uhost:DescribeUHostInstance",
					},
					Resources: []string{
						"*",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = ucloud.NewIamPolicy(ctx, "fooIamPolicy", &ucloud.IamPolicyArgs{
			Comment: pulumi.String("comment"),
			Policy:  pulumi.String(fooIamPolicyDocument.Json),
			Scope:   pulumi.String("Project"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ucloud = Pulumi.Ucloud;

return await Deployment.RunAsync(() => 
{
    var fooIamPolicyDocument = Ucloud.GetIamPolicyDocument.Invoke(new()
    {
        Version = "1",
        Statements = new[]
        {
            new Ucloud.Inputs.GetIamPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Actions = new[]
                {
                    "uhost:TerminateUHostInstance",
                    "uhost:DeleteIsolationGroup",
                },
                Resources = new[]
                {
                    "ucs:uhost:*:<company-id>:instance/uhost-xxx",
                },
            },
            new Ucloud.Inputs.GetIamPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Actions = new[]
                {
                    "uhost:DescribeUHostInstance",
                },
                Resources = new[]
                {
                    "*",
                },
            },
        },
    });

    var fooIamPolicy = new Ucloud.IamPolicy("fooIamPolicy", new()
    {
        Comment = "comment",
        Policy = fooIamPolicyDocument.Apply(getIamPolicyDocumentResult => getIamPolicyDocumentResult.Json),
        Scope = "Project",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ucloud.UcloudFunctions;
import com.pulumi.ucloud.inputs.GetIamPolicyDocumentArgs;
import com.pulumi.ucloud.IamPolicy;
import com.pulumi.ucloud.IamPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var fooIamPolicyDocument = UcloudFunctions.getIamPolicyDocument(GetIamPolicyDocumentArgs.builder()
            .version("1")
            .statements(            
                GetIamPolicyDocumentStatementArgs.builder()
                    .effect("Allow")
                    .actions(                    
                        "uhost:TerminateUHostInstance",
                        "uhost:DeleteIsolationGroup")
                    .resources("ucs:uhost:*:<company-id>:instance/uhost-xxx")
                    .build(),
                GetIamPolicyDocumentStatementArgs.builder()
                    .effect("Allow")
                    .actions("uhost:DescribeUHostInstance")
                    .resources("*")
                    .build())
            .build());

        var fooIamPolicy = new IamPolicy("fooIamPolicy", IamPolicyArgs.builder()
            .comment("comment")
            .policy(fooIamPolicyDocument.applyValue(getIamPolicyDocumentResult -> getIamPolicyDocumentResult.json()))
            .scope("Project")
            .build());

    }
}
Copy
resources:
  fooIamPolicy:
    type: ucloud:IamPolicy
    properties:
      comment: comment
      policy: ${fooIamPolicyDocument.json}
      scope: Project
variables:
  fooIamPolicyDocument:
    fn::invoke:
      function: ucloud:getIamPolicyDocument
      arguments:
        version: '1'
        statements:
          - effect: Allow
            actions:
              - uhost:TerminateUHostInstance
              - uhost:DeleteIsolationGroup
            resources:
              - ucs:uhost:*:<company-id>:instance/uhost-xxx
          - effect: Allow
            actions:
              - uhost:DescribeUHostInstance
            resources:
              - '*'
Copy

Using getIamPolicyDocument

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getIamPolicyDocument(args: GetIamPolicyDocumentArgs, opts?: InvokeOptions): Promise<GetIamPolicyDocumentResult>
function getIamPolicyDocumentOutput(args: GetIamPolicyDocumentOutputArgs, opts?: InvokeOptions): Output<GetIamPolicyDocumentResult>
Copy
def get_iam_policy_document(id: Optional[str] = None,
                            output_file: Optional[str] = None,
                            statements: Optional[Sequence[GetIamPolicyDocumentStatement]] = None,
                            version: Optional[str] = None,
                            opts: Optional[InvokeOptions] = None) -> GetIamPolicyDocumentResult
def get_iam_policy_document_output(id: Optional[pulumi.Input[str]] = None,
                            output_file: Optional[pulumi.Input[str]] = None,
                            statements: Optional[pulumi.Input[Sequence[pulumi.Input[GetIamPolicyDocumentStatementArgs]]]] = None,
                            version: Optional[pulumi.Input[str]] = None,
                            opts: Optional[InvokeOptions] = None) -> Output[GetIamPolicyDocumentResult]
Copy
func GetIamPolicyDocument(ctx *Context, args *GetIamPolicyDocumentArgs, opts ...InvokeOption) (*GetIamPolicyDocumentResult, error)
func GetIamPolicyDocumentOutput(ctx *Context, args *GetIamPolicyDocumentOutputArgs, opts ...InvokeOption) GetIamPolicyDocumentResultOutput
Copy

> Note: This function is named GetIamPolicyDocument in the Go SDK.

public static class GetIamPolicyDocument 
{
    public static Task<GetIamPolicyDocumentResult> InvokeAsync(GetIamPolicyDocumentArgs args, InvokeOptions? opts = null)
    public static Output<GetIamPolicyDocumentResult> Invoke(GetIamPolicyDocumentInvokeArgs args, InvokeOptions? opts = null)
}
Copy
public static CompletableFuture<GetIamPolicyDocumentResult> getIamPolicyDocument(GetIamPolicyDocumentArgs args, InvokeOptions options)
public static Output<GetIamPolicyDocumentResult> getIamPolicyDocument(GetIamPolicyDocumentArgs args, InvokeOptions options)
Copy
fn::invoke:
  function: ucloud:index/getIamPolicyDocument:getIamPolicyDocument
  arguments:
    # arguments dictionary
Copy

The following arguments are supported:

Id string
OutputFile string
File name where to save data source results (after running pulumi preview).
Statements List<GetIamPolicyDocumentStatement>
Statement of the IAM policy document. See the following Block statement.
Version string
Version of the IAM policy document. Valid value is 1. Default value is 1.
Id string
OutputFile string
File name where to save data source results (after running pulumi preview).
Statements []GetIamPolicyDocumentStatement
Statement of the IAM policy document. See the following Block statement.
Version string
Version of the IAM policy document. Valid value is 1. Default value is 1.
id String
outputFile String
File name where to save data source results (after running pulumi preview).
statements List<GetIamPolicyDocumentStatement>
Statement of the IAM policy document. See the following Block statement.
version String
Version of the IAM policy document. Valid value is 1. Default value is 1.
id string
outputFile string
File name where to save data source results (after running pulumi preview).
statements GetIamPolicyDocumentStatement[]
Statement of the IAM policy document. See the following Block statement.
version string
Version of the IAM policy document. Valid value is 1. Default value is 1.
id str
output_file str
File name where to save data source results (after running pulumi preview).
statements Sequence[GetIamPolicyDocumentStatement]
Statement of the IAM policy document. See the following Block statement.
version str
Version of the IAM policy document. Valid value is 1. Default value is 1.
id String
outputFile String
File name where to save data source results (after running pulumi preview).
statements List<Property Map>
Statement of the IAM policy document. See the following Block statement.
version String
Version of the IAM policy document. Valid value is 1. Default value is 1.

getIamPolicyDocument Result

The following output properties are available:

Id string
Json string
Policy JSON representation rendered based on the arguments above.
OutputFile string
Statements List<GetIamPolicyDocumentStatement>
Version string
Id string
Json string
Policy JSON representation rendered based on the arguments above.
OutputFile string
Statements []GetIamPolicyDocumentStatement
Version string
id String
json String
Policy JSON representation rendered based on the arguments above.
outputFile String
statements List<GetIamPolicyDocumentStatement>
version String
id string
json string
Policy JSON representation rendered based on the arguments above.
outputFile string
statements GetIamPolicyDocumentStatement[]
version string
id str
json str
Policy JSON representation rendered based on the arguments above.
output_file str
statements Sequence[GetIamPolicyDocumentStatement]
version str
id String
json String
Policy JSON representation rendered based on the arguments above.
outputFile String
statements List<Property Map>
version String

Supporting Types

GetIamPolicyDocumentStatement

Actions This property is required. List<string>
Actions list of the IAM policy document. The format is <product-name>:<api-name>
Effect string
This parameter indicates whether the action is allowed. Valid values are Allow and Deny. Default value is Allow.
Resources List<string>
List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be ucs:uhost:*:<company-id>:instance/<uhost-id> or ucs:ucdn:*:<company-id>:instance/<domain-id>
Actions This property is required. []string
Actions list of the IAM policy document. The format is <product-name>:<api-name>
Effect string
This parameter indicates whether the action is allowed. Valid values are Allow and Deny. Default value is Allow.
Resources []string
List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be ucs:uhost:*:<company-id>:instance/<uhost-id> or ucs:ucdn:*:<company-id>:instance/<domain-id>
actions This property is required. List<String>
Actions list of the IAM policy document. The format is <product-name>:<api-name>
effect String
This parameter indicates whether the action is allowed. Valid values are Allow and Deny. Default value is Allow.
resources List<String>
List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be ucs:uhost:*:<company-id>:instance/<uhost-id> or ucs:ucdn:*:<company-id>:instance/<domain-id>
actions This property is required. string[]
Actions list of the IAM policy document. The format is <product-name>:<api-name>
effect string
This parameter indicates whether the action is allowed. Valid values are Allow and Deny. Default value is Allow.
resources string[]
List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be ucs:uhost:*:<company-id>:instance/<uhost-id> or ucs:ucdn:*:<company-id>:instance/<domain-id>
actions This property is required. Sequence[str]
Actions list of the IAM policy document. The format is <product-name>:<api-name>
effect str
This parameter indicates whether the action is allowed. Valid values are Allow and Deny. Default value is Allow.
resources Sequence[str]
List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be ucs:uhost:*:<company-id>:instance/<uhost-id> or ucs:ucdn:*:<company-id>:instance/<domain-id>
actions This property is required. List<String>
Actions list of the IAM policy document. The format is <product-name>:<api-name>
effect String
This parameter indicates whether the action is allowed. Valid values are Allow and Deny. Default value is Allow.
resources List<String>
List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be ucs:uhost:*:<company-id>:instance/<uhost-id> or ucs:ucdn:*:<company-id>:instance/<domain-id>

Package Details

Repository
ucloud ucloud/terraform-provider-ucloud
License
Notes
This Pulumi package is based on the ucloud Terraform Provider.