Docs Home
ucloud 1.39.1 published on Monday, Apr 14, 2025 by ucloud
ucloud.getIamPolicyDocument
Explore with Pulumi AI
Generates an IAM policy document in JSON format for use with resources that expect policy documents such as ucloud_iam_policy.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as ucloud from "@pulumi/ucloud";
const fooIamPolicyDocument = ucloud.getIamPolicyDocument({
version: "1",
statements: [
{
effect: "Allow",
actions: [
"uhost:TerminateUHostInstance",
"uhost:DeleteIsolationGroup",
],
resources: ["ucs:uhost:*:<company-id>:instance/uhost-xxx"],
},
{
effect: "Allow",
actions: ["uhost:DescribeUHostInstance"],
resources: ["*"],
},
],
});
const fooIamPolicy = new ucloud.IamPolicy("fooIamPolicy", {
comment: "comment",
policy: fooIamPolicyDocument.then(fooIamPolicyDocument => fooIamPolicyDocument.json),
scope: "Project",
});
import pulumi
import pulumi_ucloud as ucloud
foo_iam_policy_document = ucloud.get_iam_policy_document(version="1",
statements=[
{
"effect": "Allow",
"actions": [
"uhost:TerminateUHostInstance",
"uhost:DeleteIsolationGroup",
],
"resources": ["ucs:uhost:*:<company-id>:instance/uhost-xxx"],
},
{
"effect": "Allow",
"actions": ["uhost:DescribeUHostInstance"],
"resources": ["*"],
},
])
foo_iam_policy = ucloud.IamPolicy("fooIamPolicy",
comment="comment",
policy=foo_iam_policy_document.json,
scope="Project")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ucloud/ucloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
fooIamPolicyDocument, err := ucloud.GetIamPolicyDocument(ctx, &ucloud.GetIamPolicyDocumentArgs{
Version: pulumi.StringRef("1"),
Statements: []ucloud.GetIamPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Actions: []string{
"uhost:TerminateUHostInstance",
"uhost:DeleteIsolationGroup",
},
Resources: []string{
"ucs:uhost:*:<company-id>:instance/uhost-xxx",
},
},
{
Effect: pulumi.StringRef("Allow"),
Actions: []string{
"uhost:DescribeUHostInstance",
},
Resources: []string{
"*",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = ucloud.NewIamPolicy(ctx, "fooIamPolicy", &ucloud.IamPolicyArgs{
Comment: pulumi.String("comment"),
Policy: pulumi.String(fooIamPolicyDocument.Json),
Scope: pulumi.String("Project"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ucloud = Pulumi.Ucloud;
return await Deployment.RunAsync(() =>
{
var fooIamPolicyDocument = Ucloud.GetIamPolicyDocument.Invoke(new()
{
Version = "1",
Statements = new[]
{
new Ucloud.Inputs.GetIamPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"uhost:TerminateUHostInstance",
"uhost:DeleteIsolationGroup",
},
Resources = new[]
{
"ucs:uhost:*:<company-id>:instance/uhost-xxx",
},
},
new Ucloud.Inputs.GetIamPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"uhost:DescribeUHostInstance",
},
Resources = new[]
{
"*",
},
},
},
});
var fooIamPolicy = new Ucloud.IamPolicy("fooIamPolicy", new()
{
Comment = "comment",
Policy = fooIamPolicyDocument.Apply(getIamPolicyDocumentResult => getIamPolicyDocumentResult.Json),
Scope = "Project",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ucloud.UcloudFunctions;
import com.pulumi.ucloud.inputs.GetIamPolicyDocumentArgs;
import com.pulumi.ucloud.IamPolicy;
import com.pulumi.ucloud.IamPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var fooIamPolicyDocument = UcloudFunctions.getIamPolicyDocument(GetIamPolicyDocumentArgs.builder()
.version("1")
.statements(
GetIamPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions(
"uhost:TerminateUHostInstance",
"uhost:DeleteIsolationGroup")
.resources("ucs:uhost:*:<company-id>:instance/uhost-xxx")
.build(),
GetIamPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("uhost:DescribeUHostInstance")
.resources("*")
.build())
.build());
var fooIamPolicy = new IamPolicy("fooIamPolicy", IamPolicyArgs.builder()
.comment("comment")
.policy(fooIamPolicyDocument.applyValue(getIamPolicyDocumentResult -> getIamPolicyDocumentResult.json()))
.scope("Project")
.build());
}
}
resources:
fooIamPolicy:
type: ucloud:IamPolicy
properties:
comment: comment
policy: ${fooIamPolicyDocument.json}
scope: Project
variables:
fooIamPolicyDocument:
fn::invoke:
function: ucloud:getIamPolicyDocument
arguments:
version: '1'
statements:
- effect: Allow
actions:
- uhost:TerminateUHostInstance
- uhost:DeleteIsolationGroup
resources:
- ucs:uhost:*:<company-id>:instance/uhost-xxx
- effect: Allow
actions:
- uhost:DescribeUHostInstance
resources:
- '*'
Using getIamPolicyDocument
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getIamPolicyDocument(args: GetIamPolicyDocumentArgs, opts?: InvokeOptions): Promise<GetIamPolicyDocumentResult>
function getIamPolicyDocumentOutput(args: GetIamPolicyDocumentOutputArgs, opts?: InvokeOptions): Output<GetIamPolicyDocumentResult>def get_iam_policy_document(id: Optional[str] = None,
output_file: Optional[str] = None,
statements: Optional[Sequence[GetIamPolicyDocumentStatement]] = None,
version: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetIamPolicyDocumentResult
def get_iam_policy_document_output(id: Optional[pulumi.Input[str]] = None,
output_file: Optional[pulumi.Input[str]] = None,
statements: Optional[pulumi.Input[Sequence[pulumi.Input[GetIamPolicyDocumentStatementArgs]]]] = None,
version: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetIamPolicyDocumentResult]func GetIamPolicyDocument(ctx *Context, args *GetIamPolicyDocumentArgs, opts ...InvokeOption) (*GetIamPolicyDocumentResult, error)
func GetIamPolicyDocumentOutput(ctx *Context, args *GetIamPolicyDocumentOutputArgs, opts ...InvokeOption) GetIamPolicyDocumentResultOutput> Note: This function is named GetIamPolicyDocument in the Go SDK.
public static class GetIamPolicyDocument
{
public static Task<GetIamPolicyDocumentResult> InvokeAsync(GetIamPolicyDocumentArgs args, InvokeOptions? opts = null)
public static Output<GetIamPolicyDocumentResult> Invoke(GetIamPolicyDocumentInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetIamPolicyDocumentResult> getIamPolicyDocument(GetIamPolicyDocumentArgs args, InvokeOptions options)
public static Output<GetIamPolicyDocumentResult> getIamPolicyDocument(GetIamPolicyDocumentArgs args, InvokeOptions options)
fn::invoke:
function: ucloud:index/getIamPolicyDocument:getIamPolicyDocument
arguments:
# arguments dictionaryThe following arguments are supported:
- Id string
- Output
File string - File name where to save data source results (after running pulumi preview).
- Statements
List<Get
Iam Policy Document Statement> - Statement of the IAM policy document. See the following Block statement.
- Version string
- Version of the IAM policy document. Valid value is 1. Default value is 1.
- Id string
- Output
File string - File name where to save data source results (after running pulumi preview).
- Statements
[]Get
Iam Policy Document Statement - Statement of the IAM policy document. See the following Block statement.
- Version string
- Version of the IAM policy document. Valid value is 1. Default value is 1.
- id String
- output
File String - File name where to save data source results (after running pulumi preview).
- statements
List<Get
Iam Policy Document Statement> - Statement of the IAM policy document. See the following Block statement.
- version String
- Version of the IAM policy document. Valid value is 1. Default value is 1.
- id string
- output
File string - File name where to save data source results (after running pulumi preview).
- statements
Get
Iam Policy Document Statement[] - Statement of the IAM policy document. See the following Block statement.
- version string
- Version of the IAM policy document. Valid value is 1. Default value is 1.
- id str
- output_
file str - File name where to save data source results (after running pulumi preview).
- statements
Sequence[Get
Iam Policy Document Statement] - Statement of the IAM policy document. See the following Block statement.
- version str
- Version of the IAM policy document. Valid value is 1. Default value is 1.
- id String
- output
File String - File name where to save data source results (after running pulumi preview).
- statements List<Property Map>
- Statement of the IAM policy document. See the following Block statement.
- version String
- Version of the IAM policy document. Valid value is 1. Default value is 1.
getIamPolicyDocument Result
The following output properties are available:
- Id string
- Json string
- Policy JSON representation rendered based on the arguments above.
- Output
File string - Statements
List<Get
Iam Policy Document Statement> - Version string
- Id string
- Json string
- Policy JSON representation rendered based on the arguments above.
- Output
File string - Statements
[]Get
Iam Policy Document Statement - Version string
- id String
- json String
- Policy JSON representation rendered based on the arguments above.
- output
File String - statements
List<Get
Iam Policy Document Statement> - version String
- id string
- json string
- Policy JSON representation rendered based on the arguments above.
- output
File string - statements
Get
Iam Policy Document Statement[] - version string
- id str
- json str
- Policy JSON representation rendered based on the arguments above.
- output_
file str - statements
Sequence[Get
Iam Policy Document Statement] - version str
- id String
- json String
- Policy JSON representation rendered based on the arguments above.
- output
File String - statements List<Property Map>
- version String
Supporting Types
GetIamPolicyDocumentStatement
- Actions
This property is required. List<string> - Actions list of the IAM policy document. The format is
<product-name>:<api-name> - Effect string
- This parameter indicates whether the
actionis allowed. Valid values areAllowandDeny. Default value isAllow. - Resources List<string>
- List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be
ucs:uhost:*:<company-id>:instance/<uhost-id>orucs:ucdn:*:<company-id>:instance/<domain-id>
- Actions
This property is required. []string - Actions list of the IAM policy document. The format is
<product-name>:<api-name> - Effect string
- This parameter indicates whether the
actionis allowed. Valid values areAllowandDeny. Default value isAllow. - Resources []string
- List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be
ucs:uhost:*:<company-id>:instance/<uhost-id>orucs:ucdn:*:<company-id>:instance/<domain-id>
- actions
This property is required. List<String> - Actions list of the IAM policy document. The format is
<product-name>:<api-name> - effect String
- This parameter indicates whether the
actionis allowed. Valid values areAllowandDeny. Default value isAllow. - resources List<String>
- List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be
ucs:uhost:*:<company-id>:instance/<uhost-id>orucs:ucdn:*:<company-id>:instance/<domain-id>
- actions
This property is required. string[] - Actions list of the IAM policy document. The format is
<product-name>:<api-name> - effect string
- This parameter indicates whether the
actionis allowed. Valid values areAllowandDeny. Default value isAllow. - resources string[]
- List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be
ucs:uhost:*:<company-id>:instance/<uhost-id>orucs:ucdn:*:<company-id>:instance/<domain-id>
- actions
This property is required. Sequence[str] - Actions list of the IAM policy document. The format is
<product-name>:<api-name> - effect str
- This parameter indicates whether the
actionis allowed. Valid values areAllowandDeny. Default value isAllow. - resources Sequence[str]
- List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be
ucs:uhost:*:<company-id>:instance/<uhost-id>orucs:ucdn:*:<company-id>:instance/<domain-id>
- actions
This property is required. List<String> - Actions list of the IAM policy document. The format is
<product-name>:<api-name> - effect String
- This parameter indicates whether the
actionis allowed. Valid values areAllowandDeny. Default value isAllow. - resources List<String>
- List of specific objects which will be authorized. Now UHost and UCDN resource are supported. The resource name can be
ucs:uhost:*:<company-id>:instance/<uhost-id>orucs:ucdn:*:<company-id>:instance/<domain-id>
Package Details
- Repository
- ucloud ucloud/terraform-provider-ucloud
- License
- Notes
- This Pulumi package is based on the
ucloudTerraform Provider.