import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
 * Creates and manages Scaleway IAM Policies. For more information refer to the [IAM API documentation](https://www.scaleway.com/en/developers/api/iam/#path-policies-create-a-new-policy).
 *
 * > You can find a detailed list of all permission sets available at Scaleway in the permission sets [reference page](https://www.scaleway.com/en/docs/iam/reference-content/permission-sets/).
 *
 * ## Example Usage
 *
 * ### Create a policy for an organization's project
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as scaleway from "@pulumiverse/scaleway";
 *
 * const _default = scaleway.account.getProject({
 *     name: "default",
 * });
 * const app = new scaleway.iam.Application("app", {name: "my app"});
 * const objectReadOnly = new scaleway.iam.Policy("object_read_only", {
 *     name: "my policy",
 *     description: "gives app readonly access to object storage in project",
 *     applicationId: app.id,
 *     rules: [{
 *         projectIds: [_default.then(_default => _default.id)],
 *         permissionSetNames: ["ObjectStorageReadOnly"],
 *     }],
 * });
 * ```
 *
 * ### Create a policy for all current and future projects in an organization
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as scaleway from "@pulumiverse/scaleway";
 *
 * const app = new scaleway.iam.Application("app", {name: "my app"});
 * const objectReadOnly = new scaleway.iam.Policy("object_read_only", {
 *     name: "my policy",
 *     description: "gives app readonly access to object storage in project",
 *     applicationId: app.id,
 *     rules: [{
 *         organizationId: app.organizationId,
 *         permissionSetNames: ["ObjectStorageReadOnly"],
 *     }],
 * });
 * ```
 *
 * ### Create a permission for multiple users using a group
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as scaleway from "@pulumiverse/scaleway";
 * import * as std from "@pulumi/std";
 *
 * const users = [
 *     "user1@mail.com",
 *     "user2@mail.com",
 * ];
 * const projectName = "default";
 * const project = scaleway.account.getProject({
 *     name: projectName,
 * });
 * const usersGetUser = .reduce((__obj, [__key, __value]) => ({ ...__obj, [String(__key)]: scaleway.iam.getUser({
 *     email: __value,
 * }) }), {});
 * const withUsers = new scaleway.iam.Group("with_users", {
 *     name: "developers",
 *     userIds: Object.values(usersGetUser).map(user => (user.id)),
 * });
 * const iamTfStoragePolicy = new scaleway.iam.Policy("iam_tf_storage_policy", {
 *     name: "developers permissions",
 *     groupId: withUsers.id,
 *     rules: [{
 *         projectIds: [project.then(project => project.id)],
 *         permissionSetNames: ["InstancesReadOnly"],
 *     }],
 * });
 * ```
 *
 * ### Create a policy with a particular condition
 *
 * IAM policy rule can use a condition to be applied.
 * The following variables are available:
 *
 * - `request.ip`
 * - `request.user_agent`
 * - `request.time`
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as scaleway from "@pulumiverse/scaleway";
 *
 * const main = new scaleway.iam.Policy("main", {
 *     name: "tf_tests_policy_condition",
 *     noPrincipal: true,
 *     rules: [{
 *         organizationId: "%s",
 *         permissionSetNames: ["AllProductsFullAccess"],
 *         condition: "request.user_agent == 'My User Agent'",
 *     }],
 * });
 * ```
 *
 * ## Import
 *
 * Policies can be imported using the `{id}`, e.g.
 *
 * ```sh
 * $ pulumi import scaleway:iam/policy:Policy main 11111111-1111-1111-1111-111111111111
 * ```
 */
export declare class Policy extends pulumi.CustomResource {
    /**
     * Get an existing Policy resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicyState, opts?: pulumi.CustomResourceOptions): Policy;
    /**
     * Returns true if the given object is an instance of Policy.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is Policy;
    /**
     * ID of the application the policy will be linked to
     */
    readonly applicationId: pulumi.Output<string | undefined>;
    /**
     * The date and time of the creation of the policy.
     */
    readonly createdAt: pulumi.Output<string>;
    /**
     * The description of the IAM policy.
     */
    readonly description: pulumi.Output<string | undefined>;
    /**
     * Whether the policy is editable.
     */
    readonly editable: pulumi.Output<boolean>;
    /**
     * ID of the group the policy will be linked to
     */
    readonly groupId: pulumi.Output<string | undefined>;
    /**
     * The name of the IAM policy.
     */
    readonly name: pulumi.Output<string>;
    /**
     * If the policy doesn't apply to a principal.
     *
     * > **Important** Only one of `userId`, `groupId`, `applicationId` and `noPrincipal` may be set.
     */
    readonly noPrincipal: pulumi.Output<boolean | undefined>;
    /**
     * `organizationId`) The ID of the organization the policy is associated with.
     */
    readonly organizationId: pulumi.Output<string>;
    /**
     * List of rules in the policy.
     */
    readonly rules: pulumi.Output<outputs.iam.PolicyRule[]>;
    /**
     * The tags associated with the IAM policy.
     */
    readonly tags: pulumi.Output<string[] | undefined>;
    /**
     * The date and time of the last update of the policy.
     */
    readonly updatedAt: pulumi.Output<string>;
    /**
     * ID of the user the policy will be linked to
     */
    readonly userId: pulumi.Output<string | undefined>;
    /**
     * Create a Policy resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: PolicyArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering Policy resources.
 */
export interface PolicyState {
    /**
     * ID of the application the policy will be linked to
     */
    applicationId?: pulumi.Input<string | undefined>;
    /**
     * The date and time of the creation of the policy.
     */
    createdAt?: pulumi.Input<string | undefined>;
    /**
     * The description of the IAM policy.
     */
    description?: pulumi.Input<string | undefined>;
    /**
     * Whether the policy is editable.
     */
    editable?: pulumi.Input<boolean | undefined>;
    /**
     * ID of the group the policy will be linked to
     */
    groupId?: pulumi.Input<string | undefined>;
    /**
     * The name of the IAM policy.
     */
    name?: pulumi.Input<string | undefined>;
    /**
     * If the policy doesn't apply to a principal.
     *
     * > **Important** Only one of `userId`, `groupId`, `applicationId` and `noPrincipal` may be set.
     */
    noPrincipal?: pulumi.Input<boolean | undefined>;
    /**
     * `organizationId`) The ID of the organization the policy is associated with.
     */
    organizationId?: pulumi.Input<string | undefined>;
    /**
     * List of rules in the policy.
     */
    rules?: pulumi.Input<pulumi.Input<inputs.iam.PolicyRule>[] | undefined>;
    /**
     * The tags associated with the IAM policy.
     */
    tags?: pulumi.Input<pulumi.Input<string>[] | undefined>;
    /**
     * The date and time of the last update of the policy.
     */
    updatedAt?: pulumi.Input<string | undefined>;
    /**
     * ID of the user the policy will be linked to
     */
    userId?: pulumi.Input<string | undefined>;
}
/**
 * The set of arguments for constructing a Policy resource.
 */
export interface PolicyArgs {
    /**
     * ID of the application the policy will be linked to
     */
    applicationId?: pulumi.Input<string | undefined>;
    /**
     * The description of the IAM policy.
     */
    description?: pulumi.Input<string | undefined>;
    /**
     * ID of the group the policy will be linked to
     */
    groupId?: pulumi.Input<string | undefined>;
    /**
     * The name of the IAM policy.
     */
    name?: pulumi.Input<string | undefined>;
    /**
     * If the policy doesn't apply to a principal.
     *
     * > **Important** Only one of `userId`, `groupId`, `applicationId` and `noPrincipal` may be set.
     */
    noPrincipal?: pulumi.Input<boolean | undefined>;
    /**
     * `organizationId`) The ID of the organization the policy is associated with.
     */
    organizationId?: pulumi.Input<string | undefined>;
    /**
     * List of rules in the policy.
     */
    rules: pulumi.Input<pulumi.Input<inputs.iam.PolicyRule>[]>;
    /**
     * The tags associated with the IAM policy.
     */
    tags?: pulumi.Input<pulumi.Input<string>[] | undefined>;
    /**
     * ID of the user the policy will be linked to
     */
    userId?: pulumi.Input<string | undefined>;
}
//# sourceMappingURL=policy.d.ts.map