Docs Home
StrongDM v1.21.0 published on Monday, Nov 4, 2024 by Piers Karsenbarg
sdm.Policy
Explore with Pulumi AI
Policy is a collection of one or more statements that enforce fine-grained access control for the users of an organization.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as sdm from "@pierskarsenbarg/sdm";
const permitEverything = new sdm.Policy("permitEverything", {
description: "this policy permits everything",
policyContent: `permit(principal, action, resource);
`,
});
import pulumi
import pierskarsenbarg_pulumi_sdm as sdm
permit_everything = sdm.Policy("permitEverything",
description="this policy permits everything",
policy_content="""permit(principal, action, resource);
""")
package main
import (
"github.com/pierskarsenbarg/pulumi-sdm/sdk/go/sdm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sdm.NewPolicy(ctx, "permitEverything", &sdm.PolicyArgs{
Description: pulumi.String("this policy permits everything"),
PolicyContent: pulumi.String("permit(principal, action, resource);\n\n"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sdm = PiersKarsenbarg.Sdm;
return await Deployment.RunAsync(() =>
{
var permitEverything = new Sdm.Policy("permitEverything", new()
{
Description = "this policy permits everything",
PolicyContent = @"permit(principal, action, resource);
",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sdm.Policy;
import com.pulumi.sdm.PolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var permitEverything = new Policy("permitEverything", PolicyArgs.builder()
.description("this policy permits everything")
.policyContent("""
permit(principal, action, resource);
""")
.build());
}
}
resources:
permitEverything:
type: sdm:Policy
properties:
description: this policy permits everything
policyContent: |+
permit(principal, action, resource);
This resource can be imported using the import command.
Create Policy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Policy(name: string, args?: PolicyArgs, opts?: CustomResourceOptions);@overload
def Policy(resource_name: str,
args: Optional[PolicyArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Policy(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
name: Optional[str] = None,
policy_content: Optional[str] = None)func NewPolicy(ctx *Context, name string, args *PolicyArgs, opts ...ResourceOption) (*Policy, error)public Policy(string name, PolicyArgs? args = null, CustomResourceOptions? opts = null)
public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)
type: sdm:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyResource = new Sdm.Policy("policyResource", new()
{
Description = "string",
Name = "string",
PolicyContent = "string",
});
example, err := sdm.NewPolicy(ctx, "policyResource", &sdm.PolicyArgs{
Description: pulumi.String("string"),
Name: pulumi.String("string"),
PolicyContent: pulumi.String("string"),
})
var policyResource = new Policy("policyResource", PolicyArgs.builder()
.description("string")
.name("string")
.policyContent("string")
.build());
policy_resource = sdm.Policy("policyResource",
description="string",
name="string",
policy_content="string")
const policyResource = new sdm.Policy("policyResource", {
description: "string",
name: "string",
policyContent: "string",
});
type: sdm:Policy
properties:
description: string
name: string
policyContent: string
Policy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Policy resource accepts the following input properties:
- Description string
- Optional description of the Policy.
- Name string
- Unique human-readable name of the Policy.
- Policy
Content string - The content of the Policy, in Cedar policy language.
- Description string
- Optional description of the Policy.
- Name string
- Unique human-readable name of the Policy.
- Policy
Content string - The content of the Policy, in Cedar policy language.
- description String
- Optional description of the Policy.
- name String
- Unique human-readable name of the Policy.
- policy
Content String - The content of the Policy, in Cedar policy language.
- description string
- Optional description of the Policy.
- name string
- Unique human-readable name of the Policy.
- policy
Content string - The content of the Policy, in Cedar policy language.
- description str
- Optional description of the Policy.
- name str
- Unique human-readable name of the Policy.
- policy_
content str - The content of the Policy, in Cedar policy language.
- description String
- Optional description of the Policy.
- name String
- Unique human-readable name of the Policy.
- policy
Content String - The content of the Policy, in Cedar policy language.
Outputs
All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Policy Resource
Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
name: Optional[str] = None,
policy_content: Optional[str] = None) -> Policyfunc GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)public static Policy get(String name, Output<String> id, PolicyState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Description string
- Optional description of the Policy.
- Name string
- Unique human-readable name of the Policy.
- Policy
Content string - The content of the Policy, in Cedar policy language.
- Description string
- Optional description of the Policy.
- Name string
- Unique human-readable name of the Policy.
- Policy
Content string - The content of the Policy, in Cedar policy language.
- description String
- Optional description of the Policy.
- name String
- Unique human-readable name of the Policy.
- policy
Content String - The content of the Policy, in Cedar policy language.
- description string
- Optional description of the Policy.
- name string
- Unique human-readable name of the Policy.
- policy
Content string - The content of the Policy, in Cedar policy language.
- description str
- Optional description of the Policy.
- name str
- Unique human-readable name of the Policy.
- policy_
content str - The content of the Policy, in Cedar policy language.
- description String
- Optional description of the Policy.
- name String
- Unique human-readable name of the Policy.
- policy
Content String - The content of the Policy, in Cedar policy language.
Import
A Policy can be imported using the id, e.g.,
$ pulumi import sdm:index/policy:Policy example po-12345678
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- sdm pierskarsenbarg/pulumi-sdm
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
sdmTerraform Provider.