generated from pulumi/pulumi-tf-provider-boilerplate
/
getAwsAssumeRolePolicy.go
188 lines (169 loc) · 7.28 KB
/
getAwsAssumeRolePolicy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT.
// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***
package databricks
import (
"context"
"reflect"
"github.com/pulumi/pulumi-databricks/sdk/go/databricks/internal"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
// This data source constructs necessary AWS STS assume role policy for you.
//
// ## Example Usage
//
// End-to-end example of provisioning Cross-account IAM role with databricks_mws_credentials:
//
// ```go
// package main
//
// import (
//
// "fmt"
//
// "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
// "github.com/pulumi/pulumi-databricks/sdk/go/databricks"
// "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
// "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
//
// )
//
// func main() {
// pulumi.Run(func(ctx *pulumi.Context) error {
// cfg := config.New(ctx, "")
// // Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
// databricksAccountId := cfg.RequireObject("databricksAccountId")
// this, err := databricks.GetAwsCrossAccountPolicy(ctx, nil, nil)
// if err != nil {
// return err
// }
// crossAccountPolicy, err := iam.NewPolicy(ctx, "cross_account_policy", &iam.PolicyArgs{
// Name: pulumi.String(fmt.Sprintf("%v-crossaccount-iam-policy", prefix)),
// Policy: pulumi.String(this.Json),
// })
// if err != nil {
// return err
// }
// thisGetAwsAssumeRolePolicy, err := databricks.GetAwsAssumeRolePolicy(ctx, &databricks.GetAwsAssumeRolePolicyArgs{
// ExternalId: databricksAccountId,
// }, nil)
// if err != nil {
// return err
// }
// crossAccount, err := iam.NewRole(ctx, "cross_account", &iam.RoleArgs{
// Name: pulumi.String(fmt.Sprintf("%v-crossaccount-iam-role", prefix)),
// AssumeRolePolicy: pulumi.String(thisGetAwsAssumeRolePolicy.Json),
// Description: pulumi.String("Grants Databricks full access to VPC resources"),
// })
// if err != nil {
// return err
// }
// _, err = iam.NewRolePolicyAttachment(ctx, "cross_account", &iam.RolePolicyAttachmentArgs{
// PolicyArn: crossAccountPolicy.Arn,
// Role: crossAccount.Name,
// })
// if err != nil {
// return err
// }
// // required only in case of multi-workspace setup
// _, err = databricks.NewMwsCredentials(ctx, "this", &databricks.MwsCredentialsArgs{
// AccountId: pulumi.Any(databricksAccountId),
// CredentialsName: pulumi.String(fmt.Sprintf("%v-creds", prefix)),
// RoleArn: crossAccount.Arn,
// })
// if err != nil {
// return err
// }
// return nil
// })
// }
//
// ```
//
// ## Related Resources
//
// The following resources are used in the same context:
//
// * Provisioning AWS Databricks E2 with a Hub & Spoke firewall for data exfiltration protection guide
// * getAwsBucketPolicy data to configure a simple access policy for AWS S3 buckets, so that Databricks can access data in it.
// * getAwsCrossAccountPolicy data to construct the necessary AWS cross-account policy for you, which is based on [official documentation](https://docs.databricks.com/administration-guide/account-api/iam-role.html#language-Your%C2%A0VPC,%C2%A0default).
func GetAwsAssumeRolePolicy(ctx *pulumi.Context, args *GetAwsAssumeRolePolicyArgs, opts ...pulumi.InvokeOption) (*GetAwsAssumeRolePolicyResult, error) {
opts = internal.PkgInvokeDefaultOpts(opts)
var rv GetAwsAssumeRolePolicyResult
err := ctx.Invoke("databricks:index/getAwsAssumeRolePolicy:getAwsAssumeRolePolicy", args, &rv, opts...)
if err != nil {
return nil, err
}
return &rv, nil
}
// A collection of arguments for invoking getAwsAssumeRolePolicy.
type GetAwsAssumeRolePolicyArgs struct {
DatabricksAccountId *string `pulumi:"databricksAccountId"`
// Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/).
ExternalId string `pulumi:"externalId"`
// Either or not this assume role policy should be created for usage log delivery. Defaults to false.
ForLogDelivery *bool `pulumi:"forLogDelivery"`
}
// A collection of values returned by getAwsAssumeRolePolicy.
type GetAwsAssumeRolePolicyResult struct {
DatabricksAccountId *string `pulumi:"databricksAccountId"`
ExternalId string `pulumi:"externalId"`
ForLogDelivery *bool `pulumi:"forLogDelivery"`
// The provider-assigned unique ID for this managed resource.
Id string `pulumi:"id"`
// AWS IAM Policy JSON document
Json string `pulumi:"json"`
}
func GetAwsAssumeRolePolicyOutput(ctx *pulumi.Context, args GetAwsAssumeRolePolicyOutputArgs, opts ...pulumi.InvokeOption) GetAwsAssumeRolePolicyResultOutput {
return pulumi.ToOutputWithContext(context.Background(), args).
ApplyT(func(v interface{}) (GetAwsAssumeRolePolicyResult, error) {
args := v.(GetAwsAssumeRolePolicyArgs)
r, err := GetAwsAssumeRolePolicy(ctx, &args, opts...)
var s GetAwsAssumeRolePolicyResult
if r != nil {
s = *r
}
return s, err
}).(GetAwsAssumeRolePolicyResultOutput)
}
// A collection of arguments for invoking getAwsAssumeRolePolicy.
type GetAwsAssumeRolePolicyOutputArgs struct {
DatabricksAccountId pulumi.StringPtrInput `pulumi:"databricksAccountId"`
// Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/).
ExternalId pulumi.StringInput `pulumi:"externalId"`
// Either or not this assume role policy should be created for usage log delivery. Defaults to false.
ForLogDelivery pulumi.BoolPtrInput `pulumi:"forLogDelivery"`
}
func (GetAwsAssumeRolePolicyOutputArgs) ElementType() reflect.Type {
return reflect.TypeOf((*GetAwsAssumeRolePolicyArgs)(nil)).Elem()
}
// A collection of values returned by getAwsAssumeRolePolicy.
type GetAwsAssumeRolePolicyResultOutput struct{ *pulumi.OutputState }
func (GetAwsAssumeRolePolicyResultOutput) ElementType() reflect.Type {
return reflect.TypeOf((*GetAwsAssumeRolePolicyResult)(nil)).Elem()
}
func (o GetAwsAssumeRolePolicyResultOutput) ToGetAwsAssumeRolePolicyResultOutput() GetAwsAssumeRolePolicyResultOutput {
return o
}
func (o GetAwsAssumeRolePolicyResultOutput) ToGetAwsAssumeRolePolicyResultOutputWithContext(ctx context.Context) GetAwsAssumeRolePolicyResultOutput {
return o
}
func (o GetAwsAssumeRolePolicyResultOutput) DatabricksAccountId() pulumi.StringPtrOutput {
return o.ApplyT(func(v GetAwsAssumeRolePolicyResult) *string { return v.DatabricksAccountId }).(pulumi.StringPtrOutput)
}
func (o GetAwsAssumeRolePolicyResultOutput) ExternalId() pulumi.StringOutput {
return o.ApplyT(func(v GetAwsAssumeRolePolicyResult) string { return v.ExternalId }).(pulumi.StringOutput)
}
func (o GetAwsAssumeRolePolicyResultOutput) ForLogDelivery() pulumi.BoolPtrOutput {
return o.ApplyT(func(v GetAwsAssumeRolePolicyResult) *bool { return v.ForLogDelivery }).(pulumi.BoolPtrOutput)
}
// The provider-assigned unique ID for this managed resource.
func (o GetAwsAssumeRolePolicyResultOutput) Id() pulumi.StringOutput {
return o.ApplyT(func(v GetAwsAssumeRolePolicyResult) string { return v.Id }).(pulumi.StringOutput)
}
// AWS IAM Policy JSON document
func (o GetAwsAssumeRolePolicyResultOutput) Json() pulumi.StringOutput {
return o.ApplyT(func(v GetAwsAssumeRolePolicyResult) string { return v.Json }).(pulumi.StringOutput)
}
func init() {
pulumi.RegisterOutputType(GetAwsAssumeRolePolicyResultOutput{})
}