1. Packages
  2. Postgresql Provider
  3. API Docs
  4. Role
PostgreSQL v3.13.0 published on Monday, Oct 28, 2024 by Pulumi

postgresql.Role

Explore with Pulumi AI

postgresql logo
PostgreSQL v3.13.0 published on Monday, Oct 28, 2024 by Pulumi

    Create Role Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Role(name: string, args?: RoleArgs, opts?: CustomResourceOptions);
    @overload
    def Role(resource_name: str,
             args: Optional[RoleArgs] = None,
             opts: Optional[ResourceOptions] = None)
    
    @overload
    def Role(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             assume_role: Optional[str] = None,
             bypass_row_level_security: Optional[bool] = None,
             connection_limit: Optional[int] = None,
             create_database: Optional[bool] = None,
             create_role: Optional[bool] = None,
             encrypted: Optional[str] = None,
             encrypted_password: Optional[bool] = None,
             idle_in_transaction_session_timeout: Optional[int] = None,
             inherit: Optional[bool] = None,
             login: Optional[bool] = None,
             name: Optional[str] = None,
             password: Optional[str] = None,
             replication: Optional[bool] = None,
             roles: Optional[Sequence[str]] = None,
             search_paths: Optional[Sequence[str]] = None,
             skip_drop_role: Optional[bool] = None,
             skip_reassign_owned: Optional[bool] = None,
             statement_timeout: Optional[int] = None,
             superuser: Optional[bool] = None,
             valid_until: Optional[str] = None)
    func NewRole(ctx *Context, name string, args *RoleArgs, opts ...ResourceOption) (*Role, error)
    public Role(string name, RoleArgs? args = null, CustomResourceOptions? opts = null)
    public Role(String name, RoleArgs args)
    public Role(String name, RoleArgs args, CustomResourceOptions options)
    
    type: postgresql:Role
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var roleResource = new PostgreSql.Role("roleResource", new()
    {
        AssumeRole = "string",
        BypassRowLevelSecurity = false,
        ConnectionLimit = 0,
        CreateDatabase = false,
        CreateRole = false,
        EncryptedPassword = false,
        IdleInTransactionSessionTimeout = 0,
        Inherit = false,
        Login = false,
        Name = "string",
        Password = "string",
        Replication = false,
        Roles = new[]
        {
            "string",
        },
        SearchPaths = new[]
        {
            "string",
        },
        SkipDropRole = false,
        SkipReassignOwned = false,
        StatementTimeout = 0,
        Superuser = false,
        ValidUntil = "string",
    });
    
    example, err := postgresql.NewRole(ctx, "roleResource", &postgresql.RoleArgs{
    	AssumeRole:                      pulumi.String("string"),
    	BypassRowLevelSecurity:          pulumi.Bool(false),
    	ConnectionLimit:                 pulumi.Int(0),
    	CreateDatabase:                  pulumi.Bool(false),
    	CreateRole:                      pulumi.Bool(false),
    	EncryptedPassword:               pulumi.Bool(false),
    	IdleInTransactionSessionTimeout: pulumi.Int(0),
    	Inherit:                         pulumi.Bool(false),
    	Login:                           pulumi.Bool(false),
    	Name:                            pulumi.String("string"),
    	Password:                        pulumi.String("string"),
    	Replication:                     pulumi.Bool(false),
    	Roles: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	SearchPaths: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	SkipDropRole:      pulumi.Bool(false),
    	SkipReassignOwned: pulumi.Bool(false),
    	StatementTimeout:  pulumi.Int(0),
    	Superuser:         pulumi.Bool(false),
    	ValidUntil:        pulumi.String("string"),
    })
    
    var roleResource = new Role("roleResource", RoleArgs.builder()
        .assumeRole("string")
        .bypassRowLevelSecurity(false)
        .connectionLimit(0)
        .createDatabase(false)
        .createRole(false)
        .encryptedPassword(false)
        .idleInTransactionSessionTimeout(0)
        .inherit(false)
        .login(false)
        .name("string")
        .password("string")
        .replication(false)
        .roles("string")
        .searchPaths("string")
        .skipDropRole(false)
        .skipReassignOwned(false)
        .statementTimeout(0)
        .superuser(false)
        .validUntil("string")
        .build());
    
    role_resource = postgresql.Role("roleResource",
        assume_role="string",
        bypass_row_level_security=False,
        connection_limit=0,
        create_database=False,
        create_role=False,
        encrypted_password=False,
        idle_in_transaction_session_timeout=0,
        inherit=False,
        login=False,
        name="string",
        password="string",
        replication=False,
        roles=["string"],
        search_paths=["string"],
        skip_drop_role=False,
        skip_reassign_owned=False,
        statement_timeout=0,
        superuser=False,
        valid_until="string")
    
    const roleResource = new postgresql.Role("roleResource", {
        assumeRole: "string",
        bypassRowLevelSecurity: false,
        connectionLimit: 0,
        createDatabase: false,
        createRole: false,
        encryptedPassword: false,
        idleInTransactionSessionTimeout: 0,
        inherit: false,
        login: false,
        name: "string",
        password: "string",
        replication: false,
        roles: ["string"],
        searchPaths: ["string"],
        skipDropRole: false,
        skipReassignOwned: false,
        statementTimeout: 0,
        superuser: false,
        validUntil: "string",
    });
    
    type: postgresql:Role
    properties:
        assumeRole: string
        bypassRowLevelSecurity: false
        connectionLimit: 0
        createDatabase: false
        createRole: false
        encryptedPassword: false
        idleInTransactionSessionTimeout: 0
        inherit: false
        login: false
        name: string
        password: string
        replication: false
        roles:
            - string
        searchPaths:
            - string
        skipDropRole: false
        skipReassignOwned: false
        statementTimeout: 0
        superuser: false
        validUntil: string
    

    Role Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Role resource accepts the following input properties:

    AssumeRole string
    Defines the role to switch to at login via SET ROLE.
    BypassRowLevelSecurity bool
    Defines whether a role bypasses every row-level security (RLS) policy. Default value is false.
    ConnectionLimit int
    If this role can log in, this specifies how many concurrent connections the role can establish. -1 (the default) means no limit.
    CreateDatabase bool
    Defines a role's ability to execute CREATE DATABASE. Default value is false.
    CreateRole bool
    Defines a role's ability to execute CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value is false.
    Encrypted string

    Deprecated: Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"

    EncryptedPassword bool
    Defines whether the password is stored encrypted in the system catalogs. Default value is true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL's password_encryption setting.
    IdleInTransactionSessionTimeout int
    Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
    Inherit bool
    Defines whether a role "inherits" the privileges of roles it is a member of. Default value is true.
    Login bool
    Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is false.
    Name string
    The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
    Password string
    Sets the role's password. A password is only of use for roles having the login attribute set to true.
    Replication bool
    Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is false
    Roles List<string>
    Defines list of roles which will be granted to this new role.
    SearchPaths List<string>
    Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring ", ".
    SkipDropRole bool
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
    SkipReassignOwned bool
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a REASSIGN OWNED in must be executed on each of the respective databases before the DROP ROLE can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicit DROP OWNED).
    StatementTimeout int
    Defines statement_timeout setting for this role which allows to abort any statement that takes more than the specified amount of time.
    Superuser bool
    Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is false.
    ValidUntil string
    Defines the date and time after which the role's password is no longer valid. Established connections past this valid_time will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic value NULL is used, valid_until will be set to infinity. Default is NULL, therefore infinity.
    AssumeRole string
    Defines the role to switch to at login via SET ROLE.
    BypassRowLevelSecurity bool
    Defines whether a role bypasses every row-level security (RLS) policy. Default value is false.
    ConnectionLimit int
    If this role can log in, this specifies how many concurrent connections the role can establish. -1 (the default) means no limit.
    CreateDatabase bool
    Defines a role's ability to execute CREATE DATABASE. Default value is false.
    CreateRole bool
    Defines a role's ability to execute CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value is false.
    Encrypted string

    Deprecated: Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"

    EncryptedPassword bool
    Defines whether the password is stored encrypted in the system catalogs. Default value is true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL's password_encryption setting.
    IdleInTransactionSessionTimeout int
    Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
    Inherit bool
    Defines whether a role "inherits" the privileges of roles it is a member of. Default value is true.
    Login bool
    Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is false.
    Name string
    The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
    Password string
    Sets the role's password. A password is only of use for roles having the login attribute set to true.
    Replication bool
    Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is false
    Roles []string
    Defines list of roles which will be granted to this new role.
    SearchPaths []string
    Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring ", ".
    SkipDropRole bool
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
    SkipReassignOwned bool
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a REASSIGN OWNED in must be executed on each of the respective databases before the DROP ROLE can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicit DROP OWNED).
    StatementTimeout int
    Defines statement_timeout setting for this role which allows to abort any statement that takes more than the specified amount of time.
    Superuser bool
    Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is false.
    ValidUntil string
    Defines the date and time after which the role's password is no longer valid. Established connections past this valid_time will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic value NULL is used, valid_until will be set to infinity. Default is NULL, therefore infinity.
    assumeRole String
    Defines the role to switch to at login via SET ROLE.
    bypassRowLevelSecurity Boolean
    Defines whether a role bypasses every row-level security (RLS) policy. Default value is false.
    connectionLimit Integer
    If this role can log in, this specifies how many concurrent connections the role can establish. -1 (the default) means no limit.
    createDatabase Boolean
    Defines a role's ability to execute CREATE DATABASE. Default value is false.
    createRole Boolean
    Defines a role's ability to execute CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value is false.
    encrypted String

    Deprecated: Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"

    encryptedPassword Boolean
    Defines whether the password is stored encrypted in the system catalogs. Default value is true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL's password_encryption setting.
    idleInTransactionSessionTimeout Integer
    Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
    inherit Boolean
    Defines whether a role "inherits" the privileges of roles it is a member of. Default value is true.
    login Boolean
    Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is false.
    name String
    The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
    password String
    Sets the role's password. A password is only of use for roles having the login attribute set to true.
    replication Boolean
    Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is false
    roles List<String>
    Defines list of roles which will be granted to this new role.
    searchPaths List<String>
    Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring ", ".
    skipDropRole Boolean
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
    skipReassignOwned Boolean
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a REASSIGN OWNED in must be executed on each of the respective databases before the DROP ROLE can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicit DROP OWNED).
    statementTimeout Integer
    Defines statement_timeout setting for this role which allows to abort any statement that takes more than the specified amount of time.
    superuser Boolean
    Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is false.
    validUntil String
    Defines the date and time after which the role's password is no longer valid. Established connections past this valid_time will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic value NULL is used, valid_until will be set to infinity. Default is NULL, therefore infinity.
    assumeRole string
    Defines the role to switch to at login via SET ROLE.
    bypassRowLevelSecurity boolean
    Defines whether a role bypasses every row-level security (RLS) policy. Default value is false.
    connectionLimit number
    If this role can log in, this specifies how many concurrent connections the role can establish. -1 (the default) means no limit.
    createDatabase boolean
    Defines a role's ability to execute CREATE DATABASE. Default value is false.
    createRole boolean
    Defines a role's ability to execute CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value is false.
    encrypted string

    Deprecated: Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"

    encryptedPassword boolean
    Defines whether the password is stored encrypted in the system catalogs. Default value is true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL's password_encryption setting.
    idleInTransactionSessionTimeout number
    Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
    inherit boolean
    Defines whether a role "inherits" the privileges of roles it is a member of. Default value is true.
    login boolean
    Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is false.
    name string
    The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
    password string
    Sets the role's password. A password is only of use for roles having the login attribute set to true.
    replication boolean
    Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is false
    roles string[]
    Defines list of roles which will be granted to this new role.
    searchPaths string[]
    Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring ", ".
    skipDropRole boolean
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
    skipReassignOwned boolean
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a REASSIGN OWNED in must be executed on each of the respective databases before the DROP ROLE can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicit DROP OWNED).
    statementTimeout number
    Defines statement_timeout setting for this role which allows to abort any statement that takes more than the specified amount of time.
    superuser boolean
    Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is false.
    validUntil string
    Defines the date and time after which the role's password is no longer valid. Established connections past this valid_time will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic value NULL is used, valid_until will be set to infinity. Default is NULL, therefore infinity.
    assume_role str
    Defines the role to switch to at login via SET ROLE.
    bypass_row_level_security bool
    Defines whether a role bypasses every row-level security (RLS) policy. Default value is false.
    connection_limit int
    If this role can log in, this specifies how many concurrent connections the role can establish. -1 (the default) means no limit.
    create_database bool
    Defines a role's ability to execute CREATE DATABASE. Default value is false.
    create_role bool
    Defines a role's ability to execute CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value is false.
    encrypted str

    Deprecated: Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"

    encrypted_password bool
    Defines whether the password is stored encrypted in the system catalogs. Default value is true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL's password_encryption setting.
    idle_in_transaction_session_timeout int
    Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
    inherit bool
    Defines whether a role "inherits" the privileges of roles it is a member of. Default value is true.
    login bool
    Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is false.
    name str
    The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
    password str
    Sets the role's password. A password is only of use for roles having the login attribute set to true.
    replication bool
    Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is false
    roles Sequence[str]
    Defines list of roles which will be granted to this new role.
    search_paths Sequence[str]
    Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring ", ".
    skip_drop_role bool
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
    skip_reassign_owned bool
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a REASSIGN OWNED in must be executed on each of the respective databases before the DROP ROLE can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicit DROP OWNED).
    statement_timeout int
    Defines statement_timeout setting for this role which allows to abort any statement that takes more than the specified amount of time.
    superuser bool
    Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is false.
    valid_until str
    Defines the date and time after which the role's password is no longer valid. Established connections past this valid_time will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic value NULL is used, valid_until will be set to infinity. Default is NULL, therefore infinity.
    assumeRole String
    Defines the role to switch to at login via SET ROLE.
    bypassRowLevelSecurity Boolean
    Defines whether a role bypasses every row-level security (RLS) policy. Default value is false.
    connectionLimit Number
    If this role can log in, this specifies how many concurrent connections the role can establish. -1 (the default) means no limit.
    createDatabase Boolean
    Defines a role's ability to execute CREATE DATABASE. Default value is false.
    createRole Boolean
    Defines a role's ability to execute CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value is false.
    encrypted String

    Deprecated: Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"

    encryptedPassword Boolean
    Defines whether the password is stored encrypted in the system catalogs. Default value is true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL's password_encryption setting.
    idleInTransactionSessionTimeout Number
    Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
    inherit Boolean
    Defines whether a role "inherits" the privileges of roles it is a member of. Default value is true.
    login Boolean
    Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is false.
    name String
    The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
    password String
    Sets the role's password. A password is only of use for roles having the login attribute set to true.
    replication Boolean
    Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is false
    roles List<String>
    Defines list of roles which will be granted to this new role.
    searchPaths List<String>
    Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring ", ".
    skipDropRole Boolean
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
    skipReassignOwned Boolean
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a REASSIGN OWNED in must be executed on each of the respective databases before the DROP ROLE can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicit DROP OWNED).
    statementTimeout Number
    Defines statement_timeout setting for this role which allows to abort any statement that takes more than the specified amount of time.
    superuser Boolean
    Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is false.
    validUntil String
    Defines the date and time after which the role's password is no longer valid. Established connections past this valid_time will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic value NULL is used, valid_until will be set to infinity. Default is NULL, therefore infinity.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Role Resource

    Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: RoleState, opts?: CustomResourceOptions): Role
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            assume_role: Optional[str] = None,
            bypass_row_level_security: Optional[bool] = None,
            connection_limit: Optional[int] = None,
            create_database: Optional[bool] = None,
            create_role: Optional[bool] = None,
            encrypted: Optional[str] = None,
            encrypted_password: Optional[bool] = None,
            idle_in_transaction_session_timeout: Optional[int] = None,
            inherit: Optional[bool] = None,
            login: Optional[bool] = None,
            name: Optional[str] = None,
            password: Optional[str] = None,
            replication: Optional[bool] = None,
            roles: Optional[Sequence[str]] = None,
            search_paths: Optional[Sequence[str]] = None,
            skip_drop_role: Optional[bool] = None,
            skip_reassign_owned: Optional[bool] = None,
            statement_timeout: Optional[int] = None,
            superuser: Optional[bool] = None,
            valid_until: Optional[str] = None) -> Role
    func GetRole(ctx *Context, name string, id IDInput, state *RoleState, opts ...ResourceOption) (*Role, error)
    public static Role Get(string name, Input<string> id, RoleState? state, CustomResourceOptions? opts = null)
    public static Role get(String name, Output<String> id, RoleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AssumeRole string
    Defines the role to switch to at login via SET ROLE.
    BypassRowLevelSecurity bool
    Defines whether a role bypasses every row-level security (RLS) policy. Default value is false.
    ConnectionLimit int
    If this role can log in, this specifies how many concurrent connections the role can establish. -1 (the default) means no limit.
    CreateDatabase bool
    Defines a role's ability to execute CREATE DATABASE. Default value is false.
    CreateRole bool
    Defines a role's ability to execute CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value is false.
    Encrypted string

    Deprecated: Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"

    EncryptedPassword bool
    Defines whether the password is stored encrypted in the system catalogs. Default value is true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL's password_encryption setting.
    IdleInTransactionSessionTimeout int
    Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
    Inherit bool
    Defines whether a role "inherits" the privileges of roles it is a member of. Default value is true.
    Login bool
    Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is false.
    Name string
    The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
    Password string
    Sets the role's password. A password is only of use for roles having the login attribute set to true.
    Replication bool
    Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is false
    Roles List<string>
    Defines list of roles which will be granted to this new role.
    SearchPaths List<string>
    Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring ", ".
    SkipDropRole bool
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
    SkipReassignOwned bool
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a REASSIGN OWNED in must be executed on each of the respective databases before the DROP ROLE can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicit DROP OWNED).
    StatementTimeout int
    Defines statement_timeout setting for this role which allows to abort any statement that takes more than the specified amount of time.
    Superuser bool
    Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is false.
    ValidUntil string
    Defines the date and time after which the role's password is no longer valid. Established connections past this valid_time will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic value NULL is used, valid_until will be set to infinity. Default is NULL, therefore infinity.
    AssumeRole string
    Defines the role to switch to at login via SET ROLE.
    BypassRowLevelSecurity bool
    Defines whether a role bypasses every row-level security (RLS) policy. Default value is false.
    ConnectionLimit int
    If this role can log in, this specifies how many concurrent connections the role can establish. -1 (the default) means no limit.
    CreateDatabase bool
    Defines a role's ability to execute CREATE DATABASE. Default value is false.
    CreateRole bool
    Defines a role's ability to execute CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value is false.
    Encrypted string

    Deprecated: Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"

    EncryptedPassword bool
    Defines whether the password is stored encrypted in the system catalogs. Default value is true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL's password_encryption setting.
    IdleInTransactionSessionTimeout int
    Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
    Inherit bool
    Defines whether a role "inherits" the privileges of roles it is a member of. Default value is true.
    Login bool
    Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is false.
    Name string
    The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
    Password string
    Sets the role's password. A password is only of use for roles having the login attribute set to true.
    Replication bool
    Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is false
    Roles []string
    Defines list of roles which will be granted to this new role.
    SearchPaths []string
    Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring ", ".
    SkipDropRole bool
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
    SkipReassignOwned bool
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a REASSIGN OWNED in must be executed on each of the respective databases before the DROP ROLE can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicit DROP OWNED).
    StatementTimeout int
    Defines statement_timeout setting for this role which allows to abort any statement that takes more than the specified amount of time.
    Superuser bool
    Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is false.
    ValidUntil string
    Defines the date and time after which the role's password is no longer valid. Established connections past this valid_time will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic value NULL is used, valid_until will be set to infinity. Default is NULL, therefore infinity.
    assumeRole String
    Defines the role to switch to at login via SET ROLE.
    bypassRowLevelSecurity Boolean
    Defines whether a role bypasses every row-level security (RLS) policy. Default value is false.
    connectionLimit Integer
    If this role can log in, this specifies how many concurrent connections the role can establish. -1 (the default) means no limit.
    createDatabase Boolean
    Defines a role's ability to execute CREATE DATABASE. Default value is false.
    createRole Boolean
    Defines a role's ability to execute CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value is false.
    encrypted String

    Deprecated: Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"

    encryptedPassword Boolean
    Defines whether the password is stored encrypted in the system catalogs. Default value is true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL's password_encryption setting.
    idleInTransactionSessionTimeout Integer
    Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
    inherit Boolean
    Defines whether a role "inherits" the privileges of roles it is a member of. Default value is true.
    login Boolean
    Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is false.
    name String
    The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
    password String
    Sets the role's password. A password is only of use for roles having the login attribute set to true.
    replication Boolean
    Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is false
    roles List<String>
    Defines list of roles which will be granted to this new role.
    searchPaths List<String>
    Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring ", ".
    skipDropRole Boolean
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
    skipReassignOwned Boolean
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a REASSIGN OWNED in must be executed on each of the respective databases before the DROP ROLE can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicit DROP OWNED).
    statementTimeout Integer
    Defines statement_timeout setting for this role which allows to abort any statement that takes more than the specified amount of time.
    superuser Boolean
    Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is false.
    validUntil String
    Defines the date and time after which the role's password is no longer valid. Established connections past this valid_time will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic value NULL is used, valid_until will be set to infinity. Default is NULL, therefore infinity.
    assumeRole string
    Defines the role to switch to at login via SET ROLE.
    bypassRowLevelSecurity boolean
    Defines whether a role bypasses every row-level security (RLS) policy. Default value is false.
    connectionLimit number
    If this role can log in, this specifies how many concurrent connections the role can establish. -1 (the default) means no limit.
    createDatabase boolean
    Defines a role's ability to execute CREATE DATABASE. Default value is false.
    createRole boolean
    Defines a role's ability to execute CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value is false.
    encrypted string

    Deprecated: Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"

    encryptedPassword boolean
    Defines whether the password is stored encrypted in the system catalogs. Default value is true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL's password_encryption setting.
    idleInTransactionSessionTimeout number
    Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
    inherit boolean
    Defines whether a role "inherits" the privileges of roles it is a member of. Default value is true.
    login boolean
    Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is false.
    name string
    The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
    password string
    Sets the role's password. A password is only of use for roles having the login attribute set to true.
    replication boolean
    Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is false
    roles string[]
    Defines list of roles which will be granted to this new role.
    searchPaths string[]
    Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring ", ".
    skipDropRole boolean
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
    skipReassignOwned boolean
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a REASSIGN OWNED in must be executed on each of the respective databases before the DROP ROLE can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicit DROP OWNED).
    statementTimeout number
    Defines statement_timeout setting for this role which allows to abort any statement that takes more than the specified amount of time.
    superuser boolean
    Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is false.
    validUntil string
    Defines the date and time after which the role's password is no longer valid. Established connections past this valid_time will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic value NULL is used, valid_until will be set to infinity. Default is NULL, therefore infinity.
    assume_role str
    Defines the role to switch to at login via SET ROLE.
    bypass_row_level_security bool
    Defines whether a role bypasses every row-level security (RLS) policy. Default value is false.
    connection_limit int
    If this role can log in, this specifies how many concurrent connections the role can establish. -1 (the default) means no limit.
    create_database bool
    Defines a role's ability to execute CREATE DATABASE. Default value is false.
    create_role bool
    Defines a role's ability to execute CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value is false.
    encrypted str

    Deprecated: Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"

    encrypted_password bool
    Defines whether the password is stored encrypted in the system catalogs. Default value is true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL's password_encryption setting.
    idle_in_transaction_session_timeout int
    Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
    inherit bool
    Defines whether a role "inherits" the privileges of roles it is a member of. Default value is true.
    login bool
    Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is false.
    name str
    The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
    password str
    Sets the role's password. A password is only of use for roles having the login attribute set to true.
    replication bool
    Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is false
    roles Sequence[str]
    Defines list of roles which will be granted to this new role.
    search_paths Sequence[str]
    Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring ", ".
    skip_drop_role bool
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
    skip_reassign_owned bool
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a REASSIGN OWNED in must be executed on each of the respective databases before the DROP ROLE can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicit DROP OWNED).
    statement_timeout int
    Defines statement_timeout setting for this role which allows to abort any statement that takes more than the specified amount of time.
    superuser bool
    Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is false.
    valid_until str
    Defines the date and time after which the role's password is no longer valid. Established connections past this valid_time will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic value NULL is used, valid_until will be set to infinity. Default is NULL, therefore infinity.
    assumeRole String
    Defines the role to switch to at login via SET ROLE.
    bypassRowLevelSecurity Boolean
    Defines whether a role bypasses every row-level security (RLS) policy. Default value is false.
    connectionLimit Number
    If this role can log in, this specifies how many concurrent connections the role can establish. -1 (the default) means no limit.
    createDatabase Boolean
    Defines a role's ability to execute CREATE DATABASE. Default value is false.
    createRole Boolean
    Defines a role's ability to execute CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value is false.
    encrypted String

    Deprecated: Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"

    encryptedPassword Boolean
    Defines whether the password is stored encrypted in the system catalogs. Default value is true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL's password_encryption setting.
    idleInTransactionSessionTimeout Number
    Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
    inherit Boolean
    Defines whether a role "inherits" the privileges of roles it is a member of. Default value is true.
    login Boolean
    Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is false.
    name String
    The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
    password String
    Sets the role's password. A password is only of use for roles having the login attribute set to true.
    replication Boolean
    Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is false
    roles List<String>
    Defines list of roles which will be granted to this new role.
    searchPaths List<String>
    Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring ", ".
    skipDropRole Boolean
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
    skipReassignOwned Boolean
    When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a REASSIGN OWNED in must be executed on each of the respective databases before the DROP ROLE can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicit DROP OWNED).
    statementTimeout Number
    Defines statement_timeout setting for this role which allows to abort any statement that takes more than the specified amount of time.
    superuser Boolean
    Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is false.
    validUntil String
    Defines the date and time after which the role's password is no longer valid. Established connections past this valid_time will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic value NULL is used, valid_until will be set to infinity. Default is NULL, therefore infinity.

    Package Details

    Repository
    PostgreSQL pulumi/pulumi-postgresql
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the postgresql Terraform Provider.
    postgresql logo
    PostgreSQL v3.13.0 published on Monday, Oct 28, 2024 by Pulumi