Docs Home
cyral 4.16.3 published on Monday, Apr 14, 2025 by cyralinc
cyral.PolicyV2
Explore with Pulumi AI
# cyral.PolicyV2 (Resource)
This resource allows management of various types of policies in the Cyral platform. Policies can be used to define access controls, data governance rules to ensure compliance and security within your database environment.
Import ID syntax is
{policy_type}/{policy_id}, where{policy_type}is one of [local, global]{policy_id}is the ID of the policy in the Cyral Control Plane.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cyral from "@pulumi/cyral";
const myrepo = new cyral.Repository("myrepo", {
type: "mongodb",
repoNodes: [{
name: "node-1",
host: "mongodb.cyral.com",
port: 27017,
}],
mongodbSettings: {
serverType: "standalone",
},
});
const localPolicyExample = new cyral.PolicyV2("localPolicyExample", {
description: "Local policy to allow gym users to read their own data",
enabled: true,
tags: [
"gym",
"local",
],
scopes: [{
repoIds: [myrepo.id],
}],
document: JSON.stringify({
governedData: {
locations: ["gym_db.users"],
},
readRules: [{
conditions: [{
attribute: "identity.userGroups",
operator: "contains",
value: "users",
}],
constraints: {
datasetRewrite: "SELECT * FROM ${dataset} WHERE email = '${identity.endUserEmail}'",
},
}],
}),
enforced: true,
type: "local",
});
const globalPolicyExample = new cyral.PolicyV2("globalPolicyExample", {
description: "Global policy for finance users with row limit for PII data",
enabled: true,
tags: [
"finance",
"global",
],
scopes: [{
repoIds: [myrepo.id],
}],
document: JSON.stringify({
governedData: {
tags: ["PII"],
},
readRules: [
{
conditions: [{
attribute: "identity.userGroups",
operator: "contains",
value: "finance",
}],
constraints: {
maxRows: 5,
},
},
{
conditions: [],
constraints: {},
},
],
}),
enforced: true,
type: "global",
});
import pulumi
import json
import pulumi_cyral as cyral
myrepo = cyral.Repository("myrepo",
type="mongodb",
repo_nodes=[{
"name": "node-1",
"host": "mongodb.cyral.com",
"port": 27017,
}],
mongodb_settings={
"server_type": "standalone",
})
local_policy_example = cyral.PolicyV2("localPolicyExample",
description="Local policy to allow gym users to read their own data",
enabled=True,
tags=[
"gym",
"local",
],
scopes=[{
"repo_ids": [myrepo.id],
}],
document=json.dumps({
"governedData": {
"locations": ["gym_db.users"],
},
"readRules": [{
"conditions": [{
"attribute": "identity.userGroups",
"operator": "contains",
"value": "users",
}],
"constraints": {
"datasetRewrite": "SELECT * FROM ${dataset} WHERE email = '${identity.endUserEmail}'",
},
}],
}),
enforced=True,
type="local")
global_policy_example = cyral.PolicyV2("globalPolicyExample",
description="Global policy for finance users with row limit for PII data",
enabled=True,
tags=[
"finance",
"global",
],
scopes=[{
"repo_ids": [myrepo.id],
}],
document=json.dumps({
"governedData": {
"tags": ["PII"],
},
"readRules": [
{
"conditions": [{
"attribute": "identity.userGroups",
"operator": "contains",
"value": "finance",
}],
"constraints": {
"maxRows": 5,
},
},
{
"conditions": [],
"constraints": {},
},
],
}),
enforced=True,
type="global")
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
myrepo, err := cyral.NewRepository(ctx, "myrepo", &cyral.RepositoryArgs{
Type: pulumi.String("mongodb"),
RepoNodes: cyral.RepositoryRepoNodeArray{
&cyral.RepositoryRepoNodeArgs{
Name: pulumi.String("node-1"),
Host: pulumi.String("mongodb.cyral.com"),
Port: pulumi.Float64(27017),
},
},
MongodbSettings: &cyral.RepositoryMongodbSettingsArgs{
ServerType: pulumi.String("standalone"),
},
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"governedData": map[string]interface{}{
"locations": []string{
"gym_db.users",
},
},
"readRules": []map[string]interface{}{
map[string]interface{}{
"conditions": []map[string]interface{}{
map[string]interface{}{
"attribute": "identity.userGroups",
"operator": "contains",
"value": "users",
},
},
"constraints": map[string]interface{}{
"datasetRewrite": "SELECT * FROM ${dataset} WHERE email = '${identity.endUserEmail}'",
},
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = cyral.NewPolicyV2(ctx, "localPolicyExample", &cyral.PolicyV2Args{
Description: pulumi.String("Local policy to allow gym users to read their own data"),
Enabled: pulumi.Bool(true),
Tags: pulumi.StringArray{
pulumi.String("gym"),
pulumi.String("local"),
},
Scopes: cyral.PolicyV2ScopeArray{
&cyral.PolicyV2ScopeArgs{
RepoIds: pulumi.StringArray{
myrepo.ID(),
},
},
},
Document: pulumi.String(json0),
Enforced: pulumi.Bool(true),
Type: pulumi.String("local"),
})
if err != nil {
return err
}
tmpJSON1, err := json.Marshal(map[string]interface{}{
"governedData": map[string]interface{}{
"tags": []string{
"PII",
},
},
"readRules": []interface{}{
map[string]interface{}{
"conditions": []map[string]interface{}{
map[string]interface{}{
"attribute": "identity.userGroups",
"operator": "contains",
"value": "finance",
},
},
"constraints": map[string]interface{}{
"maxRows": 5,
},
},
map[string]interface{}{
"conditions": []interface{}{},
"constraints": map[string]interface{}{},
},
},
})
if err != nil {
return err
}
json1 := string(tmpJSON1)
_, err = cyral.NewPolicyV2(ctx, "globalPolicyExample", &cyral.PolicyV2Args{
Description: pulumi.String("Global policy for finance users with row limit for PII data"),
Enabled: pulumi.Bool(true),
Tags: pulumi.StringArray{
pulumi.String("finance"),
pulumi.String("global"),
},
Scopes: cyral.PolicyV2ScopeArray{
&cyral.PolicyV2ScopeArgs{
RepoIds: pulumi.StringArray{
myrepo.ID(),
},
},
},
Document: pulumi.String(json1),
Enforced: pulumi.Bool(true),
Type: pulumi.String("global"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Cyral = Pulumi.Cyral;
return await Deployment.RunAsync(() =>
{
var myrepo = new Cyral.Repository("myrepo", new()
{
Type = "mongodb",
RepoNodes = new[]
{
new Cyral.Inputs.RepositoryRepoNodeArgs
{
Name = "node-1",
Host = "mongodb.cyral.com",
Port = 27017,
},
},
MongodbSettings = new Cyral.Inputs.RepositoryMongodbSettingsArgs
{
ServerType = "standalone",
},
});
var localPolicyExample = new Cyral.PolicyV2("localPolicyExample", new()
{
Description = "Local policy to allow gym users to read their own data",
Enabled = true,
Tags = new[]
{
"gym",
"local",
},
Scopes = new[]
{
new Cyral.Inputs.PolicyV2ScopeArgs
{
RepoIds = new[]
{
myrepo.Id,
},
},
},
Document = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["governedData"] = new Dictionary<string, object?>
{
["locations"] = new[]
{
"gym_db.users",
},
},
["readRules"] = new[]
{
new Dictionary<string, object?>
{
["conditions"] = new[]
{
new Dictionary<string, object?>
{
["attribute"] = "identity.userGroups",
["operator"] = "contains",
["value"] = "users",
},
},
["constraints"] = new Dictionary<string, object?>
{
["datasetRewrite"] = "SELECT * FROM ${dataset} WHERE email = '${identity.endUserEmail}'",
},
},
},
}),
Enforced = true,
Type = "local",
});
var globalPolicyExample = new Cyral.PolicyV2("globalPolicyExample", new()
{
Description = "Global policy for finance users with row limit for PII data",
Enabled = true,
Tags = new[]
{
"finance",
"global",
},
Scopes = new[]
{
new Cyral.Inputs.PolicyV2ScopeArgs
{
RepoIds = new[]
{
myrepo.Id,
},
},
},
Document = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["governedData"] = new Dictionary<string, object?>
{
["tags"] = new[]
{
"PII",
},
},
["readRules"] = new[]
{
new Dictionary<string, object?>
{
["conditions"] = new[]
{
new Dictionary<string, object?>
{
["attribute"] = "identity.userGroups",
["operator"] = "contains",
["value"] = "finance",
},
},
["constraints"] = new Dictionary<string, object?>
{
["maxRows"] = 5,
},
},
new Dictionary<string, object?>
{
["conditions"] = new[]
{
},
["constraints"] = new Dictionary<string, object?>
{
},
},
},
}),
Enforced = true,
Type = "global",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cyral.Repository;
import com.pulumi.cyral.RepositoryArgs;
import com.pulumi.cyral.inputs.RepositoryRepoNodeArgs;
import com.pulumi.cyral.inputs.RepositoryMongodbSettingsArgs;
import com.pulumi.cyral.PolicyV2;
import com.pulumi.cyral.PolicyV2Args;
import com.pulumi.cyral.inputs.PolicyV2ScopeArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myrepo = new Repository("myrepo", RepositoryArgs.builder()
.type("mongodb")
.repoNodes(RepositoryRepoNodeArgs.builder()
.name("node-1")
.host("mongodb.cyral.com")
.port(27017)
.build())
.mongodbSettings(RepositoryMongodbSettingsArgs.builder()
.serverType("standalone")
.build())
.build());
var localPolicyExample = new PolicyV2("localPolicyExample", PolicyV2Args.builder()
.description("Local policy to allow gym users to read their own data")
.enabled(true)
.tags(
"gym",
"local")
.scopes(PolicyV2ScopeArgs.builder()
.repoIds(myrepo.id())
.build())
.document(serializeJson(
jsonObject(
jsonProperty("governedData", jsonObject(
jsonProperty("locations", jsonArray("gym_db.users"))
)),
jsonProperty("readRules", jsonArray(jsonObject(
jsonProperty("conditions", jsonArray(jsonObject(
jsonProperty("attribute", "identity.userGroups"),
jsonProperty("operator", "contains"),
jsonProperty("value", "users")
))),
jsonProperty("constraints", jsonObject(
jsonProperty("datasetRewrite", "SELECT * FROM ${dataset} WHERE email = '${identity.endUserEmail}'")
))
)))
)))
.enforced(true)
.type("local")
.build());
var globalPolicyExample = new PolicyV2("globalPolicyExample", PolicyV2Args.builder()
.description("Global policy for finance users with row limit for PII data")
.enabled(true)
.tags(
"finance",
"global")
.scopes(PolicyV2ScopeArgs.builder()
.repoIds(myrepo.id())
.build())
.document(serializeJson(
jsonObject(
jsonProperty("governedData", jsonObject(
jsonProperty("tags", jsonArray("PII"))
)),
jsonProperty("readRules", jsonArray(
jsonObject(
jsonProperty("conditions", jsonArray(jsonObject(
jsonProperty("attribute", "identity.userGroups"),
jsonProperty("operator", "contains"),
jsonProperty("value", "finance")
))),
jsonProperty("constraints", jsonObject(
jsonProperty("maxRows", 5)
))
),
jsonObject(
jsonProperty("conditions", jsonArray(
)),
jsonProperty("constraints", jsonObject(
))
)
))
)))
.enforced(true)
.type("global")
.build());
}
}
resources:
myrepo:
type: cyral:Repository
properties:
type: mongodb
repoNodes:
- name: node-1
host: mongodb.cyral.com
port: 27017
mongodbSettings:
serverType: standalone
localPolicyExample:
type: cyral:PolicyV2
properties:
description: Local policy to allow gym users to read their own data
enabled: true
tags:
- gym
- local
scopes:
- repoIds:
- ${myrepo.id}
document:
fn::toJSON:
governedData:
locations:
- gym_db.users
readRules:
- conditions:
- attribute: identity.userGroups
operator: contains
value: users
constraints:
datasetRewrite: SELECT * FROM $${dataset} WHERE email = '$${identity.endUserEmail}'
enforced: true
type: local
globalPolicyExample:
type: cyral:PolicyV2
properties:
description: Global policy for finance users with row limit for PII data
enabled: true
tags:
- finance
- global
scopes:
- repoIds:
- ${myrepo.id}
document:
fn::toJSON:
governedData:
tags:
- PII
readRules:
- conditions:
- attribute: identity.userGroups
operator: contains
value: finance
constraints:
maxRows: 5
- conditions: []
constraints: {}
enforced: true
type: global
Create PolicyV2 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyV2(name: string, args: PolicyV2Args, opts?: CustomResourceOptions);@overload
def PolicyV2(resource_name: str,
args: PolicyV2Args,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyV2(resource_name: str,
opts: Optional[ResourceOptions] = None,
document: Optional[str] = None,
type: Optional[str] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
enforced: Optional[bool] = None,
name: Optional[str] = None,
scopes: Optional[Sequence[PolicyV2ScopeArgs]] = None,
tags: Optional[Sequence[str]] = None,
valid_from: Optional[str] = None,
valid_until: Optional[str] = None)func NewPolicyV2(ctx *Context, name string, args PolicyV2Args, opts ...ResourceOption) (*PolicyV2, error)public PolicyV2(string name, PolicyV2Args args, CustomResourceOptions? opts = null)public PolicyV2(String name, PolicyV2Args args)
public PolicyV2(String name, PolicyV2Args args, CustomResourceOptions options)
type: cyral:PolicyV2
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PolicyV2Args - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. PolicyV2Args - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PolicyV2Args - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PolicyV2Args - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. PolicyV2Args - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyV2Resource = new Cyral.PolicyV2("policyV2Resource", new()
{
Document = "string",
Type = "string",
Description = "string",
Enabled = false,
Enforced = false,
Name = "string",
Scopes = new[]
{
new Cyral.Inputs.PolicyV2ScopeArgs
{
RepoIds = new[]
{
"string",
},
},
},
Tags = new[]
{
"string",
},
ValidFrom = "string",
ValidUntil = "string",
});
example, err := cyral.NewPolicyV2(ctx, "policyV2Resource", &cyral.PolicyV2Args{
Document: pulumi.String("string"),
Type: pulumi.String("string"),
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Enforced: pulumi.Bool(false),
Name: pulumi.String("string"),
Scopes: .PolicyV2ScopeArray{
&.PolicyV2ScopeArgs{
RepoIds: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
ValidFrom: pulumi.String("string"),
ValidUntil: pulumi.String("string"),
})
var policyV2Resource = new PolicyV2("policyV2Resource", PolicyV2Args.builder()
.document("string")
.type("string")
.description("string")
.enabled(false)
.enforced(false)
.name("string")
.scopes(PolicyV2ScopeArgs.builder()
.repoIds("string")
.build())
.tags("string")
.validFrom("string")
.validUntil("string")
.build());
policy_v2_resource = cyral.PolicyV2("policyV2Resource",
document="string",
type="string",
description="string",
enabled=False,
enforced=False,
name="string",
scopes=[{
"repo_ids": ["string"],
}],
tags=["string"],
valid_from="string",
valid_until="string")
const policyV2Resource = new cyral.PolicyV2("policyV2Resource", {
document: "string",
type: "string",
description: "string",
enabled: false,
enforced: false,
name: "string",
scopes: [{
repoIds: ["string"],
}],
tags: ["string"],
validFrom: "string",
validUntil: "string",
});
type: cyral:PolicyV2
properties:
description: string
document: string
enabled: false
enforced: false
name: string
scopes:
- repoIds:
- string
tags:
- string
type: string
validFrom: string
validUntil: string
PolicyV2 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PolicyV2 resource accepts the following input properties:
- Document
This property is required. string - The actual policy document in JSON format. It must conform to the schema for the policy type.
- Type
This property is required. string - Type of the policy, one of [
local,global] - Description string
- Description of the policy.
- Enabled bool
- Indicates if the policy is enabled.
- Enforced bool
- Indicates if the policy is enforced. If not enforced, no action is taken based on the policy, but alerts are triggered for violations.
- Name string
- Name of the policy.
- Scopes
List<Policy
V2Scope> - Scope of the policy. If empty or omitted, all repositories are in scope.
- List<string>
- Tags associated with the policy to categorize it.
- Valid
From string - Time when the policy comes into effect. If omitted, the policy is in effect immediately.
- Valid
Until string - Time after which the policy is no longer in effect. If omitted, the policy is in effect indefinitely.
- Document
This property is required. string - The actual policy document in JSON format. It must conform to the schema for the policy type.
- Type
This property is required. string - Type of the policy, one of [
local,global] - Description string
- Description of the policy.
- Enabled bool
- Indicates if the policy is enabled.
- Enforced bool
- Indicates if the policy is enforced. If not enforced, no action is taken based on the policy, but alerts are triggered for violations.
- Name string
- Name of the policy.
- Scopes
[]Policy
V2Scope Args - Scope of the policy. If empty or omitted, all repositories are in scope.
- []string
- Tags associated with the policy to categorize it.
- Valid
From string - Time when the policy comes into effect. If omitted, the policy is in effect immediately.
- Valid
Until string - Time after which the policy is no longer in effect. If omitted, the policy is in effect indefinitely.
- document
This property is required. String - The actual policy document in JSON format. It must conform to the schema for the policy type.
- type
This property is required. String - Type of the policy, one of [
local,global] - description String
- Description of the policy.
- enabled Boolean
- Indicates if the policy is enabled.
- enforced Boolean
- Indicates if the policy is enforced. If not enforced, no action is taken based on the policy, but alerts are triggered for violations.
- name String
- Name of the policy.
- scopes
List<Policy
V2Scope> - Scope of the policy. If empty or omitted, all repositories are in scope.
- List<String>
- Tags associated with the policy to categorize it.
- valid
From String - Time when the policy comes into effect. If omitted, the policy is in effect immediately.
- valid
Until String - Time after which the policy is no longer in effect. If omitted, the policy is in effect indefinitely.
- document
This property is required. string - The actual policy document in JSON format. It must conform to the schema for the policy type.
- type
This property is required. string - Type of the policy, one of [
local,global] - description string
- Description of the policy.
- enabled boolean
- Indicates if the policy is enabled.
- enforced boolean
- Indicates if the policy is enforced. If not enforced, no action is taken based on the policy, but alerts are triggered for violations.
- name string
- Name of the policy.
- scopes
Policy
V2Scope[] - Scope of the policy. If empty or omitted, all repositories are in scope.
- string[]
- Tags associated with the policy to categorize it.
- valid
From string - Time when the policy comes into effect. If omitted, the policy is in effect immediately.
- valid
Until string - Time after which the policy is no longer in effect. If omitted, the policy is in effect indefinitely.
- document
This property is required. str - The actual policy document in JSON format. It must conform to the schema for the policy type.
- type
This property is required. str - Type of the policy, one of [
local,global] - description str
- Description of the policy.
- enabled bool
- Indicates if the policy is enabled.
- enforced bool
- Indicates if the policy is enforced. If not enforced, no action is taken based on the policy, but alerts are triggered for violations.
- name str
- Name of the policy.
- scopes
Sequence[Policy
V2Scope Args] - Scope of the policy. If empty or omitted, all repositories are in scope.
- Sequence[str]
- Tags associated with the policy to categorize it.
- valid_
from str - Time when the policy comes into effect. If omitted, the policy is in effect immediately.
- valid_
until str - Time after which the policy is no longer in effect. If omitted, the policy is in effect indefinitely.
- document
This property is required. String - The actual policy document in JSON format. It must conform to the schema for the policy type.
- type
This property is required. String - Type of the policy, one of [
local,global] - description String
- Description of the policy.
- enabled Boolean
- Indicates if the policy is enabled.
- enforced Boolean
- Indicates if the policy is enforced. If not enforced, no action is taken based on the policy, but alerts are triggered for violations.
- name String
- Name of the policy.
- scopes List<Property Map>
- Scope of the policy. If empty or omitted, all repositories are in scope.
- List<String>
- Tags associated with the policy to categorize it.
- valid
From String - Time when the policy comes into effect. If omitted, the policy is in effect immediately.
- valid
Until String - Time after which the policy is no longer in effect. If omitted, the policy is in effect indefinitely.
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyV2 resource produces the following output properties:
- Created Dictionary<string, string>
- Information about when and by whom the policy was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Updated Dictionary<string, string> - Information about when and by whom the policy was last updated.
- Created map[string]string
- Information about when and by whom the policy was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Updated map[string]string - Information about when and by whom the policy was last updated.
- created Map<String,String>
- Information about when and by whom the policy was created.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Updated Map<String,String> - Information about when and by whom the policy was last updated.
- created {[key: string]: string}
- Information about when and by whom the policy was created.
- id string
- The provider-assigned unique ID for this managed resource.
- last
Updated {[key: string]: string} - Information about when and by whom the policy was last updated.
- created Mapping[str, str]
- Information about when and by whom the policy was created.
- id str
- The provider-assigned unique ID for this managed resource.
- last_
updated Mapping[str, str] - Information about when and by whom the policy was last updated.
- created Map<String>
- Information about when and by whom the policy was created.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Updated Map<String> - Information about when and by whom the policy was last updated.
Look up Existing PolicyV2 Resource
Get an existing PolicyV2 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyV2State, opts?: CustomResourceOptions): PolicyV2@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
created: Optional[Mapping[str, str]] = None,
description: Optional[str] = None,
document: Optional[str] = None,
enabled: Optional[bool] = None,
enforced: Optional[bool] = None,
last_updated: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
scopes: Optional[Sequence[PolicyV2ScopeArgs]] = None,
tags: Optional[Sequence[str]] = None,
type: Optional[str] = None,
valid_from: Optional[str] = None,
valid_until: Optional[str] = None) -> PolicyV2func GetPolicyV2(ctx *Context, name string, id IDInput, state *PolicyV2State, opts ...ResourceOption) (*PolicyV2, error)public static PolicyV2 Get(string name, Input<string> id, PolicyV2State? state, CustomResourceOptions? opts = null)public static PolicyV2 get(String name, Output<String> id, PolicyV2State state, CustomResourceOptions options)resources: _: type: cyral:PolicyV2 get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Created Dictionary<string, string>
- Information about when and by whom the policy was created.
- Description string
- Description of the policy.
- Document string
- The actual policy document in JSON format. It must conform to the schema for the policy type.
- Enabled bool
- Indicates if the policy is enabled.
- Enforced bool
- Indicates if the policy is enforced. If not enforced, no action is taken based on the policy, but alerts are triggered for violations.
- Last
Updated Dictionary<string, string> - Information about when and by whom the policy was last updated.
- Name string
- Name of the policy.
- Scopes
List<Policy
V2Scope> - Scope of the policy. If empty or omitted, all repositories are in scope.
- List<string>
- Tags associated with the policy to categorize it.
- Type string
- Type of the policy, one of [
local,global] - Valid
From string - Time when the policy comes into effect. If omitted, the policy is in effect immediately.
- Valid
Until string - Time after which the policy is no longer in effect. If omitted, the policy is in effect indefinitely.
- Created map[string]string
- Information about when and by whom the policy was created.
- Description string
- Description of the policy.
- Document string
- The actual policy document in JSON format. It must conform to the schema for the policy type.
- Enabled bool
- Indicates if the policy is enabled.
- Enforced bool
- Indicates if the policy is enforced. If not enforced, no action is taken based on the policy, but alerts are triggered for violations.
- Last
Updated map[string]string - Information about when and by whom the policy was last updated.
- Name string
- Name of the policy.
- Scopes
[]Policy
V2Scope Args - Scope of the policy. If empty or omitted, all repositories are in scope.
- []string
- Tags associated with the policy to categorize it.
- Type string
- Type of the policy, one of [
local,global] - Valid
From string - Time when the policy comes into effect. If omitted, the policy is in effect immediately.
- Valid
Until string - Time after which the policy is no longer in effect. If omitted, the policy is in effect indefinitely.
- created Map<String,String>
- Information about when and by whom the policy was created.
- description String
- Description of the policy.
- document String
- The actual policy document in JSON format. It must conform to the schema for the policy type.
- enabled Boolean
- Indicates if the policy is enabled.
- enforced Boolean
- Indicates if the policy is enforced. If not enforced, no action is taken based on the policy, but alerts are triggered for violations.
- last
Updated Map<String,String> - Information about when and by whom the policy was last updated.
- name String
- Name of the policy.
- scopes
List<Policy
V2Scope> - Scope of the policy. If empty or omitted, all repositories are in scope.
- List<String>
- Tags associated with the policy to categorize it.
- type String
- Type of the policy, one of [
local,global] - valid
From String - Time when the policy comes into effect. If omitted, the policy is in effect immediately.
- valid
Until String - Time after which the policy is no longer in effect. If omitted, the policy is in effect indefinitely.
- created {[key: string]: string}
- Information about when and by whom the policy was created.
- description string
- Description of the policy.
- document string
- The actual policy document in JSON format. It must conform to the schema for the policy type.
- enabled boolean
- Indicates if the policy is enabled.
- enforced boolean
- Indicates if the policy is enforced. If not enforced, no action is taken based on the policy, but alerts are triggered for violations.
- last
Updated {[key: string]: string} - Information about when and by whom the policy was last updated.
- name string
- Name of the policy.
- scopes
Policy
V2Scope[] - Scope of the policy. If empty or omitted, all repositories are in scope.
- string[]
- Tags associated with the policy to categorize it.
- type string
- Type of the policy, one of [
local,global] - valid
From string - Time when the policy comes into effect. If omitted, the policy is in effect immediately.
- valid
Until string - Time after which the policy is no longer in effect. If omitted, the policy is in effect indefinitely.
- created Mapping[str, str]
- Information about when and by whom the policy was created.
- description str
- Description of the policy.
- document str
- The actual policy document in JSON format. It must conform to the schema for the policy type.
- enabled bool
- Indicates if the policy is enabled.
- enforced bool
- Indicates if the policy is enforced. If not enforced, no action is taken based on the policy, but alerts are triggered for violations.
- last_
updated Mapping[str, str] - Information about when and by whom the policy was last updated.
- name str
- Name of the policy.
- scopes
Sequence[Policy
V2Scope Args] - Scope of the policy. If empty or omitted, all repositories are in scope.
- Sequence[str]
- Tags associated with the policy to categorize it.
- type str
- Type of the policy, one of [
local,global] - valid_
from str - Time when the policy comes into effect. If omitted, the policy is in effect immediately.
- valid_
until str - Time after which the policy is no longer in effect. If omitted, the policy is in effect indefinitely.
- created Map<String>
- Information about when and by whom the policy was created.
- description String
- Description of the policy.
- document String
- The actual policy document in JSON format. It must conform to the schema for the policy type.
- enabled Boolean
- Indicates if the policy is enabled.
- enforced Boolean
- Indicates if the policy is enforced. If not enforced, no action is taken based on the policy, but alerts are triggered for violations.
- last
Updated Map<String> - Information about when and by whom the policy was last updated.
- name String
- Name of the policy.
- scopes List<Property Map>
- Scope of the policy. If empty or omitted, all repositories are in scope.
- List<String>
- Tags associated with the policy to categorize it.
- type String
- Type of the policy, one of [
local,global] - valid
From String - Time when the policy comes into effect. If omitted, the policy is in effect immediately.
- valid
Until String - Time after which the policy is no longer in effect. If omitted, the policy is in effect indefinitely.
Supporting Types
PolicyV2Scope, PolicyV2ScopeArgs
, PolicyV2ScopeArgs
- Repo
Ids List<string> - List of repository IDs that are in scope.
- Repo
Ids []string - List of repository IDs that are in scope.
- repo
Ids List<String> - List of repository IDs that are in scope.
- repo
Ids string[] - List of repository IDs that are in scope.
- repo_
ids Sequence[str] - List of repository IDs that are in scope.
- repo
Ids List<String> - List of repository IDs that are in scope.
Package Details
- Repository
- cyral cyralinc/terraform-provider-cyral
- License
- Notes
- This Pulumi package is based on the
cyralTerraform Provider.