Docs Home
ibm 1.77.1 published on Monday, Apr 14, 2025 by ibm-cloud
ibm.getIamUserPolicy
Explore with Pulumi AI
Retrieve information about an IAM user policy. For more information, about IAM role action, see managing access to resources.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const policy = new ibm.IamUserPolicy("policy", {
ibmId: "test@in.ibm.com",
roles: ["Viewer"],
resources: {
service: "kms",
region: "us-south",
},
});
const testaccDsUserPolicy = ibm.getIamUserPolicyOutput({
ibmId: policy.ibmId,
transactionId: "terrformUserPolicy",
});
import pulumi
import pulumi_ibm as ibm
policy = ibm.IamUserPolicy("policy",
ibm_id="test@in.ibm.com",
roles=["Viewer"],
resources={
"service": "kms",
"region": "us-south",
})
testacc_ds_user_policy = ibm.get_iam_user_policy_output(ibm_id=policy.ibm_id,
transaction_id="terrformUserPolicy")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
policy, err := ibm.NewIamUserPolicy(ctx, "policy", &ibm.IamUserPolicyArgs{
IbmId: pulumi.String("test@in.ibm.com"),
Roles: pulumi.StringArray{
pulumi.String("Viewer"),
},
Resources: &ibm.IamUserPolicyResourcesArgs{
Service: pulumi.String("kms"),
Region: pulumi.String("us-south"),
},
})
if err != nil {
return err
}
_ = ibm.LookupIamUserPolicyOutput(ctx, ibm.GetIamUserPolicyOutputArgs{
IbmId: policy.IbmId,
TransactionId: pulumi.String("terrformUserPolicy"),
}, nil)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var policy = new Ibm.IamUserPolicy("policy", new()
{
IbmId = "test@in.ibm.com",
Roles = new[]
{
"Viewer",
},
Resources = new Ibm.Inputs.IamUserPolicyResourcesArgs
{
Service = "kms",
Region = "us-south",
},
});
var testaccDsUserPolicy = Ibm.GetIamUserPolicy.Invoke(new()
{
IbmId = policy.IbmId,
TransactionId = "terrformUserPolicy",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamUserPolicy;
import com.pulumi.ibm.IamUserPolicyArgs;
import com.pulumi.ibm.inputs.IamUserPolicyResourcesArgs;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetIamUserPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new IamUserPolicy("policy", IamUserPolicyArgs.builder()
.ibmId("test@in.ibm.com")
.roles("Viewer")
.resources(IamUserPolicyResourcesArgs.builder()
.service("kms")
.region("us-south")
.build())
.build());
final var testaccDsUserPolicy = IbmFunctions.getIamUserPolicy(GetIamUserPolicyArgs.builder()
.ibmId(policy.ibmId())
.transactionId("terrformUserPolicy")
.build());
}
}
resources:
policy:
type: ibm:IamUserPolicy
properties:
ibmId: test@in.ibm.com
roles:
- Viewer
resources:
service: kms
region: us-south
variables:
testaccDsUserPolicy:
fn::invoke:
function: ibm:getIamUserPolicy
arguments:
ibmId: ${policy.ibmId}
transactionId: terrformUserPolicy
Using getIamUserPolicy
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getIamUserPolicy(args: GetIamUserPolicyArgs, opts?: InvokeOptions): Promise<GetIamUserPolicyResult>
function getIamUserPolicyOutput(args: GetIamUserPolicyOutputArgs, opts?: InvokeOptions): Output<GetIamUserPolicyResult>def get_iam_user_policy(ibm_id: Optional[str] = None,
id: Optional[str] = None,
sort: Optional[str] = None,
transaction_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetIamUserPolicyResult
def get_iam_user_policy_output(ibm_id: Optional[pulumi.Input[str]] = None,
id: Optional[pulumi.Input[str]] = None,
sort: Optional[pulumi.Input[str]] = None,
transaction_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetIamUserPolicyResult]func LookupIamUserPolicy(ctx *Context, args *LookupIamUserPolicyArgs, opts ...InvokeOption) (*LookupIamUserPolicyResult, error)
func LookupIamUserPolicyOutput(ctx *Context, args *LookupIamUserPolicyOutputArgs, opts ...InvokeOption) LookupIamUserPolicyResultOutput> Note: This function is named LookupIamUserPolicy in the Go SDK.
public static class GetIamUserPolicy
{
public static Task<GetIamUserPolicyResult> InvokeAsync(GetIamUserPolicyArgs args, InvokeOptions? opts = null)
public static Output<GetIamUserPolicyResult> Invoke(GetIamUserPolicyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetIamUserPolicyResult> getIamUserPolicy(GetIamUserPolicyArgs args, InvokeOptions options)
public static Output<GetIamUserPolicyResult> getIamUserPolicy(GetIamUserPolicyArgs args, InvokeOptions options)
fn::invoke:
function: ibm:index/getIamUserPolicy:getIamUserPolicy
arguments:
# arguments dictionaryThe following arguments are supported:
- Ibm
Id This property is required. string - The IBM ID or email address of the user.
- Id string
- (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - Sort string
- The single field sort query for policies.
- Transaction
Id string - The TransactionID can be passed to your request for the tracking calls.
- Ibm
Id This property is required. string - The IBM ID or email address of the user.
- Id string
- (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - Sort string
- The single field sort query for policies.
- Transaction
Id string - The TransactionID can be passed to your request for the tracking calls.
- ibm
Id This property is required. String - The IBM ID or email address of the user.
- id String
- (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - sort String
- The single field sort query for policies.
- transaction
Id String - The TransactionID can be passed to your request for the tracking calls.
- ibm
Id This property is required. string - The IBM ID or email address of the user.
- id string
- (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - sort string
- The single field sort query for policies.
- transaction
Id string - The TransactionID can be passed to your request for the tracking calls.
- ibm_
id This property is required. str - The IBM ID or email address of the user.
- id str
- (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - sort str
- The single field sort query for policies.
- transaction_
id str - The TransactionID can be passed to your request for the tracking calls.
- ibm
Id This property is required. String - The IBM ID or email address of the user.
- id String
- (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - sort String
- The single field sort query for policies.
- transaction
Id String - The TransactionID can be passed to your request for the tracking calls.
getIamUserPolicy Result
The following output properties are available:
- Ibm
Id string - Id string
- (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - Policies
List<Get
Iam User Policy Policy> - (List) A nested block describes IAM Policies assigned to user.
- Transaction
Id string - Sort string
- Ibm
Id string - Id string
- (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - Policies
[]Get
Iam User Policy Policy - (List) A nested block describes IAM Policies assigned to user.
- Transaction
Id string - Sort string
- ibm
Id String - id String
- (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - policies
List<Get
Iam User Policy Policy> - (List) A nested block describes IAM Policies assigned to user.
- transaction
Id String - sort String
- ibm
Id string - id string
- (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - policies
Get
Iam User Policy Policy[] - (List) A nested block describes IAM Policies assigned to user.
- transaction
Id string - sort string
- ibm_
id str - id str
- (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - policies
Sequence[Get
Iam User Policy Policy] - (List) A nested block describes IAM Policies assigned to user.
- transaction_
id str - sort str
- ibm
Id String - id String
- (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - policies List<Property Map>
- (List) A nested block describes IAM Policies assigned to user.
- transaction
Id String - sort String
Supporting Types
GetIamUserPolicyPolicy
- Description
This property is required. string - (String) The description of the IAM User Policy.
- Id
This property is required. string - (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - Pattern
This property is required. string - (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. This property is required. List<GetIam User Policy Policy Resource Tag> - (List of objects) A nested block describes the access management tags in the policy.
- Resources
This property is required. List<GetIam User Policy Policy Resource> - (List of objects) A nested block describes the resources in the policy.
- Roles
This property is required. List<string> - (String) The roles that are assigned to the policy.
- Rule
Conditions This property is required. List<GetIam User Policy Policy Rule Condition> - (List of objects) A nested block describing the rule conditions of this policy.
- Rule
Operator This property is required. string - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and.
- Description
This property is required. string - (String) The description of the IAM User Policy.
- Id
This property is required. string - (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - Pattern
This property is required. string - (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. This property is required. []GetIam User Policy Policy Resource Tag - (List of objects) A nested block describes the access management tags in the policy.
- Resources
This property is required. []GetIam User Policy Policy Resource - (List of objects) A nested block describes the resources in the policy.
- Roles
This property is required. []string - (String) The roles that are assigned to the policy.
- Rule
Conditions This property is required. []GetIam User Policy Policy Rule Condition - (List of objects) A nested block describing the rule conditions of this policy.
- Rule
Operator This property is required. string - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and.
- description
This property is required. String - (String) The description of the IAM User Policy.
- id
This property is required. String - (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - pattern
This property is required. String - (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. This property is required. List<GetIam User Policy Policy Resource Tag> - (List of objects) A nested block describes the access management tags in the policy.
- resources
This property is required. List<GetIam User Policy Policy Resource> - (List of objects) A nested block describes the resources in the policy.
- roles
This property is required. List<String> - (String) The roles that are assigned to the policy.
- rule
Conditions This property is required. List<GetIam User Policy Policy Rule Condition> - (List of objects) A nested block describing the rule conditions of this policy.
- rule
Operator This property is required. String - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and.
- description
This property is required. string - (String) The description of the IAM User Policy.
- id
This property is required. string - (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - pattern
This property is required. string - (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. This property is required. GetIam User Policy Policy Resource Tag[] - (List of objects) A nested block describes the access management tags in the policy.
- resources
This property is required. GetIam User Policy Policy Resource[] - (List of objects) A nested block describes the resources in the policy.
- roles
This property is required. string[] - (String) The roles that are assigned to the policy.
- rule
Conditions This property is required. GetIam User Policy Policy Rule Condition[] - (List of objects) A nested block describing the rule conditions of this policy.
- rule
Operator This property is required. string - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and.
- description
This property is required. str - (String) The description of the IAM User Policy.
- id
This property is required. str - (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - pattern
This property is required. str - (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. This property is required. Sequence[GetIam User Policy Policy Resource Tag] - (List of objects) A nested block describes the access management tags in the policy.
- resources
This property is required. Sequence[GetIam User Policy Policy Resource] - (List of objects) A nested block describes the resources in the policy.
- roles
This property is required. Sequence[str] - (String) The roles that are assigned to the policy.
- rule_
conditions This property is required. Sequence[GetIam User Policy Policy Rule Condition] - (List of objects) A nested block describing the rule conditions of this policy.
- rule_
operator This property is required. str - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and.
- description
This property is required. String - (String) The description of the IAM User Policy.
- id
This property is required. String - (String) The unique identifier of the IAM user policy. The ID is composed of
<ibm_id>/<user_policy_id>. - pattern
This property is required. String - (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. This property is required. List<Property Map>- (List of objects) A nested block describes the access management tags in the policy.
- resources
This property is required. List<Property Map> - (List of objects) A nested block describes the resources in the policy.
- roles
This property is required. List<String> - (String) The roles that are assigned to the policy.
- rule
Conditions This property is required. List<Property Map> - (List of objects) A nested block describing the rule conditions of this policy.
- rule
Operator This property is required. String - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and.
GetIamUserPolicyPolicyResource
- Attributes
This property is required. Dictionary<string, string> - (Map) A set of resource attributes in the format
name=value,name=value. - Region
This property is required. string - (String) The region of the policy definition.
- Resource
This property is required. string - (String) The resource of the policy definition.
- Resource
Group Id This property is required. string - (String) The ID of the resource group.
- Resource
Instance Id This property is required. string - (String) The ID of resource instance of the policy definition.
- Resource
Type This property is required. string - (String) The resource type of the policy definition.
- Service
This property is required. string - (String) The service name of the policy definition.
- Service
Group Id This property is required. string - (String) The service group id of the policy definition.
- Service
Type This property is required. string
- Attributes
This property is required. map[string]string - (Map) A set of resource attributes in the format
name=value,name=value. - Region
This property is required. string - (String) The region of the policy definition.
- Resource
This property is required. string - (String) The resource of the policy definition.
- Resource
Group Id This property is required. string - (String) The ID of the resource group.
- Resource
Instance Id This property is required. string - (String) The ID of resource instance of the policy definition.
- Resource
Type This property is required. string - (String) The resource type of the policy definition.
- Service
This property is required. string - (String) The service name of the policy definition.
- Service
Group Id This property is required. string - (String) The service group id of the policy definition.
- Service
Type This property is required. string
- attributes
This property is required. Map<String,String> - (Map) A set of resource attributes in the format
name=value,name=value. - region
This property is required. String - (String) The region of the policy definition.
- resource
This property is required. String - (String) The resource of the policy definition.
- resource
Group Id This property is required. String - (String) The ID of the resource group.
- resource
Instance Id This property is required. String - (String) The ID of resource instance of the policy definition.
- resource
Type This property is required. String - (String) The resource type of the policy definition.
- service
This property is required. String - (String) The service name of the policy definition.
- service
Group Id This property is required. String - (String) The service group id of the policy definition.
- service
Type This property is required. String
- attributes
This property is required. {[key: string]: string} - (Map) A set of resource attributes in the format
name=value,name=value. - region
This property is required. string - (String) The region of the policy definition.
- resource
This property is required. string - (String) The resource of the policy definition.
- resource
Group Id This property is required. string - (String) The ID of the resource group.
- resource
Instance Id This property is required. string - (String) The ID of resource instance of the policy definition.
- resource
Type This property is required. string - (String) The resource type of the policy definition.
- service
This property is required. string - (String) The service name of the policy definition.
- service
Group Id This property is required. string - (String) The service group id of the policy definition.
- service
Type This property is required. string
- attributes
This property is required. Mapping[str, str] - (Map) A set of resource attributes in the format
name=value,name=value. - region
This property is required. str - (String) The region of the policy definition.
- resource
This property is required. str - (String) The resource of the policy definition.
- resource_
group_ id This property is required. str - (String) The ID of the resource group.
- resource_
instance_ id This property is required. str - (String) The ID of resource instance of the policy definition.
- resource_
type This property is required. str - (String) The resource type of the policy definition.
- service
This property is required. str - (String) The service name of the policy definition.
- service_
group_ id This property is required. str - (String) The service group id of the policy definition.
- service_
type This property is required. str
- attributes
This property is required. Map<String> - (Map) A set of resource attributes in the format
name=value,name=value. - region
This property is required. String - (String) The region of the policy definition.
- resource
This property is required. String - (String) The resource of the policy definition.
- resource
Group Id This property is required. String - (String) The ID of the resource group.
- resource
Instance Id This property is required. String - (String) The ID of resource instance of the policy definition.
- resource
Type This property is required. String - (String) The resource type of the policy definition.
- service
This property is required. String - (String) The service name of the policy definition.
- service
Group Id This property is required. String - (String) The service group id of the policy definition.
- service
Type This property is required. String
GetIamUserPolicyPolicyResourceTag
GetIamUserPolicyPolicyRuleCondition
- Conditions
This property is required. List<GetIam User Policy Policy Rule Condition Condition> - (List of Objects) A nested block describing additional rule conditions of this policy.
- Key
This property is required. string - (String) The key of a condition.
- Operator
This property is required. string - (String) The operator of a condition.
- Values
This property is required. List<string> - (List of Strings) The value of a condition.
- Conditions
This property is required. []GetIam User Policy Policy Rule Condition Condition - (List of Objects) A nested block describing additional rule conditions of this policy.
- Key
This property is required. string - (String) The key of a condition.
- Operator
This property is required. string - (String) The operator of a condition.
- Values
This property is required. []string - (List of Strings) The value of a condition.
- conditions
This property is required. List<GetIam User Policy Policy Rule Condition Condition> - (List of Objects) A nested block describing additional rule conditions of this policy.
- key
This property is required. String - (String) The key of a condition.
- operator
This property is required. String - (String) The operator of a condition.
- values
This property is required. List<String> - (List of Strings) The value of a condition.
- conditions
This property is required. GetIam User Policy Policy Rule Condition Condition[] - (List of Objects) A nested block describing additional rule conditions of this policy.
- key
This property is required. string - (String) The key of a condition.
- operator
This property is required. string - (String) The operator of a condition.
- values
This property is required. string[] - (List of Strings) The value of a condition.
- conditions
This property is required. Sequence[GetIam User Policy Policy Rule Condition Condition] - (List of Objects) A nested block describing additional rule conditions of this policy.
- key
This property is required. str - (String) The key of a condition.
- operator
This property is required. str - (String) The operator of a condition.
- values
This property is required. Sequence[str] - (List of Strings) The value of a condition.
- conditions
This property is required. List<Property Map> - (List of Objects) A nested block describing additional rule conditions of this policy.
- key
This property is required. String - (String) The key of a condition.
- operator
This property is required. String - (String) The operator of a condition.
- values
This property is required. List<String> - (List of Strings) The value of a condition.
GetIamUserPolicyPolicyRuleConditionCondition
Package Details
- Repository
- ibm ibm-cloud/terraform-provider-ibm
- License
- Notes
- This Pulumi package is based on the
ibmTerraform Provider.