@volcengine/pulumi
Version:
A Pulumi package for creating and managing volcengine cloud resources.
270 lines (269 loc) • 8.92 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
/**
* Provides a resource to manage vke permission
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as volcengine from "@pulumi/volcengine";
* import * as volcengine from "@volcengine/pulumi";
*
* const fooZones = volcengine.ecs.getZones({});
* // create vpc
* const fooVpc = new volcengine.vpc.Vpc("fooVpc", {
* vpcName: "acc-test-vpc",
* cidrBlock: "172.16.0.0/16",
* });
* // create subnet
* const fooSubnet = new volcengine.vpc.Subnet("fooSubnet", {
* subnetName: "acc-test-subnet",
* cidrBlock: "172.16.0.0/24",
* zoneId: fooZones.then(fooZones => fooZones.zones?.[0]?.id),
* vpcId: fooVpc.id,
* });
* // create security group
* const fooSecurityGroup = new volcengine.vpc.SecurityGroup("fooSecurityGroup", {
* securityGroupName: "acc-test-security-group",
* vpcId: fooVpc.id,
* });
* // create vke cluster
* const fooCluster = new volcengine.vke.Cluster("fooCluster", {
* description: "created by terraform",
* projectName: "default",
* deleteProtectionEnabled: false,
* clusterConfig: {
* subnetIds: [fooSubnet.id],
* apiServerPublicAccessEnabled: true,
* apiServerPublicAccessConfig: {
* publicAccessNetworkConfig: {
* billingType: "PostPaidByBandwidth",
* bandwidth: 1,
* },
* },
* resourcePublicAccessDefaultEnabled: true,
* },
* podsConfig: {
* podNetworkMode: "VpcCniShared",
* vpcCniConfig: {
* subnetIds: [fooSubnet.id],
* },
* },
* servicesConfig: {
* serviceCidrsv4s: ["172.30.0.0/18"],
* },
* tags: [{
* key: "tf-k1",
* value: "tf-v1",
* }],
* });
* const fooPermission = new volcengine.vke.Permission("fooPermission", {
* roleName: "vke:visitor",
* granteeId: 385500000,
* granteeType: "User",
* roleDomain: "cluster",
* clusterId: fooCluster.id,
* });
* ```
*
* ## Import
*
* VkePermission can be imported using the id, e.g.
*
* ```sh
* $ pulumi import volcengine:vke/permission:Permission default resource_id
* ```
*/
export declare class Permission extends pulumi.CustomResource {
/**
* Get an existing Permission resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PermissionState, opts?: pulumi.CustomResourceOptions): Permission;
/**
* Returns true if the given object is an instance of Permission. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Permission;
/**
* The authorized time of the RBAC Permission.
*/
readonly authorizedAt: pulumi.Output<string>;
/**
* The ID of the Authorizer.
*/
readonly authorizerId: pulumi.Output<number>;
/**
* The name of the Authorizer.
*/
readonly authorizerName: pulumi.Output<string>;
/**
* The type of the Authorizer.
*/
readonly authorizerType: pulumi.Output<string>;
/**
* The cluster ID that needs to be authorized to IAM users or roles.
*/
readonly clusterId: pulumi.Output<string>;
/**
* The granted time of the RBAC Permission.
*/
readonly grantedAt: pulumi.Output<string>;
/**
* The ID of the grantee.
*/
readonly granteeId: pulumi.Output<number>;
/**
* The type of the grantee. Valid values: `User`.
*/
readonly granteeType: pulumi.Output<string>;
/**
* Whether the RBAC role is a custom role. Default is false.
*/
readonly isCustomRole: pulumi.Output<boolean>;
/**
* The name of the Kube Role Binding.
*/
readonly kubeRoleBindingName: pulumi.Output<string>;
/**
* The message of the RBAC Permission.
*/
readonly message: pulumi.Output<string>;
/**
* The namespace that needs to be authorized to IAM users or roles.
*/
readonly namespace: pulumi.Output<string>;
/**
* The revoked time of the RBAC Permission.
*/
readonly revokedAt: pulumi.Output<string>;
/**
* The types of permissions granted to IAM users or roles. Valid values: `namespace`, `cluster`, `allClusters`.
* When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignoreChanges ignore changes in fields.
*/
readonly roleDomain: pulumi.Output<string>;
/**
* The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
*/
readonly roleName: pulumi.Output<string>;
/**
* The status of the RBAC Permission.
*/
readonly status: pulumi.Output<string>;
/**
* Create a Permission resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: PermissionArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Permission resources.
*/
export interface PermissionState {
/**
* The authorized time of the RBAC Permission.
*/
authorizedAt?: pulumi.Input<string>;
/**
* The ID of the Authorizer.
*/
authorizerId?: pulumi.Input<number>;
/**
* The name of the Authorizer.
*/
authorizerName?: pulumi.Input<string>;
/**
* The type of the Authorizer.
*/
authorizerType?: pulumi.Input<string>;
/**
* The cluster ID that needs to be authorized to IAM users or roles.
*/
clusterId?: pulumi.Input<string>;
/**
* The granted time of the RBAC Permission.
*/
grantedAt?: pulumi.Input<string>;
/**
* The ID of the grantee.
*/
granteeId?: pulumi.Input<number>;
/**
* The type of the grantee. Valid values: `User`.
*/
granteeType?: pulumi.Input<string>;
/**
* Whether the RBAC role is a custom role. Default is false.
*/
isCustomRole?: pulumi.Input<boolean>;
/**
* The name of the Kube Role Binding.
*/
kubeRoleBindingName?: pulumi.Input<string>;
/**
* The message of the RBAC Permission.
*/
message?: pulumi.Input<string>;
/**
* The namespace that needs to be authorized to IAM users or roles.
*/
namespace?: pulumi.Input<string>;
/**
* The revoked time of the RBAC Permission.
*/
revokedAt?: pulumi.Input<string>;
/**
* The types of permissions granted to IAM users or roles. Valid values: `namespace`, `cluster`, `allClusters`.
* When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignoreChanges ignore changes in fields.
*/
roleDomain?: pulumi.Input<string>;
/**
* The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
*/
roleName?: pulumi.Input<string>;
/**
* The status of the RBAC Permission.
*/
status?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a Permission resource.
*/
export interface PermissionArgs {
/**
* The cluster ID that needs to be authorized to IAM users or roles.
*/
clusterId?: pulumi.Input<string>;
/**
* The ID of the grantee.
*/
granteeId: pulumi.Input<number>;
/**
* The type of the grantee. Valid values: `User`.
*/
granteeType: pulumi.Input<string>;
/**
* Whether the RBAC role is a custom role. Default is false.
*/
isCustomRole?: pulumi.Input<boolean>;
/**
* The namespace that needs to be authorized to IAM users or roles.
*/
namespace?: pulumi.Input<string>;
/**
* The types of permissions granted to IAM users or roles. Valid values: `namespace`, `cluster`, `allClusters`.
* When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignoreChanges ignore changes in fields.
*/
roleDomain: pulumi.Input<string>;
/**
* The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
*/
roleName: pulumi.Input<string>;
}