github.com/pulumi/pulumi-aws/sdk/v6@v6.32.0/go/aws/acmpca/permission.go (about) 1 // Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. 2 // *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** 3 4 package acmpca 5 6 import ( 7 "context" 8 "reflect" 9 10 "errors" 11 "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/internal" 12 "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 13 ) 14 15 // Provides a resource to manage an AWS Certificate Manager Private Certificate Authorities Permission. 16 // Currently, this is only required in order to allow the ACM service to automatically renew certificates issued by a PCA. 17 // 18 // ## Example Usage 19 // 20 // <!--Start PulumiCodeChooser --> 21 // ```go 22 // package main 23 // 24 // import ( 25 // 26 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca" 27 // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 28 // 29 // ) 30 // 31 // func main() { 32 // pulumi.Run(func(ctx *pulumi.Context) error { 33 // exampleCertificateAuthority, err := acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{ 34 // CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{ 35 // KeyAlgorithm: pulumi.String("RSA_4096"), 36 // SigningAlgorithm: pulumi.String("SHA512WITHRSA"), 37 // Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{ 38 // CommonName: pulumi.String("example.com"), 39 // }, 40 // }, 41 // }) 42 // if err != nil { 43 // return err 44 // } 45 // _, err = acmpca.NewPermission(ctx, "example", &acmpca.PermissionArgs{ 46 // CertificateAuthorityArn: exampleCertificateAuthority.Arn, 47 // Actions: pulumi.StringArray{ 48 // pulumi.String("IssueCertificate"), 49 // pulumi.String("GetCertificate"), 50 // pulumi.String("ListPermissions"), 51 // }, 52 // Principal: pulumi.String("acm.amazonaws.com"), 53 // }) 54 // if err != nil { 55 // return err 56 // } 57 // return nil 58 // }) 59 // } 60 // 61 // ``` 62 // <!--End PulumiCodeChooser --> 63 type Permission struct { 64 pulumi.CustomResourceState 65 66 // Actions that the specified AWS service principal can use. These include `IssueCertificate`, `GetCertificate`, and `ListPermissions`. Note that in order for ACM to automatically rotate certificates issued by a PCA, it must be granted permission on all 3 actions, as per the example above. 67 Actions pulumi.StringArrayOutput `pulumi:"actions"` 68 // ARN of the CA that grants the permissions. 69 CertificateAuthorityArn pulumi.StringOutput `pulumi:"certificateAuthorityArn"` 70 // IAM policy that is associated with the permission. 71 Policy pulumi.StringOutput `pulumi:"policy"` 72 // AWS service or identity that receives the permission. At this time, the only valid principal is `acm.amazonaws.com`. 73 Principal pulumi.StringOutput `pulumi:"principal"` 74 // ID of the calling account 75 SourceAccount pulumi.StringOutput `pulumi:"sourceAccount"` 76 } 77 78 // NewPermission registers a new resource with the given unique name, arguments, and options. 79 func NewPermission(ctx *pulumi.Context, 80 name string, args *PermissionArgs, opts ...pulumi.ResourceOption) (*Permission, error) { 81 if args == nil { 82 return nil, errors.New("missing one or more required arguments") 83 } 84 85 if args.Actions == nil { 86 return nil, errors.New("invalid value for required argument 'Actions'") 87 } 88 if args.CertificateAuthorityArn == nil { 89 return nil, errors.New("invalid value for required argument 'CertificateAuthorityArn'") 90 } 91 if args.Principal == nil { 92 return nil, errors.New("invalid value for required argument 'Principal'") 93 } 94 opts = internal.PkgResourceDefaultOpts(opts) 95 var resource Permission 96 err := ctx.RegisterResource("aws:acmpca/permission:Permission", name, args, &resource, opts...) 97 if err != nil { 98 return nil, err 99 } 100 return &resource, nil 101 } 102 103 // GetPermission gets an existing Permission resource's state with the given name, ID, and optional 104 // state properties that are used to uniquely qualify the lookup (nil if not required). 105 func GetPermission(ctx *pulumi.Context, 106 name string, id pulumi.IDInput, state *PermissionState, opts ...pulumi.ResourceOption) (*Permission, error) { 107 var resource Permission 108 err := ctx.ReadResource("aws:acmpca/permission:Permission", name, id, state, &resource, opts...) 109 if err != nil { 110 return nil, err 111 } 112 return &resource, nil 113 } 114 115 // Input properties used for looking up and filtering Permission resources. 116 type permissionState struct { 117 // Actions that the specified AWS service principal can use. These include `IssueCertificate`, `GetCertificate`, and `ListPermissions`. Note that in order for ACM to automatically rotate certificates issued by a PCA, it must be granted permission on all 3 actions, as per the example above. 118 Actions []string `pulumi:"actions"` 119 // ARN of the CA that grants the permissions. 120 CertificateAuthorityArn *string `pulumi:"certificateAuthorityArn"` 121 // IAM policy that is associated with the permission. 122 Policy *string `pulumi:"policy"` 123 // AWS service or identity that receives the permission. At this time, the only valid principal is `acm.amazonaws.com`. 124 Principal *string `pulumi:"principal"` 125 // ID of the calling account 126 SourceAccount *string `pulumi:"sourceAccount"` 127 } 128 129 type PermissionState struct { 130 // Actions that the specified AWS service principal can use. These include `IssueCertificate`, `GetCertificate`, and `ListPermissions`. Note that in order for ACM to automatically rotate certificates issued by a PCA, it must be granted permission on all 3 actions, as per the example above. 131 Actions pulumi.StringArrayInput 132 // ARN of the CA that grants the permissions. 133 CertificateAuthorityArn pulumi.StringPtrInput 134 // IAM policy that is associated with the permission. 135 Policy pulumi.StringPtrInput 136 // AWS service or identity that receives the permission. At this time, the only valid principal is `acm.amazonaws.com`. 137 Principal pulumi.StringPtrInput 138 // ID of the calling account 139 SourceAccount pulumi.StringPtrInput 140 } 141 142 func (PermissionState) ElementType() reflect.Type { 143 return reflect.TypeOf((*permissionState)(nil)).Elem() 144 } 145 146 type permissionArgs struct { 147 // Actions that the specified AWS service principal can use. These include `IssueCertificate`, `GetCertificate`, and `ListPermissions`. Note that in order for ACM to automatically rotate certificates issued by a PCA, it must be granted permission on all 3 actions, as per the example above. 148 Actions []string `pulumi:"actions"` 149 // ARN of the CA that grants the permissions. 150 CertificateAuthorityArn string `pulumi:"certificateAuthorityArn"` 151 // AWS service or identity that receives the permission. At this time, the only valid principal is `acm.amazonaws.com`. 152 Principal string `pulumi:"principal"` 153 // ID of the calling account 154 SourceAccount *string `pulumi:"sourceAccount"` 155 } 156 157 // The set of arguments for constructing a Permission resource. 158 type PermissionArgs struct { 159 // Actions that the specified AWS service principal can use. These include `IssueCertificate`, `GetCertificate`, and `ListPermissions`. Note that in order for ACM to automatically rotate certificates issued by a PCA, it must be granted permission on all 3 actions, as per the example above. 160 Actions pulumi.StringArrayInput 161 // ARN of the CA that grants the permissions. 162 CertificateAuthorityArn pulumi.StringInput 163 // AWS service or identity that receives the permission. At this time, the only valid principal is `acm.amazonaws.com`. 164 Principal pulumi.StringInput 165 // ID of the calling account 166 SourceAccount pulumi.StringPtrInput 167 } 168 169 func (PermissionArgs) ElementType() reflect.Type { 170 return reflect.TypeOf((*permissionArgs)(nil)).Elem() 171 } 172 173 type PermissionInput interface { 174 pulumi.Input 175 176 ToPermissionOutput() PermissionOutput 177 ToPermissionOutputWithContext(ctx context.Context) PermissionOutput 178 } 179 180 func (*Permission) ElementType() reflect.Type { 181 return reflect.TypeOf((**Permission)(nil)).Elem() 182 } 183 184 func (i *Permission) ToPermissionOutput() PermissionOutput { 185 return i.ToPermissionOutputWithContext(context.Background()) 186 } 187 188 func (i *Permission) ToPermissionOutputWithContext(ctx context.Context) PermissionOutput { 189 return pulumi.ToOutputWithContext(ctx, i).(PermissionOutput) 190 } 191 192 // PermissionArrayInput is an input type that accepts PermissionArray and PermissionArrayOutput values. 193 // You can construct a concrete instance of `PermissionArrayInput` via: 194 // 195 // PermissionArray{ PermissionArgs{...} } 196 type PermissionArrayInput interface { 197 pulumi.Input 198 199 ToPermissionArrayOutput() PermissionArrayOutput 200 ToPermissionArrayOutputWithContext(context.Context) PermissionArrayOutput 201 } 202 203 type PermissionArray []PermissionInput 204 205 func (PermissionArray) ElementType() reflect.Type { 206 return reflect.TypeOf((*[]*Permission)(nil)).Elem() 207 } 208 209 func (i PermissionArray) ToPermissionArrayOutput() PermissionArrayOutput { 210 return i.ToPermissionArrayOutputWithContext(context.Background()) 211 } 212 213 func (i PermissionArray) ToPermissionArrayOutputWithContext(ctx context.Context) PermissionArrayOutput { 214 return pulumi.ToOutputWithContext(ctx, i).(PermissionArrayOutput) 215 } 216 217 // PermissionMapInput is an input type that accepts PermissionMap and PermissionMapOutput values. 218 // You can construct a concrete instance of `PermissionMapInput` via: 219 // 220 // PermissionMap{ "key": PermissionArgs{...} } 221 type PermissionMapInput interface { 222 pulumi.Input 223 224 ToPermissionMapOutput() PermissionMapOutput 225 ToPermissionMapOutputWithContext(context.Context) PermissionMapOutput 226 } 227 228 type PermissionMap map[string]PermissionInput 229 230 func (PermissionMap) ElementType() reflect.Type { 231 return reflect.TypeOf((*map[string]*Permission)(nil)).Elem() 232 } 233 234 func (i PermissionMap) ToPermissionMapOutput() PermissionMapOutput { 235 return i.ToPermissionMapOutputWithContext(context.Background()) 236 } 237 238 func (i PermissionMap) ToPermissionMapOutputWithContext(ctx context.Context) PermissionMapOutput { 239 return pulumi.ToOutputWithContext(ctx, i).(PermissionMapOutput) 240 } 241 242 type PermissionOutput struct{ *pulumi.OutputState } 243 244 func (PermissionOutput) ElementType() reflect.Type { 245 return reflect.TypeOf((**Permission)(nil)).Elem() 246 } 247 248 func (o PermissionOutput) ToPermissionOutput() PermissionOutput { 249 return o 250 } 251 252 func (o PermissionOutput) ToPermissionOutputWithContext(ctx context.Context) PermissionOutput { 253 return o 254 } 255 256 // Actions that the specified AWS service principal can use. These include `IssueCertificate`, `GetCertificate`, and `ListPermissions`. Note that in order for ACM to automatically rotate certificates issued by a PCA, it must be granted permission on all 3 actions, as per the example above. 257 func (o PermissionOutput) Actions() pulumi.StringArrayOutput { 258 return o.ApplyT(func(v *Permission) pulumi.StringArrayOutput { return v.Actions }).(pulumi.StringArrayOutput) 259 } 260 261 // ARN of the CA that grants the permissions. 262 func (o PermissionOutput) CertificateAuthorityArn() pulumi.StringOutput { 263 return o.ApplyT(func(v *Permission) pulumi.StringOutput { return v.CertificateAuthorityArn }).(pulumi.StringOutput) 264 } 265 266 // IAM policy that is associated with the permission. 267 func (o PermissionOutput) Policy() pulumi.StringOutput { 268 return o.ApplyT(func(v *Permission) pulumi.StringOutput { return v.Policy }).(pulumi.StringOutput) 269 } 270 271 // AWS service or identity that receives the permission. At this time, the only valid principal is `acm.amazonaws.com`. 272 func (o PermissionOutput) Principal() pulumi.StringOutput { 273 return o.ApplyT(func(v *Permission) pulumi.StringOutput { return v.Principal }).(pulumi.StringOutput) 274 } 275 276 // ID of the calling account 277 func (o PermissionOutput) SourceAccount() pulumi.StringOutput { 278 return o.ApplyT(func(v *Permission) pulumi.StringOutput { return v.SourceAccount }).(pulumi.StringOutput) 279 } 280 281 type PermissionArrayOutput struct{ *pulumi.OutputState } 282 283 func (PermissionArrayOutput) ElementType() reflect.Type { 284 return reflect.TypeOf((*[]*Permission)(nil)).Elem() 285 } 286 287 func (o PermissionArrayOutput) ToPermissionArrayOutput() PermissionArrayOutput { 288 return o 289 } 290 291 func (o PermissionArrayOutput) ToPermissionArrayOutputWithContext(ctx context.Context) PermissionArrayOutput { 292 return o 293 } 294 295 func (o PermissionArrayOutput) Index(i pulumi.IntInput) PermissionOutput { 296 return pulumi.All(o, i).ApplyT(func(vs []interface{}) *Permission { 297 return vs[0].([]*Permission)[vs[1].(int)] 298 }).(PermissionOutput) 299 } 300 301 type PermissionMapOutput struct{ *pulumi.OutputState } 302 303 func (PermissionMapOutput) ElementType() reflect.Type { 304 return reflect.TypeOf((*map[string]*Permission)(nil)).Elem() 305 } 306 307 func (o PermissionMapOutput) ToPermissionMapOutput() PermissionMapOutput { 308 return o 309 } 310 311 func (o PermissionMapOutput) ToPermissionMapOutputWithContext(ctx context.Context) PermissionMapOutput { 312 return o 313 } 314 315 func (o PermissionMapOutput) MapIndex(k pulumi.StringInput) PermissionOutput { 316 return pulumi.All(o, k).ApplyT(func(vs []interface{}) *Permission { 317 return vs[0].(map[string]*Permission)[vs[1].(string)] 318 }).(PermissionOutput) 319 } 320 321 func init() { 322 pulumi.RegisterInputType(reflect.TypeOf((*PermissionInput)(nil)).Elem(), &Permission{}) 323 pulumi.RegisterInputType(reflect.TypeOf((*PermissionArrayInput)(nil)).Elem(), PermissionArray{}) 324 pulumi.RegisterInputType(reflect.TypeOf((*PermissionMapInput)(nil)).Elem(), PermissionMap{}) 325 pulumi.RegisterOutputType(PermissionOutput{}) 326 pulumi.RegisterOutputType(PermissionArrayOutput{}) 327 pulumi.RegisterOutputType(PermissionMapOutput{}) 328 }