DATASOURCE::KMS::Policy - 资源编排

DATASOURCE::KMS::Policy类型用于查询一个权限策略的详情。

语法

{
  "Type": "DATASOURCE::KMS::Policy",
  "Properties": {
    "PolicyName": String,
    "RefreshOptions": String
  }
}

属性

属性名称

类型

必须

允许更新

描述

约束

PolicyName

String

是

权限策略名称。

无

RefreshOptions

String

否

是

当资源栈更新时，数据源资源的刷新策略。

有效值：

Never（默认值）：更新堆栈时，从不刷新数据源资源。
Always：更新堆栈时，始终刷新数据源资源。

返回值

Fn::GetAtt

NetworkRules：绑定的网络控制规则。
Description：权限策略的描述信息。
PolicyName：权限策略名称。
Permissions：权限策略支持的操作。
KmsInstanceId：权限策略的作用域。
Resources：允许访问的密钥和凭据。

示例

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  PolicyName:
    Type: String
    Description:
      en: The name of the permission policy.
    Required: true
Resources:
  ExtensionDataSource:
    Type: DATASOURCE::KMS::Policy
    Properties:
      PolicyName:
        Ref: PolicyName
Outputs:
  NetworkRules:
    Description: The network access rule that is associated with the permission policy.
    Value:
      Fn::GetAtt:
        - ExtensionDataSource
        - NetworkRules
  Description:
    Description: The policy description.
    Value:
      Fn::GetAtt:
        - ExtensionDataSource
        - Description
  PolicyName:
    Description: The name of the permission policy.
    Value:
      Fn::GetAtt:
        - ExtensionDataSource
        - PolicyName
  Permissions:
    Description: A list of operations that can be performed.
    Value:
      Fn::GetAtt:
        - ExtensionDataSource
        - Permissions
  KmsInstanceId:
    Description: KMS instance accessed by this policy.
    Value:
      Fn::GetAtt:
        - ExtensionDataSource
        - KmsInstanceId
  Resources:
    Description: A list of keys and secrets that are allowed to access.
    Value:
      Fn::GetAtt:
        - ExtensionDataSource
        - Resources

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "PolicyName": {
      "Type": "String",
      "Description": {
        "en": "The name of the permission policy."
      },
      "Required": true
    }
  },
  "Resources": {
    "ExtensionDataSource": {
      "Type": "DATASOURCE::KMS::Policy",
      "Properties": {
        "PolicyName": {
          "Ref": "PolicyName"
        }
      }
    }
  },
  "Outputs": {
    "NetworkRules": {
      "Description": "The network access rule that is associated with the permission policy.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionDataSource",
          "NetworkRules"
        ]
      }
    },
    "Description": {
      "Description": "The policy description.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionDataSource",
          "Description"
        ]
      }
    },
    "PolicyName": {
      "Description": "The name of the permission policy.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionDataSource",
          "PolicyName"
        ]
      }
    },
    "Permissions": {
      "Description": "A list of operations that can be performed.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionDataSource",
          "Permissions"
        ]
      }
    },
    "KmsInstanceId": {
      "Description": "KMS instance accessed by this policy.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionDataSource",
          "KmsInstanceId"
        ]
      }
    },
    "Resources": {
      "Description": "A list of keys and secrets that are allowed to access.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionDataSource",
          "Resources"
        ]
      }
    }
  }
}