@pulumi/ns1
Version:
A Pulumi package for creating and managing ns1 cloud resources.
518 lines (517 loc) • 17.8 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "./types/input";
import * as outputs from "./types/output";
/**
* Provides a NS1 User resource. Creating a user sends an invitation email to the
* user's email address. This can be used to create, modify, and delete users.
* The credentials used must have the `manageUsers` permission set.
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as ns1 from "@pulumi/ns1";
*
* const example = new ns1.Team("example", {
* name: "Example team",
* ipWhitelists: [
* "1.1.1.1",
* "2.2.2.2",
* ],
* dnsViewZones: false,
* accountManageUsers: false,
* });
* const exampleUser = new ns1.User("example", {
* name: "Example User",
* username: "example_user",
* email: "user@example.com",
* teams: [example.id],
* notify: {
* billing: "false",
* },
* });
* ```
*
* ## Permissions
*
* A user will inherit permissions from the teams they are assigned to.
* If a user is assigned to a team and also has individual permissions set on the user, the individual permissions
* will be overridden by the inherited team permissions.
* In a future release, setting permissions on a user that is part of a team will be explicitly disabled.
*
* When a user is removed from all teams completely, they will inherit whatever permissions they had previously.
* If a user is removed from all their teams, it will probably be necessary to run `pulumi up` a second time
* to update the users permissions from their old team permissions to new user-specific permissions.
*
* See [this NS1 Help Center article](https://help.ns1.com/hc/en-us/articles/360024409034-Managing-user-permissions) for an overview of user permission settings.
*
* ## NS1 Documentation
*
* [User Api Docs](https://ns1.com/api#user)
*
* [Managing user permissions](https://help.ns1.com/hc/en-us/articles/360024409034-Managing-user-permissions)
*
* ## Import
*
* ```sh
* $ pulumi import ns1:index/user:User <name> <username>`
* ```
*/
export declare class User extends pulumi.CustomResource {
/**
* Get an existing User resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserState, opts?: pulumi.CustomResourceOptions): User;
/**
* Returns true if the given object is an instance of User. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is User;
/**
* Whether the user can modify account settings.
*/
readonly accountManageAccountSettings: pulumi.Output<boolean | undefined>;
/**
* Whether the user can modify account apikeys.
*/
readonly accountManageApikeys: pulumi.Output<boolean | undefined>;
/**
* Whether the user can manage ip whitelist.
*/
readonly accountManageIpWhitelist: pulumi.Output<boolean | undefined>;
/**
* Whether the user can modify account payment methods.
*/
readonly accountManagePaymentMethods: pulumi.Output<boolean | undefined>;
/**
* No longer in use.
*
* @deprecated obsolete, should no longer be used
*/
readonly accountManagePlan: pulumi.Output<boolean | undefined>;
/**
* Whether the user can modify other teams in the account.
*/
readonly accountManageTeams: pulumi.Output<boolean | undefined>;
/**
* Whether the user can modify account users.
*/
readonly accountManageUsers: pulumi.Output<boolean | undefined>;
/**
* Whether the user can view activity logs.
*/
readonly accountViewActivityLog: pulumi.Output<boolean | undefined>;
/**
* Whether the user can view invoices.
*/
readonly accountViewInvoices: pulumi.Output<boolean | undefined>;
/**
* Whether the user can modify data feeds.
*/
readonly dataManageDatafeeds: pulumi.Output<boolean | undefined>;
/**
* Whether the user can modify data sources.
*/
readonly dataManageDatasources: pulumi.Output<boolean | undefined>;
/**
* Whether the user can publish to data feeds.
*/
readonly dataPushToDatafeeds: pulumi.Output<boolean | undefined>;
/**
* Whether the user can modify the accounts zones.
*/
readonly dnsManageZones: pulumi.Output<boolean | undefined>;
readonly dnsRecordsAllows: pulumi.Output<outputs.UserDnsRecordsAllow[] | undefined>;
readonly dnsRecordsDenies: pulumi.Output<outputs.UserDnsRecordsDeny[] | undefined>;
/**
* Whether the user can view the accounts zones.
*/
readonly dnsViewZones: pulumi.Output<boolean | undefined>;
/**
* If true, enable the `dnsZonesAllow` list, otherwise enable the `dnsZonesDeny` list.
*/
readonly dnsZonesAllowByDefault: pulumi.Output<boolean | undefined>;
/**
* List of zones that the user may access.
*/
readonly dnsZonesAllows: pulumi.Output<string[] | undefined>;
/**
* List of zones that the user may not access.
*/
readonly dnsZonesDenies: pulumi.Output<string[] | undefined>;
/**
* The email address of the user.
*/
readonly email: pulumi.Output<string>;
/**
* Set to true to restrict access to only those IP addresses and networks listed in the **ip_whitelist** field.
*/
readonly ipWhitelistStrict: pulumi.Output<boolean | undefined>;
/**
* Array of IP addresses/networks to which to grant the user access.
*/
readonly ipWhitelists: pulumi.Output<string[] | undefined>;
/**
* Whether the user can create monitoring jobs when manageJobs is not set to true.
*/
readonly monitoringCreateJobs: pulumi.Output<boolean | undefined>;
/**
* Whether the user can delete monitoring jobs when manageJobs is not set to true.
*/
readonly monitoringDeleteJobs: pulumi.Output<boolean | undefined>;
/**
* Whether the user can create, update, and delete monitoring jobs.
*/
readonly monitoringManageJobs: pulumi.Output<boolean | undefined>;
/**
* Whether the user can modify notification lists.
*/
readonly monitoringManageLists: pulumi.Output<boolean | undefined>;
/**
* Whether the user can update monitoring jobs when manageJobs is not set to true.
*/
readonly monitoringUpdateJobs: pulumi.Output<boolean | undefined>;
/**
* Whether the user can view monitoring jobs.
*/
readonly monitoringViewJobs: pulumi.Output<boolean | undefined>;
/**
* The free form name of the user.
*/
readonly name: pulumi.Output<string>;
/**
* Whether or not to notify the user of specified events. Only `billing` is available currently.
*
* @deprecated This field is deprecated and will be removed in a future release; create account usage alerts instead.
*/
readonly notify: pulumi.Output<{
[key: string]: string;
}>;
/**
* Whether the user can manage redirects.
* Only relevant for the DDI product.
*/
readonly redirectsManageRedirects: pulumi.Output<boolean | undefined>;
/**
* Whether the user can manage global active directory.
*/
readonly securityManageActiveDirectory: pulumi.Output<boolean | undefined>;
/**
* Whether the user can manage global two factor authentication.
*/
readonly securityManageGlobal2fa: pulumi.Output<boolean | undefined>;
/**
* The teams that the user belongs to.
*/
readonly teams: pulumi.Output<string[] | undefined>;
/**
* The users login name.
*/
readonly username: pulumi.Output<string>;
/**
* Create a User resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: UserArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering User resources.
*/
export interface UserState {
/**
* Whether the user can modify account settings.
*/
accountManageAccountSettings?: pulumi.Input<boolean>;
/**
* Whether the user can modify account apikeys.
*/
accountManageApikeys?: pulumi.Input<boolean>;
/**
* Whether the user can manage ip whitelist.
*/
accountManageIpWhitelist?: pulumi.Input<boolean>;
/**
* Whether the user can modify account payment methods.
*/
accountManagePaymentMethods?: pulumi.Input<boolean>;
/**
* No longer in use.
*
* @deprecated obsolete, should no longer be used
*/
accountManagePlan?: pulumi.Input<boolean>;
/**
* Whether the user can modify other teams in the account.
*/
accountManageTeams?: pulumi.Input<boolean>;
/**
* Whether the user can modify account users.
*/
accountManageUsers?: pulumi.Input<boolean>;
/**
* Whether the user can view activity logs.
*/
accountViewActivityLog?: pulumi.Input<boolean>;
/**
* Whether the user can view invoices.
*/
accountViewInvoices?: pulumi.Input<boolean>;
/**
* Whether the user can modify data feeds.
*/
dataManageDatafeeds?: pulumi.Input<boolean>;
/**
* Whether the user can modify data sources.
*/
dataManageDatasources?: pulumi.Input<boolean>;
/**
* Whether the user can publish to data feeds.
*/
dataPushToDatafeeds?: pulumi.Input<boolean>;
/**
* Whether the user can modify the accounts zones.
*/
dnsManageZones?: pulumi.Input<boolean>;
dnsRecordsAllows?: pulumi.Input<pulumi.Input<inputs.UserDnsRecordsAllow>[]>;
dnsRecordsDenies?: pulumi.Input<pulumi.Input<inputs.UserDnsRecordsDeny>[]>;
/**
* Whether the user can view the accounts zones.
*/
dnsViewZones?: pulumi.Input<boolean>;
/**
* If true, enable the `dnsZonesAllow` list, otherwise enable the `dnsZonesDeny` list.
*/
dnsZonesAllowByDefault?: pulumi.Input<boolean>;
/**
* List of zones that the user may access.
*/
dnsZonesAllows?: pulumi.Input<pulumi.Input<string>[]>;
/**
* List of zones that the user may not access.
*/
dnsZonesDenies?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The email address of the user.
*/
email?: pulumi.Input<string>;
/**
* Set to true to restrict access to only those IP addresses and networks listed in the **ip_whitelist** field.
*/
ipWhitelistStrict?: pulumi.Input<boolean>;
/**
* Array of IP addresses/networks to which to grant the user access.
*/
ipWhitelists?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether the user can create monitoring jobs when manageJobs is not set to true.
*/
monitoringCreateJobs?: pulumi.Input<boolean>;
/**
* Whether the user can delete monitoring jobs when manageJobs is not set to true.
*/
monitoringDeleteJobs?: pulumi.Input<boolean>;
/**
* Whether the user can create, update, and delete monitoring jobs.
*/
monitoringManageJobs?: pulumi.Input<boolean>;
/**
* Whether the user can modify notification lists.
*/
monitoringManageLists?: pulumi.Input<boolean>;
/**
* Whether the user can update monitoring jobs when manageJobs is not set to true.
*/
monitoringUpdateJobs?: pulumi.Input<boolean>;
/**
* Whether the user can view monitoring jobs.
*/
monitoringViewJobs?: pulumi.Input<boolean>;
/**
* The free form name of the user.
*/
name?: pulumi.Input<string>;
/**
* Whether or not to notify the user of specified events. Only `billing` is available currently.
*
* @deprecated This field is deprecated and will be removed in a future release; create account usage alerts instead.
*/
notify?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Whether the user can manage redirects.
* Only relevant for the DDI product.
*/
redirectsManageRedirects?: pulumi.Input<boolean>;
/**
* Whether the user can manage global active directory.
*/
securityManageActiveDirectory?: pulumi.Input<boolean>;
/**
* Whether the user can manage global two factor authentication.
*/
securityManageGlobal2fa?: pulumi.Input<boolean>;
/**
* The teams that the user belongs to.
*/
teams?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The users login name.
*/
username?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a User resource.
*/
export interface UserArgs {
/**
* Whether the user can modify account settings.
*/
accountManageAccountSettings?: pulumi.Input<boolean>;
/**
* Whether the user can modify account apikeys.
*/
accountManageApikeys?: pulumi.Input<boolean>;
/**
* Whether the user can manage ip whitelist.
*/
accountManageIpWhitelist?: pulumi.Input<boolean>;
/**
* Whether the user can modify account payment methods.
*/
accountManagePaymentMethods?: pulumi.Input<boolean>;
/**
* No longer in use.
*
* @deprecated obsolete, should no longer be used
*/
accountManagePlan?: pulumi.Input<boolean>;
/**
* Whether the user can modify other teams in the account.
*/
accountManageTeams?: pulumi.Input<boolean>;
/**
* Whether the user can modify account users.
*/
accountManageUsers?: pulumi.Input<boolean>;
/**
* Whether the user can view activity logs.
*/
accountViewActivityLog?: pulumi.Input<boolean>;
/**
* Whether the user can view invoices.
*/
accountViewInvoices?: pulumi.Input<boolean>;
/**
* Whether the user can modify data feeds.
*/
dataManageDatafeeds?: pulumi.Input<boolean>;
/**
* Whether the user can modify data sources.
*/
dataManageDatasources?: pulumi.Input<boolean>;
/**
* Whether the user can publish to data feeds.
*/
dataPushToDatafeeds?: pulumi.Input<boolean>;
/**
* Whether the user can modify the accounts zones.
*/
dnsManageZones?: pulumi.Input<boolean>;
dnsRecordsAllows?: pulumi.Input<pulumi.Input<inputs.UserDnsRecordsAllow>[]>;
dnsRecordsDenies?: pulumi.Input<pulumi.Input<inputs.UserDnsRecordsDeny>[]>;
/**
* Whether the user can view the accounts zones.
*/
dnsViewZones?: pulumi.Input<boolean>;
/**
* If true, enable the `dnsZonesAllow` list, otherwise enable the `dnsZonesDeny` list.
*/
dnsZonesAllowByDefault?: pulumi.Input<boolean>;
/**
* List of zones that the user may access.
*/
dnsZonesAllows?: pulumi.Input<pulumi.Input<string>[]>;
/**
* List of zones that the user may not access.
*/
dnsZonesDenies?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The email address of the user.
*/
email: pulumi.Input<string>;
/**
* Set to true to restrict access to only those IP addresses and networks listed in the **ip_whitelist** field.
*/
ipWhitelistStrict?: pulumi.Input<boolean>;
/**
* Array of IP addresses/networks to which to grant the user access.
*/
ipWhitelists?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether the user can create monitoring jobs when manageJobs is not set to true.
*/
monitoringCreateJobs?: pulumi.Input<boolean>;
/**
* Whether the user can delete monitoring jobs when manageJobs is not set to true.
*/
monitoringDeleteJobs?: pulumi.Input<boolean>;
/**
* Whether the user can create, update, and delete monitoring jobs.
*/
monitoringManageJobs?: pulumi.Input<boolean>;
/**
* Whether the user can modify notification lists.
*/
monitoringManageLists?: pulumi.Input<boolean>;
/**
* Whether the user can update monitoring jobs when manageJobs is not set to true.
*/
monitoringUpdateJobs?: pulumi.Input<boolean>;
/**
* Whether the user can view monitoring jobs.
*/
monitoringViewJobs?: pulumi.Input<boolean>;
/**
* The free form name of the user.
*/
name?: pulumi.Input<string>;
/**
* Whether or not to notify the user of specified events. Only `billing` is available currently.
*
* @deprecated This field is deprecated and will be removed in a future release; create account usage alerts instead.
*/
notify?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Whether the user can manage redirects.
* Only relevant for the DDI product.
*/
redirectsManageRedirects?: pulumi.Input<boolean>;
/**
* Whether the user can manage global active directory.
*/
securityManageActiveDirectory?: pulumi.Input<boolean>;
/**
* Whether the user can manage global two factor authentication.
*/
securityManageGlobal2fa?: pulumi.Input<boolean>;
/**
* The teams that the user belongs to.
*/
teams?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The users login name.
*/
username: pulumi.Input<string>;
}