github.com/pulumi/pulumi-aws/sdk/v6@v6.32.0/go/aws/secretsmanager/secretPolicy.go (about) 1 // Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. 2 // *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** 3 4 package secretsmanager 5 6 import ( 7 "context" 8 "reflect" 9 10 "errors" 11 "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/internal" 12 "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 13 ) 14 15 // Provides a resource to manage AWS Secrets Manager secret policy. 16 // 17 // ## Example Usage 18 // 19 // ### Basic 20 // 21 // <!--Start PulumiCodeChooser --> 22 // ```go 23 // package main 24 // 25 // import ( 26 // 27 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" 28 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager" 29 // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 30 // 31 // ) 32 // 33 // func main() { 34 // pulumi.Run(func(ctx *pulumi.Context) error { 35 // exampleSecret, err := secretsmanager.NewSecret(ctx, "example", &secretsmanager.SecretArgs{ 36 // Name: pulumi.String("example"), 37 // }) 38 // if err != nil { 39 // return err 40 // } 41 // example, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ 42 // Statements: []iam.GetPolicyDocumentStatement{ 43 // { 44 // Sid: pulumi.StringRef("EnableAnotherAWSAccountToReadTheSecret"), 45 // Effect: pulumi.StringRef("Allow"), 46 // Principals: []iam.GetPolicyDocumentStatementPrincipal{ 47 // { 48 // Type: "AWS", 49 // Identifiers: []string{ 50 // "arn:aws:iam::123456789012:root", 51 // }, 52 // }, 53 // }, 54 // Actions: []string{ 55 // "secretsmanager:GetSecretValue", 56 // }, 57 // Resources: []string{ 58 // "*", 59 // }, 60 // }, 61 // }, 62 // }, nil) 63 // if err != nil { 64 // return err 65 // } 66 // _, err = secretsmanager.NewSecretPolicy(ctx, "example", &secretsmanager.SecretPolicyArgs{ 67 // SecretArn: exampleSecret.Arn, 68 // Policy: pulumi.String(example.Json), 69 // }) 70 // if err != nil { 71 // return err 72 // } 73 // return nil 74 // }) 75 // } 76 // 77 // ``` 78 // <!--End PulumiCodeChooser --> 79 // 80 // ## Import 81 // 82 // Using `pulumi import`, import `aws_secretsmanager_secret_policy` using the secret Amazon Resource Name (ARN). For example: 83 // 84 // ```sh 85 // $ pulumi import aws:secretsmanager/secretPolicy:SecretPolicy example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456 86 // ``` 87 type SecretPolicy struct { 88 pulumi.CustomResourceState 89 90 // Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret. 91 BlockPublicPolicy pulumi.BoolPtrOutput `pulumi:"blockPublicPolicy"` 92 // Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required. 93 Policy pulumi.StringOutput `pulumi:"policy"` 94 // Secret ARN. 95 // 96 // The following arguments are optional: 97 SecretArn pulumi.StringOutput `pulumi:"secretArn"` 98 } 99 100 // NewSecretPolicy registers a new resource with the given unique name, arguments, and options. 101 func NewSecretPolicy(ctx *pulumi.Context, 102 name string, args *SecretPolicyArgs, opts ...pulumi.ResourceOption) (*SecretPolicy, error) { 103 if args == nil { 104 return nil, errors.New("missing one or more required arguments") 105 } 106 107 if args.Policy == nil { 108 return nil, errors.New("invalid value for required argument 'Policy'") 109 } 110 if args.SecretArn == nil { 111 return nil, errors.New("invalid value for required argument 'SecretArn'") 112 } 113 opts = internal.PkgResourceDefaultOpts(opts) 114 var resource SecretPolicy 115 err := ctx.RegisterResource("aws:secretsmanager/secretPolicy:SecretPolicy", name, args, &resource, opts...) 116 if err != nil { 117 return nil, err 118 } 119 return &resource, nil 120 } 121 122 // GetSecretPolicy gets an existing SecretPolicy resource's state with the given name, ID, and optional 123 // state properties that are used to uniquely qualify the lookup (nil if not required). 124 func GetSecretPolicy(ctx *pulumi.Context, 125 name string, id pulumi.IDInput, state *SecretPolicyState, opts ...pulumi.ResourceOption) (*SecretPolicy, error) { 126 var resource SecretPolicy 127 err := ctx.ReadResource("aws:secretsmanager/secretPolicy:SecretPolicy", name, id, state, &resource, opts...) 128 if err != nil { 129 return nil, err 130 } 131 return &resource, nil 132 } 133 134 // Input properties used for looking up and filtering SecretPolicy resources. 135 type secretPolicyState struct { 136 // Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret. 137 BlockPublicPolicy *bool `pulumi:"blockPublicPolicy"` 138 // Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required. 139 Policy *string `pulumi:"policy"` 140 // Secret ARN. 141 // 142 // The following arguments are optional: 143 SecretArn *string `pulumi:"secretArn"` 144 } 145 146 type SecretPolicyState struct { 147 // Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret. 148 BlockPublicPolicy pulumi.BoolPtrInput 149 // Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required. 150 Policy pulumi.StringPtrInput 151 // Secret ARN. 152 // 153 // The following arguments are optional: 154 SecretArn pulumi.StringPtrInput 155 } 156 157 func (SecretPolicyState) ElementType() reflect.Type { 158 return reflect.TypeOf((*secretPolicyState)(nil)).Elem() 159 } 160 161 type secretPolicyArgs struct { 162 // Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret. 163 BlockPublicPolicy *bool `pulumi:"blockPublicPolicy"` 164 // Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required. 165 Policy string `pulumi:"policy"` 166 // Secret ARN. 167 // 168 // The following arguments are optional: 169 SecretArn string `pulumi:"secretArn"` 170 } 171 172 // The set of arguments for constructing a SecretPolicy resource. 173 type SecretPolicyArgs struct { 174 // Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret. 175 BlockPublicPolicy pulumi.BoolPtrInput 176 // Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required. 177 Policy pulumi.StringInput 178 // Secret ARN. 179 // 180 // The following arguments are optional: 181 SecretArn pulumi.StringInput 182 } 183 184 func (SecretPolicyArgs) ElementType() reflect.Type { 185 return reflect.TypeOf((*secretPolicyArgs)(nil)).Elem() 186 } 187 188 type SecretPolicyInput interface { 189 pulumi.Input 190 191 ToSecretPolicyOutput() SecretPolicyOutput 192 ToSecretPolicyOutputWithContext(ctx context.Context) SecretPolicyOutput 193 } 194 195 func (*SecretPolicy) ElementType() reflect.Type { 196 return reflect.TypeOf((**SecretPolicy)(nil)).Elem() 197 } 198 199 func (i *SecretPolicy) ToSecretPolicyOutput() SecretPolicyOutput { 200 return i.ToSecretPolicyOutputWithContext(context.Background()) 201 } 202 203 func (i *SecretPolicy) ToSecretPolicyOutputWithContext(ctx context.Context) SecretPolicyOutput { 204 return pulumi.ToOutputWithContext(ctx, i).(SecretPolicyOutput) 205 } 206 207 // SecretPolicyArrayInput is an input type that accepts SecretPolicyArray and SecretPolicyArrayOutput values. 208 // You can construct a concrete instance of `SecretPolicyArrayInput` via: 209 // 210 // SecretPolicyArray{ SecretPolicyArgs{...} } 211 type SecretPolicyArrayInput interface { 212 pulumi.Input 213 214 ToSecretPolicyArrayOutput() SecretPolicyArrayOutput 215 ToSecretPolicyArrayOutputWithContext(context.Context) SecretPolicyArrayOutput 216 } 217 218 type SecretPolicyArray []SecretPolicyInput 219 220 func (SecretPolicyArray) ElementType() reflect.Type { 221 return reflect.TypeOf((*[]*SecretPolicy)(nil)).Elem() 222 } 223 224 func (i SecretPolicyArray) ToSecretPolicyArrayOutput() SecretPolicyArrayOutput { 225 return i.ToSecretPolicyArrayOutputWithContext(context.Background()) 226 } 227 228 func (i SecretPolicyArray) ToSecretPolicyArrayOutputWithContext(ctx context.Context) SecretPolicyArrayOutput { 229 return pulumi.ToOutputWithContext(ctx, i).(SecretPolicyArrayOutput) 230 } 231 232 // SecretPolicyMapInput is an input type that accepts SecretPolicyMap and SecretPolicyMapOutput values. 233 // You can construct a concrete instance of `SecretPolicyMapInput` via: 234 // 235 // SecretPolicyMap{ "key": SecretPolicyArgs{...} } 236 type SecretPolicyMapInput interface { 237 pulumi.Input 238 239 ToSecretPolicyMapOutput() SecretPolicyMapOutput 240 ToSecretPolicyMapOutputWithContext(context.Context) SecretPolicyMapOutput 241 } 242 243 type SecretPolicyMap map[string]SecretPolicyInput 244 245 func (SecretPolicyMap) ElementType() reflect.Type { 246 return reflect.TypeOf((*map[string]*SecretPolicy)(nil)).Elem() 247 } 248 249 func (i SecretPolicyMap) ToSecretPolicyMapOutput() SecretPolicyMapOutput { 250 return i.ToSecretPolicyMapOutputWithContext(context.Background()) 251 } 252 253 func (i SecretPolicyMap) ToSecretPolicyMapOutputWithContext(ctx context.Context) SecretPolicyMapOutput { 254 return pulumi.ToOutputWithContext(ctx, i).(SecretPolicyMapOutput) 255 } 256 257 type SecretPolicyOutput struct{ *pulumi.OutputState } 258 259 func (SecretPolicyOutput) ElementType() reflect.Type { 260 return reflect.TypeOf((**SecretPolicy)(nil)).Elem() 261 } 262 263 func (o SecretPolicyOutput) ToSecretPolicyOutput() SecretPolicyOutput { 264 return o 265 } 266 267 func (o SecretPolicyOutput) ToSecretPolicyOutputWithContext(ctx context.Context) SecretPolicyOutput { 268 return o 269 } 270 271 // Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret. 272 func (o SecretPolicyOutput) BlockPublicPolicy() pulumi.BoolPtrOutput { 273 return o.ApplyT(func(v *SecretPolicy) pulumi.BoolPtrOutput { return v.BlockPublicPolicy }).(pulumi.BoolPtrOutput) 274 } 275 276 // Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). Unlike `secretsmanager.Secret`, where `policy` can be set to `"{}"` to delete the policy, `"{}"` is not a valid policy since `policy` is required. 277 func (o SecretPolicyOutput) Policy() pulumi.StringOutput { 278 return o.ApplyT(func(v *SecretPolicy) pulumi.StringOutput { return v.Policy }).(pulumi.StringOutput) 279 } 280 281 // Secret ARN. 282 // 283 // The following arguments are optional: 284 func (o SecretPolicyOutput) SecretArn() pulumi.StringOutput { 285 return o.ApplyT(func(v *SecretPolicy) pulumi.StringOutput { return v.SecretArn }).(pulumi.StringOutput) 286 } 287 288 type SecretPolicyArrayOutput struct{ *pulumi.OutputState } 289 290 func (SecretPolicyArrayOutput) ElementType() reflect.Type { 291 return reflect.TypeOf((*[]*SecretPolicy)(nil)).Elem() 292 } 293 294 func (o SecretPolicyArrayOutput) ToSecretPolicyArrayOutput() SecretPolicyArrayOutput { 295 return o 296 } 297 298 func (o SecretPolicyArrayOutput) ToSecretPolicyArrayOutputWithContext(ctx context.Context) SecretPolicyArrayOutput { 299 return o 300 } 301 302 func (o SecretPolicyArrayOutput) Index(i pulumi.IntInput) SecretPolicyOutput { 303 return pulumi.All(o, i).ApplyT(func(vs []interface{}) *SecretPolicy { 304 return vs[0].([]*SecretPolicy)[vs[1].(int)] 305 }).(SecretPolicyOutput) 306 } 307 308 type SecretPolicyMapOutput struct{ *pulumi.OutputState } 309 310 func (SecretPolicyMapOutput) ElementType() reflect.Type { 311 return reflect.TypeOf((*map[string]*SecretPolicy)(nil)).Elem() 312 } 313 314 func (o SecretPolicyMapOutput) ToSecretPolicyMapOutput() SecretPolicyMapOutput { 315 return o 316 } 317 318 func (o SecretPolicyMapOutput) ToSecretPolicyMapOutputWithContext(ctx context.Context) SecretPolicyMapOutput { 319 return o 320 } 321 322 func (o SecretPolicyMapOutput) MapIndex(k pulumi.StringInput) SecretPolicyOutput { 323 return pulumi.All(o, k).ApplyT(func(vs []interface{}) *SecretPolicy { 324 return vs[0].(map[string]*SecretPolicy)[vs[1].(string)] 325 }).(SecretPolicyOutput) 326 } 327 328 func init() { 329 pulumi.RegisterInputType(reflect.TypeOf((*SecretPolicyInput)(nil)).Elem(), &SecretPolicy{}) 330 pulumi.RegisterInputType(reflect.TypeOf((*SecretPolicyArrayInput)(nil)).Elem(), SecretPolicyArray{}) 331 pulumi.RegisterInputType(reflect.TypeOf((*SecretPolicyMapInput)(nil)).Elem(), SecretPolicyMap{}) 332 pulumi.RegisterOutputType(SecretPolicyOutput{}) 333 pulumi.RegisterOutputType(SecretPolicyArrayOutput{}) 334 pulumi.RegisterOutputType(SecretPolicyMapOutput{}) 335 }