get
This data source Generates a RAM policy document of the current Alibaba Cloud user.
NOTE: Available in v1.184.0+.
Example Usage
Basic Example
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ram.RamFunctions;
import com.pulumi.alicloud.ram.inputs.GetPolicyDocumentArgs;
import com.pulumi.alicloud.ram.Policy;
import com.pulumi.alicloud.ram.PolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var basicExample = RamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.version("1")
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("oss:*")
.resources(
"acs:oss:*:*:myphotos",
"acs:oss:*:*:myphotos/*")
.build())
.build());
var default_ = new Policy("default", PolicyArgs.builder()
.policyName("tf-test")
.policyDocument(basicExample.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.document()))
.force(true)
.build());
}
}Content copied to clipboard
Example Multiple Condition Keys and Values
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ram.RamFunctions;
import com.pulumi.alicloud.ram.inputs.GetPolicyDocumentArgs;
import com.pulumi.alicloud.ram.Policy;
import com.pulumi.alicloud.ram.PolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var multipleCondition = RamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.version("1")
.statements(
GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions(
"oss:ListBuckets",
"oss:GetBucketStat",
"oss:GetBucketInfo",
"oss:GetBucketTagging",
"oss:GetBucketAcl")
.resources("acs:oss:*:*:*")
.build(),
GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions(
"oss:GetObject",
"oss:GetObjectAcl")
.resources("acs:oss:*:*:myphotos/hangzhou/2015/*")
.build(),
GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("oss:ListObjects")
.resources("acs:oss:*:*:myphotos")
.conditions(
GetPolicyDocumentStatementConditionArgs.builder()
.operator("StringLike")
.variable("oss:Delimiter")
.values("/")
.build(),
GetPolicyDocumentStatementConditionArgs.builder()
.operator("StringLike")
.variable("oss:Prefix")
.values(
"",
"hangzhou/",
"hangzhou/2015/*")
.build())
.build())
.build());
var policy = new Policy("policy", PolicyArgs.builder()
.policyName("tf-test-condition")
.policyDocument(multipleCondition.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.document()))
.force(true)
.build());
}
}Content copied to clipboard
Example Assume-Role Policy with RAM Principal
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ram.RamFunctions;
import com.pulumi.alicloud.ram.inputs.GetPolicyDocumentArgs;
import com.pulumi.alicloud.ram.Role;
import com.pulumi.alicloud.ram.RoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var ramExample = RamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("sts:AssumeRole")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.entity("RAM")
.identifiers("acs:ram::123456789012****:root")
.build())
.build())
.build());
var role = new Role("role", RoleArgs.builder()
.document(ramExample.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.document()))
.force(true)
.build());
}
}Content copied to clipboard
Example Assume-Role Policy with Service Principal
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ram.RamFunctions;
import com.pulumi.alicloud.ram.inputs.GetPolicyDocumentArgs;
import com.pulumi.alicloud.ram.Role;
import com.pulumi.alicloud.ram.RoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var serviceExample = RamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("sts:AssumeRole")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.entity("Service")
.identifiers("ecs.aliyuncs.com")
.build())
.build())
.build());
var role = new Role("role", RoleArgs.builder()
.document(serviceExample.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.document()))
.force(true)
.build());
}
}Content copied to clipboard
Example Assume-Role Policy with Federated Principal
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ram.RamFunctions;
import com.pulumi.alicloud.ram.inputs.GetPolicyDocumentArgs;
import com.pulumi.alicloud.ram.Role;
import com.pulumi.alicloud.ram.RoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var federatedExample = RamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("sts:AssumeRole")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.entity("Federated")
.identifiers("acs:ram::123456789012****:saml-provider/testprovider")
.build())
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.operator("StringEquals")
.variable("saml:recipient")
.values("https://signin.aliyun.com/saml-role/sso")
.build())
.build())
.build());
var role = new Role("role", RoleArgs.builder()
.document(federatedExample.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.document()))
.force(true)
.build());
}
}Content copied to clipboard
Return
A collection of values returned by getPolicyDocument. //*/
Parameters
argument
A collection of arguments for invoking getPolicyDocument.
suspend fun getPolicyDocument(outputFile: String? = null, statements: List<GetPolicyDocumentStatement>? = null, version: String? = null): GetPolicyDocumentResult
Return
A collection of values returned by getPolicyDocument.
See also
Parameters
output
statements
Statement of the RAM policy document. See the following Block statement.
version
Version of the RAM policy document. Valid value is 1. Default value is 1.
suspend fun getPolicyDocument(argument: suspend GetPolicyDocumentPlainArgsBuilder.() -> Unit): GetPolicyDocumentResult
Return
A collection of values returned by getPolicyDocument.
See also
Parameters
argument
Builder for com.pulumi.alicloud.ram.kotlin.inputs.GetPolicyDocumentPlainArgs.