import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * Creates and manages Scaleway IAM Policies. For more information refer to the [IAM API documentation](https://www.scaleway.com/en/developers/api/iam/#path-policies-create-a-new-policy). * * > You can find a detailed list of all permission sets available at Scaleway in the permission sets [reference page](https://www.scaleway.com/en/docs/identity-and-access-management/iam/reference-content/permission-sets/). * * ## Example Usage * * ### Create a policy for an organization's project * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as scaleway from "@ediri/scaleway"; * import * as scaleway from "@pulumi/scaleway"; * * const default = scaleway.getAccountProject({ * name: "default", * }); * const app = new scaleway.IamApplication("app", {}); * const objectReadOnly = new scaleway.IamPolicy("objectReadOnly", { * description: "gives app readonly access to object storage in project", * applicationId: app.id, * rules: [{ * projectIds: [_default.then(_default => _default.id)], * permissionSetNames: ["ObjectStorageReadOnly"], * }], * }); * ``` * * ### Create a policy for all current and future projects in an organization * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as scaleway from "@ediri/scaleway"; * * const app = new scaleway.IamApplication("app", {}); * const objectReadOnly = new scaleway.IamPolicy("objectReadOnly", { * description: "gives app readonly access to object storage in project", * applicationId: app.id, * rules: [{ * organizationId: app.organizationId, * permissionSetNames: ["ObjectStorageReadOnly"], * }], * }); * ``` * * ### Create a policy with a particular condition * * IAM policy rule can use a condition to be applied. * The following variables are available: * * - `request.ip` * - `request.user_agent` * - `request.time` * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as scaleway from "@ediri/scaleway"; * * const main = new scaleway.IamPolicy("main", { * noPrincipal: true, * rules: [{ * condition: "request.user_agent == 'My User Agent'", * organizationId: "%s", * permissionSetNames: ["AllProductsFullAccess"], * }], * }); * ``` * * ## Import * * Policies can be imported using the `{id}`, e.g. * * bash * * ```sh * $ pulumi import scaleway:index/iamPolicy:IamPolicy main 11111111-1111-1111-1111-111111111111 * ``` */ export declare class IamPolicy extends pulumi.CustomResource { /** * Get an existing IamPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: IamPolicyState, opts?: pulumi.CustomResourceOptions): IamPolicy; /** * Returns true if the given object is an instance of IamPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is IamPolicy; /** * ID of the application the policy will be linked to */ readonly applicationId: pulumi.Output; /** * The date and time of the creation of the policy. */ readonly createdAt: pulumi.Output; /** * The description of the IAM policy. */ readonly description: pulumi.Output; /** * Whether the policy is editable. */ readonly editable: pulumi.Output; /** * ID of the group the policy will be linked to */ readonly groupId: pulumi.Output; /** * The name of the IAM policy. */ readonly name: pulumi.Output; /** * If the policy doesn't apply to a principal. * * > **Important** Only one of `userId`, `groupId`, `applicationId` and `noPrincipal` may be set. */ readonly noPrincipal: pulumi.Output; /** * `organizationId`) The ID of the organization the policy is associated with. */ readonly organizationId: pulumi.Output; /** * List of rules in the policy. */ readonly rules: pulumi.Output; /** * The tags associated with the IAM policy. */ readonly tags: pulumi.Output; /** * The date and time of the last update of the policy. */ readonly updatedAt: pulumi.Output; /** * ID of the user the policy will be linked to */ readonly userId: pulumi.Output; /** * Create a IamPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: IamPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering IamPolicy resources. */ export interface IamPolicyState { /** * ID of the application the policy will be linked to */ applicationId?: pulumi.Input; /** * The date and time of the creation of the policy. */ createdAt?: pulumi.Input; /** * The description of the IAM policy. */ description?: pulumi.Input; /** * Whether the policy is editable. */ editable?: pulumi.Input; /** * ID of the group the policy will be linked to */ groupId?: pulumi.Input; /** * The name of the IAM policy. */ name?: pulumi.Input; /** * If the policy doesn't apply to a principal. * * > **Important** Only one of `userId`, `groupId`, `applicationId` and `noPrincipal` may be set. */ noPrincipal?: pulumi.Input; /** * `organizationId`) The ID of the organization the policy is associated with. */ organizationId?: pulumi.Input; /** * List of rules in the policy. */ rules?: pulumi.Input[]>; /** * The tags associated with the IAM policy. */ tags?: pulumi.Input[]>; /** * The date and time of the last update of the policy. */ updatedAt?: pulumi.Input; /** * ID of the user the policy will be linked to */ userId?: pulumi.Input; } /** * The set of arguments for constructing a IamPolicy resource. */ export interface IamPolicyArgs { /** * ID of the application the policy will be linked to */ applicationId?: pulumi.Input; /** * The description of the IAM policy. */ description?: pulumi.Input; /** * ID of the group the policy will be linked to */ groupId?: pulumi.Input; /** * The name of the IAM policy. */ name?: pulumi.Input; /** * If the policy doesn't apply to a principal. * * > **Important** Only one of `userId`, `groupId`, `applicationId` and `noPrincipal` may be set. */ noPrincipal?: pulumi.Input; /** * `organizationId`) The ID of the organization the policy is associated with. */ organizationId?: pulumi.Input; /** * List of rules in the policy. */ rules: pulumi.Input[]>; /** * The tags associated with the IAM policy. */ tags?: pulumi.Input[]>; /** * ID of the user the policy will be linked to */ userId?: pulumi.Input; }