UNPKG

@pulumi/pulumiservice

Version:

[![Slack](http://www.pulumi.com/images/docs/badges/slack.svg)](https://slack.pulumi.com) [![NPM version](https://badge.fury.io/js/%40pulumi%2Fpulumiservice.svg)](https://www.npmjs.com/package/@pulumi/pulumiservice) [![Python version](https://badge.fury.io

pulumi.com

pulumi/pulumi-pulumiservice

38 lines 2.84 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import * as pulumi from "@pulumi/pulumi"; /** * Builds an `OrganizationRole.permissions` descriptor that grants the supplied scopes only on the named environment. Pair with `Environment.environmentId` (or the `getEnvironment` data source) to avoid hand-rolling the `PermissionDescriptorCondition` tree yourself. The result is directly assignable to `OrganizationRole.permissions`. To grant scopes on more than one entity in a single role, hand-roll a `PermissionDescriptorGroup` whose `entries` list pulls the output of each helper. */ export declare function buildEnvironmentScopedPermissions(args: BuildEnvironmentScopedPermissionsArgs, opts?: pulumi.InvokeOptions): Promise<BuildEnvironmentScopedPermissionsResult>; export interface BuildEnvironmentScopedPermissionsArgs { /** * The target environment's UUID. Use the `environmentId` output of an `Environment` resource or the `getEnvironment` data source. */ environmentId: string; /** * The set of `environment:*` scopes to grant on the target environment (e.g. `environment:read`, `environment:open`, `environment:update`). Discover valid scope names via the `getOrganizationRoleScopes` data source. */ permissions: string[]; } export interface BuildEnvironmentScopedPermissionsResult { /** * A `PermissionDescriptorCondition` tree gating a `PermissionDescriptorAllow` on the named environment, ready to assign to `OrganizationRole.permissions`. */ readonly permissions: { [key: string]: any; }; } /** * Builds an `OrganizationRole.permissions` descriptor that grants the supplied scopes only on the named environment. Pair with `Environment.environmentId` (or the `getEnvironment` data source) to avoid hand-rolling the `PermissionDescriptorCondition` tree yourself. The result is directly assignable to `OrganizationRole.permissions`. To grant scopes on more than one entity in a single role, hand-roll a `PermissionDescriptorGroup` whose `entries` list pulls the output of each helper. */ export declare function buildEnvironmentScopedPermissionsOutput(args: BuildEnvironmentScopedPermissionsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<BuildEnvironmentScopedPermissionsResult>; export interface BuildEnvironmentScopedPermissionsOutputArgs { /** * The target environment's UUID. Use the `environmentId` output of an `Environment` resource or the `getEnvironment` data source. */ environmentId: pulumi.Input<string>; /** * The set of `environment:*` scopes to grant on the target environment (e.g. `environment:read`, `environment:open`, `environment:update`). Discover valid scope names via the `getOrganizationRoleScopes` data source. */ permissions: pulumi.Input<pulumi.Input<string>[]>; } //# sourceMappingURL=buildEnvironmentScopedPermissions.d.ts.map