Docs Home
Aiven v6.28.0 published on Friday, Nov 15, 2024 by Pulumi
aiven.OrganizationPermission
Explore with Pulumi AI
Grants roles and permissions to a principal for a resource.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aiven from "@pulumi/aiven";
const examplePermissions = new aiven.OrganizationPermission("example_permissions", {
organizationId: main.id,
resourceId: exampleProject.id,
resourceType: "project",
permissions: [
{
permissions: [
"operator",
"service:logs:read",
],
principalId: "u123a456b7890c",
principalType: "user",
},
{
permissions: [
"project:integrations:write",
"project:networking:read",
"developer",
],
principalId: exampleGroup.groupId,
principalType: "user_group",
},
],
});
import pulumi
import pulumi_aiven as aiven
example_permissions = aiven.OrganizationPermission("example_permissions",
organization_id=main["id"],
resource_id=example_project["id"],
resource_type="project",
permissions=[
{
"permissions": [
"operator",
"service:logs:read",
],
"principal_id": "u123a456b7890c",
"principal_type": "user",
},
{
"permissions": [
"project:integrations:write",
"project:networking:read",
"developer",
],
"principal_id": example_group["groupId"],
"principal_type": "user_group",
},
])
package main
import (
"github.com/pulumi/pulumi-aiven/sdk/v6/go/aiven"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := aiven.NewOrganizationPermission(ctx, "example_permissions", &aiven.OrganizationPermissionArgs{
OrganizationId: pulumi.Any(main.Id),
ResourceId: pulumi.Any(exampleProject.Id),
ResourceType: pulumi.String("project"),
Permissions: aiven.OrganizationPermissionPermissionArray{
&aiven.OrganizationPermissionPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("operator"),
pulumi.String("service:logs:read"),
},
PrincipalId: pulumi.String("u123a456b7890c"),
PrincipalType: pulumi.String("user"),
},
&aiven.OrganizationPermissionPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("project:integrations:write"),
pulumi.String("project:networking:read"),
pulumi.String("developer"),
},
PrincipalId: pulumi.Any(exampleGroup.GroupId),
PrincipalType: pulumi.String("user_group"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aiven = Pulumi.Aiven;
return await Deployment.RunAsync(() =>
{
var examplePermissions = new Aiven.OrganizationPermission("example_permissions", new()
{
OrganizationId = main.Id,
ResourceId = exampleProject.Id,
ResourceType = "project",
Permissions = new[]
{
new Aiven.Inputs.OrganizationPermissionPermissionArgs
{
Permissions = new[]
{
"operator",
"service:logs:read",
},
PrincipalId = "u123a456b7890c",
PrincipalType = "user",
},
new Aiven.Inputs.OrganizationPermissionPermissionArgs
{
Permissions = new[]
{
"project:integrations:write",
"project:networking:read",
"developer",
},
PrincipalId = exampleGroup.GroupId,
PrincipalType = "user_group",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aiven.OrganizationPermission;
import com.pulumi.aiven.OrganizationPermissionArgs;
import com.pulumi.aiven.inputs.OrganizationPermissionPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var examplePermissions = new OrganizationPermission("examplePermissions", OrganizationPermissionArgs.builder()
.organizationId(main.id())
.resourceId(exampleProject.id())
.resourceType("project")
.permissions(
OrganizationPermissionPermissionArgs.builder()
.permissions(
"operator",
"service:logs:read")
.principalId("u123a456b7890c")
.principalType("user")
.build(),
OrganizationPermissionPermissionArgs.builder()
.permissions(
"project:integrations:write",
"project:networking:read",
"developer")
.principalId(exampleGroup.groupId())
.principalType("user_group")
.build())
.build());
}
}
resources:
examplePermissions:
type: aiven:OrganizationPermission
name: example_permissions
properties:
organizationId: ${main.id}
resourceId: ${exampleProject.id}
resourceType: project
permissions:
- permissions:
- operator
- service:logs:read
principalId: u123a456b7890c
principalType: user
- permissions:
- project:integrations:write
- project:networking:read
- developer
principalId: ${exampleGroup.groupId}
principalType: user_group
Create OrganizationPermission Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new OrganizationPermission(name: string, args: OrganizationPermissionArgs, opts?: CustomResourceOptions);@overload
def OrganizationPermission(resource_name: str,
args: OrganizationPermissionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def OrganizationPermission(resource_name: str,
opts: Optional[ResourceOptions] = None,
organization_id: Optional[str] = None,
permissions: Optional[Sequence[OrganizationPermissionPermissionArgs]] = None,
resource_id: Optional[str] = None,
resource_type: Optional[str] = None)func NewOrganizationPermission(ctx *Context, name string, args OrganizationPermissionArgs, opts ...ResourceOption) (*OrganizationPermission, error)public OrganizationPermission(string name, OrganizationPermissionArgs args, CustomResourceOptions? opts = null)
public OrganizationPermission(String name, OrganizationPermissionArgs args)
public OrganizationPermission(String name, OrganizationPermissionArgs args, CustomResourceOptions options)
type: aiven:OrganizationPermission
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args OrganizationPermissionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OrganizationPermissionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OrganizationPermissionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationPermissionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OrganizationPermissionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var organizationPermissionResource = new Aiven.OrganizationPermission("organizationPermissionResource", new()
{
OrganizationId = "string",
Permissions = new[]
{
new Aiven.Inputs.OrganizationPermissionPermissionArgs
{
Permissions = new[]
{
"string",
},
PrincipalId = "string",
PrincipalType = "string",
CreateTime = "string",
UpdateTime = "string",
},
},
ResourceId = "string",
ResourceType = "string",
});
example, err := aiven.NewOrganizationPermission(ctx, "organizationPermissionResource", &aiven.OrganizationPermissionArgs{
OrganizationId: pulumi.String("string"),
Permissions: aiven.OrganizationPermissionPermissionArray{
&aiven.OrganizationPermissionPermissionArgs{
Permissions: pulumi.StringArray{
pulumi.String("string"),
},
PrincipalId: pulumi.String("string"),
PrincipalType: pulumi.String("string"),
CreateTime: pulumi.String("string"),
UpdateTime: pulumi.String("string"),
},
},
ResourceId: pulumi.String("string"),
ResourceType: pulumi.String("string"),
})
var organizationPermissionResource = new OrganizationPermission("organizationPermissionResource", OrganizationPermissionArgs.builder()
.organizationId("string")
.permissions(OrganizationPermissionPermissionArgs.builder()
.permissions("string")
.principalId("string")
.principalType("string")
.createTime("string")
.updateTime("string")
.build())
.resourceId("string")
.resourceType("string")
.build());
organization_permission_resource = aiven.OrganizationPermission("organizationPermissionResource",
organization_id="string",
permissions=[{
"permissions": ["string"],
"principal_id": "string",
"principal_type": "string",
"create_time": "string",
"update_time": "string",
}],
resource_id="string",
resource_type="string")
const organizationPermissionResource = new aiven.OrganizationPermission("organizationPermissionResource", {
organizationId: "string",
permissions: [{
permissions: ["string"],
principalId: "string",
principalType: "string",
createTime: "string",
updateTime: "string",
}],
resourceId: "string",
resourceType: "string",
});
type: aiven:OrganizationPermission
properties:
organizationId: string
permissions:
- createTime: string
permissions:
- string
principalId: string
principalType: string
updateTime: string
resourceId: string
resourceType: string
OrganizationPermission Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The OrganizationPermission resource accepts the following input properties:
- Organization
Id string - Organization ID.
- Permissions
List<Organization
Permission Permission> - Permissions to grant to principals.
- Resource
Id string - Resource ID.
- Resource
Type string - Resource type. The possible values are
project,organizationandorganization_unit.
- Organization
Id string - Organization ID.
- Permissions
[]Organization
Permission Permission Args - Permissions to grant to principals.
- Resource
Id string - Resource ID.
- Resource
Type string - Resource type. The possible values are
project,organizationandorganization_unit.
- organization
Id String - Organization ID.
- permissions
List<Organization
Permission Permission> - Permissions to grant to principals.
- resource
Id String - Resource ID.
- resource
Type String - Resource type. The possible values are
project,organizationandorganization_unit.
- organization
Id string - Organization ID.
- permissions
Organization
Permission Permission[] - Permissions to grant to principals.
- resource
Id string - Resource ID.
- resource
Type string - Resource type. The possible values are
project,organizationandorganization_unit.
- organization_
id str - Organization ID.
- permissions
Sequence[Organization
Permission Permission Args] - Permissions to grant to principals.
- resource_
id str - Resource ID.
- resource_
type str - Resource type. The possible values are
project,organizationandorganization_unit.
- organization
Id String - Organization ID.
- permissions List<Property Map>
- Permissions to grant to principals.
- resource
Id String - Resource ID.
- resource
Type String - Resource type. The possible values are
project,organizationandorganization_unit.
Outputs
All input properties are implicitly available as output properties. Additionally, the OrganizationPermission resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing OrganizationPermission Resource
Get an existing OrganizationPermission resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OrganizationPermissionState, opts?: CustomResourceOptions): OrganizationPermission@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
organization_id: Optional[str] = None,
permissions: Optional[Sequence[OrganizationPermissionPermissionArgs]] = None,
resource_id: Optional[str] = None,
resource_type: Optional[str] = None) -> OrganizationPermissionfunc GetOrganizationPermission(ctx *Context, name string, id IDInput, state *OrganizationPermissionState, opts ...ResourceOption) (*OrganizationPermission, error)public static OrganizationPermission Get(string name, Input<string> id, OrganizationPermissionState? state, CustomResourceOptions? opts = null)public static OrganizationPermission get(String name, Output<String> id, OrganizationPermissionState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Organization
Id string - Organization ID.
- Permissions
List<Organization
Permission Permission> - Permissions to grant to principals.
- Resource
Id string - Resource ID.
- Resource
Type string - Resource type. The possible values are
project,organizationandorganization_unit.
- Organization
Id string - Organization ID.
- Permissions
[]Organization
Permission Permission Args - Permissions to grant to principals.
- Resource
Id string - Resource ID.
- Resource
Type string - Resource type. The possible values are
project,organizationandorganization_unit.
- organization
Id String - Organization ID.
- permissions
List<Organization
Permission Permission> - Permissions to grant to principals.
- resource
Id String - Resource ID.
- resource
Type String - Resource type. The possible values are
project,organizationandorganization_unit.
- organization
Id string - Organization ID.
- permissions
Organization
Permission Permission[] - Permissions to grant to principals.
- resource
Id string - Resource ID.
- resource
Type string - Resource type. The possible values are
project,organizationandorganization_unit.
- organization_
id str - Organization ID.
- permissions
Sequence[Organization
Permission Permission Args] - Permissions to grant to principals.
- resource_
id str - Resource ID.
- resource_
type str - Resource type. The possible values are
project,organizationandorganization_unit.
- organization
Id String - Organization ID.
- permissions List<Property Map>
- Permissions to grant to principals.
- resource
Id String - Resource ID.
- resource
Type String - Resource type. The possible values are
project,organizationandorganization_unit.
Supporting Types
OrganizationPermissionPermission, OrganizationPermissionPermissionArgs
- Permissions List<string>
- List of roles and permissions to grant. The possible values are
admin,developer,operator,organization:app_users:write,organization:audit_logs:read,organization:billing:read,organization:billing:write,organization:domains:write,organization:groups:write,organization:idps:write,organization:network:read,organization:network:write,organization:permissions:read,organization:permissions:write,organization:projects:read,organization:projects:write,organization:users:write,project:audit_logs:read,project:integrations:read,project:integrations:write,project:networking:read,project:networking:write,project:permissions:read,project:services:read,project:services:write,read_only,role:organization:admin,role:services:maintenance,role:services:recover,service:configuration:write,service:data:write,service:logs:read,service:secrets:readandservice:users:write. - Principal
Id string - ID of the user or group to grant permissions to. Only active users who have accepted an invite to join the organization can be granted permissions.
- Principal
Type string - The type of principal. The possible values are
useranduser_group. - Create
Time string - Time created.
- Update
Time string - Time updated.
- Permissions []string
- List of roles and permissions to grant. The possible values are
admin,developer,operator,organization:app_users:write,organization:audit_logs:read,organization:billing:read,organization:billing:write,organization:domains:write,organization:groups:write,organization:idps:write,organization:network:read,organization:network:write,organization:permissions:read,organization:permissions:write,organization:projects:read,organization:projects:write,organization:users:write,project:audit_logs:read,project:integrations:read,project:integrations:write,project:networking:read,project:networking:write,project:permissions:read,project:services:read,project:services:write,read_only,role:organization:admin,role:services:maintenance,role:services:recover,service:configuration:write,service:data:write,service:logs:read,service:secrets:readandservice:users:write. - Principal
Id string - ID of the user or group to grant permissions to. Only active users who have accepted an invite to join the organization can be granted permissions.
- Principal
Type string - The type of principal. The possible values are
useranduser_group. - Create
Time string - Time created.
- Update
Time string - Time updated.
- permissions List<String>
- List of roles and permissions to grant. The possible values are
admin,developer,operator,organization:app_users:write,organization:audit_logs:read,organization:billing:read,organization:billing:write,organization:domains:write,organization:groups:write,organization:idps:write,organization:network:read,organization:network:write,organization:permissions:read,organization:permissions:write,organization:projects:read,organization:projects:write,organization:users:write,project:audit_logs:read,project:integrations:read,project:integrations:write,project:networking:read,project:networking:write,project:permissions:read,project:services:read,project:services:write,read_only,role:organization:admin,role:services:maintenance,role:services:recover,service:configuration:write,service:data:write,service:logs:read,service:secrets:readandservice:users:write. - principal
Id String - ID of the user or group to grant permissions to. Only active users who have accepted an invite to join the organization can be granted permissions.
- principal
Type String - The type of principal. The possible values are
useranduser_group. - create
Time String - Time created.
- update
Time String - Time updated.
- permissions string[]
- List of roles and permissions to grant. The possible values are
admin,developer,operator,organization:app_users:write,organization:audit_logs:read,organization:billing:read,organization:billing:write,organization:domains:write,organization:groups:write,organization:idps:write,organization:network:read,organization:network:write,organization:permissions:read,organization:permissions:write,organization:projects:read,organization:projects:write,organization:users:write,project:audit_logs:read,project:integrations:read,project:integrations:write,project:networking:read,project:networking:write,project:permissions:read,project:services:read,project:services:write,read_only,role:organization:admin,role:services:maintenance,role:services:recover,service:configuration:write,service:data:write,service:logs:read,service:secrets:readandservice:users:write. - principal
Id string - ID of the user or group to grant permissions to. Only active users who have accepted an invite to join the organization can be granted permissions.
- principal
Type string - The type of principal. The possible values are
useranduser_group. - create
Time string - Time created.
- update
Time string - Time updated.
- permissions Sequence[str]
- List of roles and permissions to grant. The possible values are
admin,developer,operator,organization:app_users:write,organization:audit_logs:read,organization:billing:read,organization:billing:write,organization:domains:write,organization:groups:write,organization:idps:write,organization:network:read,organization:network:write,organization:permissions:read,organization:permissions:write,organization:projects:read,organization:projects:write,organization:users:write,project:audit_logs:read,project:integrations:read,project:integrations:write,project:networking:read,project:networking:write,project:permissions:read,project:services:read,project:services:write,read_only,role:organization:admin,role:services:maintenance,role:services:recover,service:configuration:write,service:data:write,service:logs:read,service:secrets:readandservice:users:write. - principal_
id str - ID of the user or group to grant permissions to. Only active users who have accepted an invite to join the organization can be granted permissions.
- principal_
type str - The type of principal. The possible values are
useranduser_group. - create_
time str - Time created.
- update_
time str - Time updated.
- permissions List<String>
- List of roles and permissions to grant. The possible values are
admin,developer,operator,organization:app_users:write,organization:audit_logs:read,organization:billing:read,organization:billing:write,organization:domains:write,organization:groups:write,organization:idps:write,organization:network:read,organization:network:write,organization:permissions:read,organization:permissions:write,organization:projects:read,organization:projects:write,organization:users:write,project:audit_logs:read,project:integrations:read,project:integrations:write,project:networking:read,project:networking:write,project:permissions:read,project:services:read,project:services:write,read_only,role:organization:admin,role:services:maintenance,role:services:recover,service:configuration:write,service:data:write,service:logs:read,service:secrets:readandservice:users:write. - principal
Id String - ID of the user or group to grant permissions to. Only active users who have accepted an invite to join the organization can be granted permissions.
- principal
Type String - The type of principal. The possible values are
useranduser_group. - create
Time String - Time created.
- update
Time String - Time updated.
Import
$ pulumi import aiven:index/organizationPermission:OrganizationPermission operator ORGANIZATION_ID/ID
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Aiven pulumi/pulumi-aiven
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aivenTerraform Provider.