Policy

This class encapsulates and extends the ROS resource type ALIYUN::KMS::Policy.

Initializers

import ros_cdk_kms
ros_cdk_kms.Policy(
  scope: Construct,
  id: str,
  access_control_rules: typing.Union[IResolvable, AccessControlRulesProperty],
  kms_instance_id: typing.Union[str, IResolvable],
  permissions: typing.Union[IResolvable, typing.List[typing.Union[str, IResolvable]]],
  policy_name: typing.Union[str, IResolvable],
  resources: typing.Union[IResolvable, typing.List[typing.Union[str, IResolvable]]],
  description: typing.Union[str, IResolvable] = None,
  enable_resource_property_constraint: bool = None
)

Name	Type	Description
`scope`	`ros_cdk_core.Construct`	No description.
`id`	`str`	No description.
`access_control_rules`	`typing.Union[ros_cdk_core.IResolvable, AccessControlRulesProperty]`	Property accessControlRules: Network Rules info.
`kms_instance_id`	`typing.Union[str, ros_cdk_core.IResolvable]`	Property kmsInstanceId: The scope of the permission policy.
`permissions`	`typing.Union[ros_cdk_core.IResolvable, typing.List[typing.Union[str, ros_cdk_core.IResolvable]]]`	Property permissions: The operations that can be performed.
`policy_name`	`typing.Union[str, ros_cdk_core.IResolvable]`	Property policyName: The name of the permission policy.
`resources`	`typing.Union[ros_cdk_core.IResolvable, typing.List[typing.Union[str, ros_cdk_core.IResolvable]]]`	Property resources: The key and secret that are allowed to access.
`description`	`typing.Union[str, ros_cdk_core.IResolvable]`	Property description: The description of the permission policy.
`enable_resource_property_constraint`	`bool`	No description.

`scope`^Required

Type: ros_cdk_core.Construct

`id`^Required

Type: str

`access_control_rules`^Required

Type: typing.Union[ros_cdk_core.IResolvable, AccessControlRulesProperty]

Property accessControlRules: Network Rules info.

`kms_instance_id`^Required

Type: typing.Union[str, ros_cdk_core.IResolvable]

Property kmsInstanceId: The scope of the permission policy.

You need to specify the KMS instance that you want to access.

`permissions`^Required

Type: typing.Union[ros_cdk_core.IResolvable, typing.List[typing.Union[str, ros_cdk_core.IResolvable]]]

Property permissions: The operations that can be performed.

Valid values: RbacPermission/Template/CryptoServiceKeyUser: allows you to perform cryptographic operations. RbacPermission/Template/CryptoServiceSecretUser: allows you to perform secret-related operations.

`policy_name`^Required

Type: typing.Union[str, ros_cdk_core.IResolvable]

Property policyName: The name of the permission policy.

`resources`^Required

Type: typing.Union[ros_cdk_core.IResolvable, typing.List[typing.Union[str, ros_cdk_core.IResolvable]]]

Property resources: The key and secret that are allowed to access.

Supports a maximum of 30 key and secret. Key: Enter a key in the key/${KeyId} format. To allow access to all keys of a KMS instance, enter key/. Secret: Enter a secret in the secret/${SecretName} format. To allow access to all secrets of a KMS instance, enter secret/.

`description`^Optional

Type: typing.Union[str, ros_cdk_core.IResolvable]

Property description: The description of the permission policy.

`enable_resource_property_constraint`^Optional

Type: bool

Methods

Name	Description
`to_string`	Returns a string representation of this construct.
`synthesize`	Allows this construct to emit artifacts into the cloud assembly during synthesis.
`add_condition`	No description.
`add_count`	No description.
`add_dependency`	No description.
`add_resource_desc`	No description.
`apply_removal_policy`	No description.
`get_att`	No description.
`set_metadata`	No description.

`to_string`

def to_string() -> str

Returns a string representation of this construct.

`synthesize`

def synthesize(
  session: ISynthesisSession
) -> None

Allows this construct to emit artifacts into the cloud assembly during synthesis.

This method is usually implemented by framework-level constructs such as Stack and Asset as they participate in synthesizing the cloud assembly.

session^Required

Type: ros_cdk_core.ISynthesisSession

The synthesis session.

`add_condition`

def add_condition(
  condition: RosCondition
) -> None

condition^Required

Type: ros_cdk_core.RosCondition

`add_count`

def add_count(
  count: typing.Union[typing.Union[int, float], IResolvable]
) -> None

count^Required

Type: typing.Union[typing.Union[int, float], ros_cdk_core.IResolvable]

`add_dependency`

def add_dependency(
  resource: Resource
) -> None

resource^Required

Type: ros_cdk_core.Resource

`add_resource_desc`

def add_resource_desc(
  desc: str
) -> None

desc^Required

Type: str

`apply_removal_policy`

def apply_removal_policy(
  policy: RemovalPolicy
) -> None

policy^Required

Type: ros_cdk_core.RemovalPolicy

`get_att`

def get_att(
  name: str
) -> IResolvable

name^Required

Type: str

`set_metadata`

def set_metadata(
  key: str,
  value: typing.Any
) -> None

key^Required

Type: str

value^Required

Type: typing.Any

Static Functions

Name	Description
`is_construct`	Return whether the given object is a Construct.

`is_construct`

import ros_cdk_kms
ros_cdk_kms.Policy.is_construct(
  x: typing.Any
)

Return whether the given object is a Construct.

x^Required

Type: typing.Any

Properties

Name	Type	Description
`node`	`ros_cdk_core.ConstructNode`	The construct tree node associated with this construct.
`ref`	`str`	No description.
`stack`	`ros_cdk_core.Stack`	The stack in which this resource is defined.
`resource`	`ros_cdk_core.RosResource`	No description.
`attr_access_control_rules`	`ros_cdk_core.IResolvable`	Attribute AccessControlRules: Network Rules info.
`attr_description`	`ros_cdk_core.IResolvable`	Attribute Description: Description.
`attr_kms_instance_id`	`ros_cdk_core.IResolvable`	Attribute KmsInstanceId: The scope of the permission policy.
`attr_permissions`	`ros_cdk_core.IResolvable`	Attribute Permissions: RbacPermission Template, support RbacPermission/Template/CryptoServiceKeyUser and RbacPermission/Template/CryptoServiceSecretUser.
`attr_policy_name`	`ros_cdk_core.IResolvable`	Attribute PolicyName: The name of the permission policy.
`attr_resources`	`ros_cdk_core.IResolvable`	Attribute Resources: Resources that allowed access by this policy.

`node`^Required

node: ConstructNode

Type: ros_cdk_core.ConstructNode

The construct tree node associated with this construct.

`ref`^Required

ref: str

Type: str

`stack`^Required

stack: Stack

Type: ros_cdk_core.Stack

The stack in which this resource is defined.

`resource`^Optional

resource: RosResource

Type: ros_cdk_core.RosResource

`attr_access_control_rules`^Required

attr_access_control_rules: IResolvable

Type: ros_cdk_core.IResolvable

Attribute AccessControlRules: Network Rules info.

`attr_description`^Required

attr_description: IResolvable

Type: ros_cdk_core.IResolvable

Attribute Description: Description.

`attr_kms_instance_id`^Required

attr_kms_instance_id: IResolvable

Type: ros_cdk_core.IResolvable

Attribute KmsInstanceId: The scope of the permission policy.

You need to specify the KMS instance that you want to access.

`attr_permissions`^Required

attr_permissions: IResolvable

Type: ros_cdk_core.IResolvable

Attribute Permissions: RbacPermission Template, support RbacPermission/Template/CryptoServiceKeyUser and RbacPermission/Template/CryptoServiceSecretUser.

`attr_policy_name`^Required

attr_policy_name: IResolvable

Type: ros_cdk_core.IResolvable

Attribute PolicyName: The name of the permission policy.

`attr_resources`^Required

attr_resources: IResolvable

Type: ros_cdk_core.IResolvable

Attribute Resources: Resources that allowed access by this policy.

Policy

Initializers

scopeRequired

idRequired

access_control_rulesRequired

kms_instance_idRequired

permissionsRequired

policy_nameRequired

resourcesRequired

descriptionOptional

enable_resource_property_constraintOptional

Methods

to_string

synthesize

add_condition

add_count

add_dependency

add_resource_desc

apply_removal_policy

get_att

set_metadata