1. Docs
  2. Reference
  3. API
  4. Vault
  5. GetPolicyDocument

GetPolicyDocument

This is a data source which can be used to construct a HCL representation of an Vault policy document, for use with resources which expect policy documents, such as the vault..Policy resource.

Example Usage

using Pulumi;
using Vault = Pulumi.Vault;

class MyStack : Stack
{
    public MyStack()
    {
        var examplePolicyDocument = Output.Create(Vault.GetPolicyDocument.InvokeAsync(new Vault.GetPolicyDocumentArgs
        {
            Rules = 
            {
                new Vault.Inputs.GetPolicyDocumentRuleArgs
                {
                    Capabilities = 
                    {
                        "create",
                        "read",
                        "update",
                        "delete",
                        "list",
                    },
                    Description = "allow all on secrets",
                    Path = "secret/*",
                },
            },
        }));
        var examplePolicy = new Vault.Policy("examplePolicy", new Vault.PolicyArgs
        {
            Policy = examplePolicyDocument.Apply(examplePolicyDocument => examplePolicyDocument.Hcl),
        });
    }

}

Coming soon!

import pulumi
import pulumi_vault as vault

example_policy_document = vault.get_policy_document(rules=[{
    "capabilities": [
        "create",
        "read",
        "update",
        "delete",
        "list",
    ],
    "description": "allow all on secrets",
    "path": "secret/*",
}])
example_policy = vault.Policy("examplePolicy", policy=example_policy_document.hcl)
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const examplePolicyDocument = pulumi.output(vault.getPolicyDocument({
    rules: [{
        capabilities: [
            "create",
            "read",
            "update",
            "delete",
            "list",
        ],
        description: "allow all on secrets",
        path: "secret/*",
    }],
}, { async: true }));
const examplePolicy = new vault.Policy("example", {
    policy: examplePolicyDocument.hcl,
});

Using GetPolicyDocument

function getPolicyDocument(args: GetPolicyDocumentArgs, opts?: InvokeOptions): Promise<GetPolicyDocumentResult>
function  get_policy_document(rules=None, opts=None)
func GetPolicyDocument(ctx *Context, args *GetPolicyDocumentArgs, opts ...InvokeOption) (*GetPolicyDocumentResult, error)
public static class GetPolicyDocument {
    public static Task<GetPolicyDocumentResult> InvokeAsync(GetPolicyDocumentArgs args, InvokeOptions? opts = null)
}

The following arguments are supported:

Rules List<GetPolicyDocumentRuleArgs>
Rules []GetPolicyDocumentRule
rules GetPolicyDocumentRule[]
rules List[GetPolicyDocumentRule]

GetPolicyDocument Result

The following output properties are available:

Hcl string

The above arguments serialized as a standard Vault HCL policy document.

Id string

The provider-assigned unique ID for this managed resource.

Rules List<GetPolicyDocumentRule>
Hcl string

The above arguments serialized as a standard Vault HCL policy document.

Id string

The provider-assigned unique ID for this managed resource.

Rules []GetPolicyDocumentRule
hcl string

The above arguments serialized as a standard Vault HCL policy document.

id string

The provider-assigned unique ID for this managed resource.

rules GetPolicyDocumentRule[]
hcl str

The above arguments serialized as a standard Vault HCL policy document.

id str

The provider-assigned unique ID for this managed resource.

rules List[GetPolicyDocumentRule]

Supporting Types

GetPolicyDocumentRule

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Capabilities List<string>

A list of capabilities that this rule apply to path. For example, [“read”, “write”].

Path string

A path in Vault that this rule applies to.

AllowedParameters List<GetPolicyDocumentRuleAllowedParameterArgs>

Whitelists a list of keys and values that are permitted on the given path. See Parameters below.

DeniedParameters List<GetPolicyDocumentRuleDeniedParameterArgs>

Blacklists a list of parameter and values. Any values specified here take precedence over allowed_parameter. See Parameters below.

Description string

Description of the rule. Will be added as a commend to rendered rule.

MaxWrappingTtl string

The maximum allowed TTL that clients can specify for a wrapped response.

MinWrappingTtl string

The minimum allowed TTL that clients can specify for a wrapped response.

RequiredParameters List<string>

A list of parameters that must be specified.

Capabilities []string

A list of capabilities that this rule apply to path. For example, [“read”, “write”].

Path string

A path in Vault that this rule applies to.

AllowedParameters []GetPolicyDocumentRuleAllowedParameter

Whitelists a list of keys and values that are permitted on the given path. See Parameters below.

DeniedParameters []GetPolicyDocumentRuleDeniedParameter

Blacklists a list of parameter and values. Any values specified here take precedence over allowed_parameter. See Parameters below.

Description string

Description of the rule. Will be added as a commend to rendered rule.

MaxWrappingTtl string

The maximum allowed TTL that clients can specify for a wrapped response.

MinWrappingTtl string

The minimum allowed TTL that clients can specify for a wrapped response.

RequiredParameters []string

A list of parameters that must be specified.

capabilities string[]

A list of capabilities that this rule apply to path. For example, [“read”, “write”].

path string

A path in Vault that this rule applies to.

allowedParameters GetPolicyDocumentRuleAllowedParameter[]

Whitelists a list of keys and values that are permitted on the given path. See Parameters below.

deniedParameters GetPolicyDocumentRuleDeniedParameter[]

Blacklists a list of parameter and values. Any values specified here take precedence over allowed_parameter. See Parameters below.

description string

Description of the rule. Will be added as a commend to rendered rule.

maxWrappingTtl string

The maximum allowed TTL that clients can specify for a wrapped response.

minWrappingTtl string

The minimum allowed TTL that clients can specify for a wrapped response.

requiredParameters string[]

A list of parameters that must be specified.

capabilities List[str]

A list of capabilities that this rule apply to path. For example, [“read”, “write”].

path str

A path in Vault that this rule applies to.

allowedParameters List[GetPolicyDocumentRuleAllowedParameter]

Whitelists a list of keys and values that are permitted on the given path. See Parameters below.

deniedParameters List[GetPolicyDocumentRuleDeniedParameter]

Blacklists a list of parameter and values. Any values specified here take precedence over allowed_parameter. See Parameters below.

description str

Description of the rule. Will be added as a commend to rendered rule.

maxWrappingTtl str

The maximum allowed TTL that clients can specify for a wrapped response.

minWrappingTtl str

The minimum allowed TTL that clients can specify for a wrapped response.

requiredParameters List[str]

A list of parameters that must be specified.

GetPolicyDocumentRuleAllowedParameter

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Key string

name of permitted or denied parameter.

Values List<string>

list of values what are permitted or denied by policy rule.

Key string

name of permitted or denied parameter.

Values []string

list of values what are permitted or denied by policy rule.

key string

name of permitted or denied parameter.

values string[]

list of values what are permitted or denied by policy rule.

key str

name of permitted or denied parameter.

values List[str]

list of values what are permitted or denied by policy rule.

GetPolicyDocumentRuleDeniedParameter

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Key string

name of permitted or denied parameter.

Values List<string>

list of values what are permitted or denied by policy rule.

Key string

name of permitted or denied parameter.

Values []string

list of values what are permitted or denied by policy rule.

key string

name of permitted or denied parameter.

values string[]

list of values what are permitted or denied by policy rule.

key str

name of permitted or denied parameter.

values List[str]

list of values what are permitted or denied by policy rule.

Package Details

Repository
https://github.com/pulumi/pulumi-vault
License
Apache-2.0
Notes
This Pulumi package is based on the vault Terraform Provider.