Repository
data class RepositoryPermissionsPolicyArgs(val domain: Output<String>? = null, val domainOwner: Output<String>? = null, val policyDocument: Output<String>? = null, val policyRevision: Output<String>? = null, val repository: Output<String>? = null) : ConvertibleToJava<RepositoryPermissionsPolicyArgs>
Provides a CodeArtifact Repostory Permissions Policy Resource.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleKey = new aws.kms.Key("example", {description: "domain key"});
const exampleDomain = new aws.codeartifact.Domain("example", {
domain: "example",
encryptionKey: exampleKey.arn,
});
const exampleRepository = new aws.codeartifact.Repository("example", {
repository: "example",
domain: exampleDomain.domain,
});
const example = aws.iam.getPolicyDocumentOutput({
statements: [{
effect: "Allow",
principals: [{
type: "*",
identifiers: ["*"],
}],
actions: ["codeartifact:ReadFromRepository"],
resources: [exampleRepository.arn],
}],
});
const exampleRepositoryPermissionsPolicy = new aws.codeartifact.RepositoryPermissionsPolicy("example", {
repository: exampleRepository.repository,
domain: exampleDomain.domain,
policyDocument: example.apply(example => example.json),
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example_key = aws.kms.Key("example", description="domain key")
example_domain = aws.codeartifact.Domain("example",
domain="example",
encryption_key=example_key.arn)
example_repository = aws.codeartifact.Repository("example",
repository="example",
domain=example_domain.domain)
example = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="*",
identifiers=["*"],
)],
actions=["codeartifact:ReadFromRepository"],
resources=[example_repository.arn],
)])
example_repository_permissions_policy = aws.codeartifact.RepositoryPermissionsPolicy("example",
repository=example_repository.repository,
domain=example_domain.domain,
policy_document=example.json)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleKey = new Aws.Kms.Key("example", new()
{
Description = "domain key",
});
var exampleDomain = new Aws.CodeArtifact.Domain("example", new()
{
DomainName = "example",
EncryptionKey = exampleKey.Arn,
});
var exampleRepository = new Aws.CodeArtifact.Repository("example", new()
{
RepositoryName = "example",
Domain = exampleDomain.DomainName,
});
var example = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "*",
Identifiers = new[]
{
"*",
},
},
},
Actions = new[]
{
"codeartifact:ReadFromRepository",
},
Resources = new[]
{
exampleRepository.Arn,
},
},
},
});
var exampleRepositoryPermissionsPolicy = new Aws.CodeArtifact.RepositoryPermissionsPolicy("example", new()
{
Repository = exampleRepository.RepositoryName,
Domain = exampleDomain.DomainName,
PolicyDocument = example.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codeartifact"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleKey, err := kms.NewKey(ctx, "example", &kms.KeyArgs{
Description: pulumi.String("domain key"),
})
if err != nil {
return err
}
exampleDomain, err := codeartifact.NewDomain(ctx, "example", &codeartifact.DomainArgs{
Domain: pulumi.String("example"),
EncryptionKey: exampleKey.Arn,
})
if err != nil {
return err
}
exampleRepository, err := codeartifact.NewRepository(ctx, "example", &codeartifact.RepositoryArgs{
Repository: pulumi.String("example"),
Domain: exampleDomain.Domain,
})
if err != nil {
return err
}
example := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Effect: pulumi.String("Allow"),
Principals: iam.GetPolicyDocumentStatementPrincipalArray{
&iam.GetPolicyDocumentStatementPrincipalArgs{
Type: pulumi.String("*"),
Identifiers: pulumi.StringArray{
pulumi.String("*"),
},
},
},
Actions: pulumi.StringArray{
pulumi.String("codeartifact:ReadFromRepository"),
},
Resources: pulumi.StringArray{
exampleRepository.Arn,
},
},
},
}, nil)
_, err = codeartifact.NewRepositoryPermissionsPolicy(ctx, "example", &codeartifact.RepositoryPermissionsPolicyArgs{
Repository: exampleRepository.Repository,
Domain: exampleDomain.Domain,
PolicyDocument: example.ApplyT(func(example iam.GetPolicyDocumentResult) (*string, error) {
return &example.Json, nil
}).(pulumi.StringPtrOutput),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.codeartifact.Domain;
import com.pulumi.aws.codeartifact.DomainArgs;
import com.pulumi.aws.codeartifact.Repository;
import com.pulumi.aws.codeartifact.RepositoryArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.codeartifact.RepositoryPermissionsPolicy;
import com.pulumi.aws.codeartifact.RepositoryPermissionsPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleKey = new Key("exampleKey", KeyArgs.builder()
.description("domain key")
.build());
var exampleDomain = new Domain("exampleDomain", DomainArgs.builder()
.domain("example")
.encryptionKey(exampleKey.arn())
.build());
var exampleRepository = new Repository("exampleRepository", RepositoryArgs.builder()
.repository("example")
.domain(exampleDomain.domain())
.build());
final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("*")
.identifiers("*")
.build())
.actions("codeartifact:ReadFromRepository")
.resources(exampleRepository.arn())
.build())
.build());
var exampleRepositoryPermissionsPolicy = new RepositoryPermissionsPolicy("exampleRepositoryPermissionsPolicy", RepositoryPermissionsPolicyArgs.builder()
.repository(exampleRepository.repository())
.domain(exampleDomain.domain())
.policyDocument(example.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(example -> example.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
}
}Content copied to clipboard
resources:
exampleKey:
type: aws:kms:Key
name: example
properties:
description: domain key
exampleDomain:
type: aws:codeartifact:Domain
name: example
properties:
domain: example
encryptionKey: ${exampleKey.arn}
exampleRepository:
type: aws:codeartifact:Repository
name: example
properties:
repository: example
domain: ${exampleDomain.domain}
exampleRepositoryPermissionsPolicy:
type: aws:codeartifact:RepositoryPermissionsPolicy
name: example
properties:
repository: ${exampleRepository.repository}
domain: ${exampleDomain.domain}
policyDocument: ${example.json}
variables:
example:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
principals:
- type: '*'
identifiers:
- '*'
actions:
- codeartifact:ReadFromRepository
resources:
- ${exampleRepository.arn}Content copied to clipboard
Import
Using pulumi import, import CodeArtifact Repository Permissions Policies using the CodeArtifact Repository ARN. For example:
$ pulumi import aws:codeartifact/repositoryPermissionsPolicy:RepositoryPermissionsPolicy example arn:aws:codeartifact:us-west-2:012345678912:repository/tf-acc-test-6968272603913957763/tf-acc-test-6968272603913957763Content copied to clipboard