Docs Home
akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community
akeyless.Role
Explore with Pulumi AI
akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community
Role Resource
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as akeyless from "@pulumi/akeyless";
export = async () => {
const apiKey = new akeyless.AuthMethod("apiKey", {
path: "auth-method-api-key-demo",
apiKeys: [{}],
});
const role = new akeyless.Role("role", {
assocAuthMethods: [{
amName: "auth-method-api-key-demo",
subClaims: {
groups: "developers,readers",
users: "bob",
},
}],
rules: [{
capabilities: ["read"],
path: "/*",
ruleType: "auth-method-rule",
}],
}, {
dependsOn: [apiKey],
});
const demo_roleRole = akeyless.getRoleOutput({
name: role.roleId,
});
return {
"demo-role": demo_roleRole,
};
}
import pulumi
import pulumi_akeyless as akeyless
api_key = akeyless.AuthMethod("apiKey",
path="auth-method-api-key-demo",
api_keys=[{}])
role = akeyless.Role("role",
assoc_auth_methods=[{
"am_name": "auth-method-api-key-demo",
"sub_claims": {
"groups": "developers,readers",
"users": "bob",
},
}],
rules=[{
"capabilities": ["read"],
"path": "/*",
"rule_type": "auth-method-rule",
}],
opts = pulumi.ResourceOptions(depends_on=[api_key]))
demo_role_role = akeyless.get_role_output(name=role.role_id)
pulumi.export("demo-role", demo_role_role)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/akeyless/akeyless"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
apiKey, err := akeyless.NewAuthMethod(ctx, "apiKey", &akeyless.AuthMethodArgs{
Path: pulumi.String("auth-method-api-key-demo"),
ApiKeys: akeyless.AuthMethodApiKeyTypeArray{
&akeyless.AuthMethodApiKeyTypeArgs{},
},
})
if err != nil {
return err
}
role, err := akeyless.NewRole(ctx, "role", &akeyless.RoleArgs{
AssocAuthMethods: akeyless.RoleAssocAuthMethodArray{
&akeyless.RoleAssocAuthMethodArgs{
AmName: pulumi.String("auth-method-api-key-demo"),
SubClaims: pulumi.StringMap{
"groups": pulumi.String("developers,readers"),
"users": pulumi.String("bob"),
},
},
},
Rules: akeyless.RoleRuleArray{
&akeyless.RoleRuleArgs{
Capabilities: pulumi.StringArray{
pulumi.String("read"),
},
Path: pulumi.String("/*"),
RuleType: pulumi.String("auth-method-rule"),
},
},
}, pulumi.DependsOn([]pulumi.Resource{
apiKey,
}))
if err != nil {
return err
}
demo_roleRole := akeyless.LookupRoleOutput(ctx, akeyless.GetRoleOutputArgs{
Name: role.RoleId,
}, nil)
ctx.Export("demo-role", demo_roleRole)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Akeyless = Pulumi.Akeyless;
return await Deployment.RunAsync(() =>
{
var apiKey = new Akeyless.AuthMethod("apiKey", new()
{
Path = "auth-method-api-key-demo",
ApiKeys = new[]
{
null,
},
});
var role = new Akeyless.Role("role", new()
{
AssocAuthMethods = new[]
{
new Akeyless.Inputs.RoleAssocAuthMethodArgs
{
AmName = "auth-method-api-key-demo",
SubClaims =
{
{ "groups", "developers,readers" },
{ "users", "bob" },
},
},
},
Rules = new[]
{
new Akeyless.Inputs.RoleRuleArgs
{
Capabilities = new[]
{
"read",
},
Path = "/*",
RuleType = "auth-method-rule",
},
},
}, new CustomResourceOptions
{
DependsOn =
{
apiKey,
},
});
var demo_roleRole = Akeyless.GetRole.Invoke(new()
{
Name = role.RoleId,
});
return new Dictionary<string, object?>
{
["demo-role"] = demo_roleRole,
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.akeyless.AuthMethod;
import com.pulumi.akeyless.AuthMethodArgs;
import com.pulumi.akeyless.inputs.AuthMethodApiKeyArgs;
import com.pulumi.akeyless.Role;
import com.pulumi.akeyless.RoleArgs;
import com.pulumi.akeyless.inputs.RoleAssocAuthMethodArgs;
import com.pulumi.akeyless.inputs.RoleRuleArgs;
import com.pulumi.akeyless.AkeylessFunctions;
import com.pulumi.akeyless.inputs.GetRoleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var apiKey = new AuthMethod("apiKey", AuthMethodArgs.builder()
.path("auth-method-api-key-demo")
.apiKeys()
.build());
var role = new Role("role", RoleArgs.builder()
.assocAuthMethods(RoleAssocAuthMethodArgs.builder()
.amName("auth-method-api-key-demo")
.subClaims(Map.ofEntries(
Map.entry("groups", "developers,readers"),
Map.entry("users", "bob")
))
.build())
.rules(RoleRuleArgs.builder()
.capabilities("read")
.path("/*")
.ruleType("auth-method-rule")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(apiKey)
.build());
final var demo-roleRole = AkeylessFunctions.getRole(GetRoleArgs.builder()
.name(role.roleId())
.build());
ctx.export("demo-role", demo_roleRole);
}
}
resources:
apiKey:
type: akeyless:AuthMethod
properties:
path: auth-method-api-key-demo
apiKeys:
- {}
role:
type: akeyless:Role
properties:
assocAuthMethods:
- amName: auth-method-api-key-demo
subClaims:
groups: developers,readers
users: bob
rules:
- capabilities:
- read
path: /*
ruleType: auth-method-rule
options:
dependsOn:
- ${apiKey}
variables:
demo-roleRole:
fn::invoke:
function: akeyless:getRole
arguments:
name: ${role.roleId}
outputs:
demo-role: ${["demo-roleRole"]}
Create Role Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Role(name: string, args?: RoleArgs, opts?: CustomResourceOptions);@overload
def Role(resource_name: str,
args: Optional[RoleArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Role(resource_name: str,
opts: Optional[ResourceOptions] = None,
analytics_access: Optional[str] = None,
assoc_auth_methods: Optional[Sequence[RoleAssocAuthMethodArgs]] = None,
audit_access: Optional[str] = None,
delete_protection: Optional[str] = None,
description: Optional[str] = None,
event_center_access: Optional[str] = None,
event_forwarders_access: Optional[str] = None,
gw_analytics_access: Optional[str] = None,
name: Optional[str] = None,
role_id: Optional[str] = None,
rules: Optional[Sequence[RoleRuleArgs]] = None,
sra_reports_access: Optional[str] = None,
usage_reports_access: Optional[str] = None)func NewRole(ctx *Context, name string, args *RoleArgs, opts ...ResourceOption) (*Role, error)public Role(string name, RoleArgs? args = null, CustomResourceOptions? opts = null)type: akeyless:Role
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var roleResource = new Akeyless.Role("roleResource", new()
{
AnalyticsAccess = "string",
AuditAccess = "string",
DeleteProtection = "string",
Description = "string",
EventCenterAccess = "string",
EventForwardersAccess = "string",
GwAnalyticsAccess = "string",
Name = "string",
RoleId = "string",
Rules = new[]
{
new Akeyless.Inputs.RoleRuleArgs
{
Capabilities = new[]
{
"string",
},
Path = "string",
RuleType = "string",
},
},
SraReportsAccess = "string",
UsageReportsAccess = "string",
});
example, err := akeyless.NewRole(ctx, "roleResource", &akeyless.RoleArgs{
AnalyticsAccess: pulumi.String("string"),
AuditAccess: pulumi.String("string"),
DeleteProtection: pulumi.String("string"),
Description: pulumi.String("string"),
EventCenterAccess: pulumi.String("string"),
EventForwardersAccess: pulumi.String("string"),
GwAnalyticsAccess: pulumi.String("string"),
Name: pulumi.String("string"),
RoleId: pulumi.String("string"),
Rules: akeyless.RoleRuleArray{
&akeyless.RoleRuleArgs{
Capabilities: pulumi.StringArray{
pulumi.String("string"),
},
Path: pulumi.String("string"),
RuleType: pulumi.String("string"),
},
},
SraReportsAccess: pulumi.String("string"),
UsageReportsAccess: pulumi.String("string"),
})
var roleResource = new Role("roleResource", RoleArgs.builder()
.analyticsAccess("string")
.auditAccess("string")
.deleteProtection("string")
.description("string")
.eventCenterAccess("string")
.eventForwardersAccess("string")
.gwAnalyticsAccess("string")
.name("string")
.roleId("string")
.rules(RoleRuleArgs.builder()
.capabilities("string")
.path("string")
.ruleType("string")
.build())
.sraReportsAccess("string")
.usageReportsAccess("string")
.build());
role_resource = akeyless.Role("roleResource",
analytics_access="string",
audit_access="string",
delete_protection="string",
description="string",
event_center_access="string",
event_forwarders_access="string",
gw_analytics_access="string",
name="string",
role_id="string",
rules=[{
"capabilities": ["string"],
"path": "string",
"rule_type": "string",
}],
sra_reports_access="string",
usage_reports_access="string")
const roleResource = new akeyless.Role("roleResource", {
analyticsAccess: "string",
auditAccess: "string",
deleteProtection: "string",
description: "string",
eventCenterAccess: "string",
eventForwardersAccess: "string",
gwAnalyticsAccess: "string",
name: "string",
roleId: "string",
rules: [{
capabilities: ["string"],
path: "string",
ruleType: "string",
}],
sraReportsAccess: "string",
usageReportsAccess: "string",
});
type: akeyless:Role
properties:
analyticsAccess: string
auditAccess: string
deleteProtection: string
description: string
eventCenterAccess: string
eventForwardersAccess: string
gwAnalyticsAccess: string
name: string
roleId: string
rules:
- capabilities:
- string
path: string
ruleType: string
sraReportsAccess: string
usageReportsAccess: string
Role Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Role resource accepts the following input properties:
- Analytics
Access string - Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- Assoc
Auth List<RoleMethods Assoc Auth Method> - Create an association between role and auth method
- Audit
Access string - Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods.
- Delete
Protection string - Protection from accidental deletion of this role, [true/false]
- Description string
- Description of the object
- Event
Center stringAccess - Allow this role to view Event Center. Currently only 'none', 'own' and 'all' values are supported.
- Event
Forwarders stringAccess - Allow this role to manage Event Forwarders. Currently only 'none' and 'all' values are supported.
- Gw
Analytics stringAccess - Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- Name string
- Role name
- Role
Id string - The ID of this resource.
- Rules
List<Role
Rule> - Set a rule to a role
- Sra
Reports stringAccess - Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported.
- Usage
Reports stringAccess - Allow this role to view Usage reports. Currently only 'none' and 'all' values are supported.
- Analytics
Access string - Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- Assoc
Auth []RoleMethods Assoc Auth Method Args - Create an association between role and auth method
- Audit
Access string - Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods.
- Delete
Protection string - Protection from accidental deletion of this role, [true/false]
- Description string
- Description of the object
- Event
Center stringAccess - Allow this role to view Event Center. Currently only 'none', 'own' and 'all' values are supported.
- Event
Forwarders stringAccess - Allow this role to manage Event Forwarders. Currently only 'none' and 'all' values are supported.
- Gw
Analytics stringAccess - Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- Name string
- Role name
- Role
Id string - The ID of this resource.
- Rules
[]Role
Rule Args - Set a rule to a role
- Sra
Reports stringAccess - Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported.
- Usage
Reports stringAccess - Allow this role to view Usage reports. Currently only 'none' and 'all' values are supported.
- analytics
Access String - Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- assoc
Auth List<RoleMethods Assoc Auth Method> - Create an association between role and auth method
- audit
Access String - Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods.
- delete
Protection String - Protection from accidental deletion of this role, [true/false]
- description String
- Description of the object
- event
Center StringAccess - Allow this role to view Event Center. Currently only 'none', 'own' and 'all' values are supported.
- event
Forwarders StringAccess - Allow this role to manage Event Forwarders. Currently only 'none' and 'all' values are supported.
- gw
Analytics StringAccess - Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- name String
- Role name
- role
Id String - The ID of this resource.
- rules
List<Role
Rule> - Set a rule to a role
- sra
Reports StringAccess - Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported.
- usage
Reports StringAccess - Allow this role to view Usage reports. Currently only 'none' and 'all' values are supported.
- analytics
Access string - Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- assoc
Auth RoleMethods Assoc Auth Method[] - Create an association between role and auth method
- audit
Access string - Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods.
- delete
Protection string - Protection from accidental deletion of this role, [true/false]
- description string
- Description of the object
- event
Center stringAccess - Allow this role to view Event Center. Currently only 'none', 'own' and 'all' values are supported.
- event
Forwarders stringAccess - Allow this role to manage Event Forwarders. Currently only 'none' and 'all' values are supported.
- gw
Analytics stringAccess - Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- name string
- Role name
- role
Id string - The ID of this resource.
- rules
Role
Rule[] - Set a rule to a role
- sra
Reports stringAccess - Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported.
- usage
Reports stringAccess - Allow this role to view Usage reports. Currently only 'none' and 'all' values are supported.
- analytics_
access str - Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- assoc_
auth_ Sequence[Rolemethods Assoc Auth Method Args] - Create an association between role and auth method
- audit_
access str - Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods.
- delete_
protection str - Protection from accidental deletion of this role, [true/false]
- description str
- Description of the object
- event_
center_ straccess - Allow this role to view Event Center. Currently only 'none', 'own' and 'all' values are supported.
- event_
forwarders_ straccess - Allow this role to manage Event Forwarders. Currently only 'none' and 'all' values are supported.
- gw_
analytics_ straccess - Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- name str
- Role name
- role_
id str - The ID of this resource.
- rules
Sequence[Role
Rule Args] - Set a rule to a role
- sra_
reports_ straccess - Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported.
- usage_
reports_ straccess - Allow this role to view Usage reports. Currently only 'none' and 'all' values are supported.
- analytics
Access String - Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- assoc
Auth List<Property Map>Methods - Create an association between role and auth method
- audit
Access String - Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods.
- delete
Protection String - Protection from accidental deletion of this role, [true/false]
- description String
- Description of the object
- event
Center StringAccess - Allow this role to view Event Center. Currently only 'none', 'own' and 'all' values are supported.
- event
Forwarders StringAccess - Allow this role to manage Event Forwarders. Currently only 'none' and 'all' values are supported.
- gw
Analytics StringAccess - Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- name String
- Role name
- role
Id String - The ID of this resource.
- rules List<Property Map>
- Set a rule to a role
- sra
Reports StringAccess - Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported.
- usage
Reports StringAccess - Allow this role to view Usage reports. Currently only 'none' and 'all' values are supported.
Outputs
All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Restricted
Rules List<RoleRestricted Rule>
- Id string
- The provider-assigned unique ID for this managed resource.
- Restricted
Rules []RoleRestricted Rule
- id String
- The provider-assigned unique ID for this managed resource.
- restricted
Rules List<RoleRestricted Rule>
- id string
- The provider-assigned unique ID for this managed resource.
- restricted
Rules RoleRestricted Rule[]
- id str
- The provider-assigned unique ID for this managed resource.
- restricted_
rules Sequence[RoleRestricted Rule]
- id String
- The provider-assigned unique ID for this managed resource.
- restricted
Rules List<Property Map>
Look up Existing Role Resource
Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RoleState, opts?: CustomResourceOptions): Role@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
analytics_access: Optional[str] = None,
assoc_auth_methods: Optional[Sequence[RoleAssocAuthMethodArgs]] = None,
audit_access: Optional[str] = None,
delete_protection: Optional[str] = None,
description: Optional[str] = None,
event_center_access: Optional[str] = None,
event_forwarders_access: Optional[str] = None,
gw_analytics_access: Optional[str] = None,
name: Optional[str] = None,
restricted_rules: Optional[Sequence[RoleRestrictedRuleArgs]] = None,
role_id: Optional[str] = None,
rules: Optional[Sequence[RoleRuleArgs]] = None,
sra_reports_access: Optional[str] = None,
usage_reports_access: Optional[str] = None) -> Rolefunc GetRole(ctx *Context, name string, id IDInput, state *RoleState, opts ...ResourceOption) (*Role, error)public static Role Get(string name, Input<string> id, RoleState? state, CustomResourceOptions? opts = null)public static Role get(String name, Output<String> id, RoleState state, CustomResourceOptions options)resources: _: type: akeyless:Role get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Analytics
Access string - Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- Assoc
Auth List<RoleMethods Assoc Auth Method> - Create an association between role and auth method
- Audit
Access string - Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods.
- Delete
Protection string - Protection from accidental deletion of this role, [true/false]
- Description string
- Description of the object
- Event
Center stringAccess - Allow this role to view Event Center. Currently only 'none', 'own' and 'all' values are supported.
- Event
Forwarders stringAccess - Allow this role to manage Event Forwarders. Currently only 'none' and 'all' values are supported.
- Gw
Analytics stringAccess - Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- Name string
- Role name
- Restricted
Rules List<RoleRestricted Rule> - Role
Id string - The ID of this resource.
- Rules
List<Role
Rule> - Set a rule to a role
- Sra
Reports stringAccess - Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported.
- Usage
Reports stringAccess - Allow this role to view Usage reports. Currently only 'none' and 'all' values are supported.
- Analytics
Access string - Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- Assoc
Auth []RoleMethods Assoc Auth Method Args - Create an association between role and auth method
- Audit
Access string - Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods.
- Delete
Protection string - Protection from accidental deletion of this role, [true/false]
- Description string
- Description of the object
- Event
Center stringAccess - Allow this role to view Event Center. Currently only 'none', 'own' and 'all' values are supported.
- Event
Forwarders stringAccess - Allow this role to manage Event Forwarders. Currently only 'none' and 'all' values are supported.
- Gw
Analytics stringAccess - Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- Name string
- Role name
- Restricted
Rules []RoleRestricted Rule Args - Role
Id string - The ID of this resource.
- Rules
[]Role
Rule Args - Set a rule to a role
- Sra
Reports stringAccess - Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported.
- Usage
Reports stringAccess - Allow this role to view Usage reports. Currently only 'none' and 'all' values are supported.
- analytics
Access String - Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- assoc
Auth List<RoleMethods Assoc Auth Method> - Create an association between role and auth method
- audit
Access String - Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods.
- delete
Protection String - Protection from accidental deletion of this role, [true/false]
- description String
- Description of the object
- event
Center StringAccess - Allow this role to view Event Center. Currently only 'none', 'own' and 'all' values are supported.
- event
Forwarders StringAccess - Allow this role to manage Event Forwarders. Currently only 'none' and 'all' values are supported.
- gw
Analytics StringAccess - Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- name String
- Role name
- restricted
Rules List<RoleRestricted Rule> - role
Id String - The ID of this resource.
- rules
List<Role
Rule> - Set a rule to a role
- sra
Reports StringAccess - Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported.
- usage
Reports StringAccess - Allow this role to view Usage reports. Currently only 'none' and 'all' values are supported.
- analytics
Access string - Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- assoc
Auth RoleMethods Assoc Auth Method[] - Create an association between role and auth method
- audit
Access string - Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods.
- delete
Protection string - Protection from accidental deletion of this role, [true/false]
- description string
- Description of the object
- event
Center stringAccess - Allow this role to view Event Center. Currently only 'none', 'own' and 'all' values are supported.
- event
Forwarders stringAccess - Allow this role to manage Event Forwarders. Currently only 'none' and 'all' values are supported.
- gw
Analytics stringAccess - Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- name string
- Role name
- restricted
Rules RoleRestricted Rule[] - role
Id string - The ID of this resource.
- rules
Role
Rule[] - Set a rule to a role
- sra
Reports stringAccess - Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported.
- usage
Reports stringAccess - Allow this role to view Usage reports. Currently only 'none' and 'all' values are supported.
- analytics_
access str - Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- assoc_
auth_ Sequence[Rolemethods Assoc Auth Method Args] - Create an association between role and auth method
- audit_
access str - Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods.
- delete_
protection str - Protection from accidental deletion of this role, [true/false]
- description str
- Description of the object
- event_
center_ straccess - Allow this role to view Event Center. Currently only 'none', 'own' and 'all' values are supported.
- event_
forwarders_ straccess - Allow this role to manage Event Forwarders. Currently only 'none' and 'all' values are supported.
- gw_
analytics_ straccess - Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- name str
- Role name
- restricted_
rules Sequence[RoleRestricted Rule Args] - role_
id str - The ID of this resource.
- rules
Sequence[Role
Rule Args] - Set a rule to a role
- sra_
reports_ straccess - Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported.
- usage_
reports_ straccess - Allow this role to view Usage reports. Currently only 'none' and 'all' values are supported.
- analytics
Access String - Allow this role to view analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- assoc
Auth List<Property Map>Methods - Create an association between role and auth method
- audit
Access String - Allow this role to view audit logs. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view audit logs produced by the same auth methods.
- delete
Protection String - Protection from accidental deletion of this role, [true/false]
- description String
- Description of the object
- event
Center StringAccess - Allow this role to view Event Center. Currently only 'none', 'own' and 'all' values are supported.
- event
Forwarders StringAccess - Allow this role to manage Event Forwarders. Currently only 'none' and 'all' values are supported.
- gw
Analytics StringAccess - Allow this role to view gw analytics. Currently only 'none', 'own' and 'all' values are supported, allowing associated auth methods to view reports produced by the same auth methods.
- name String
- Role name
- restricted
Rules List<Property Map> - role
Id String - The ID of this resource.
- rules List<Property Map>
- Set a rule to a role
- sra
Reports StringAccess - Allow this role to view SRA Clusters. Currently only 'none', 'own' and 'all' values are supported.
- usage
Reports StringAccess - Allow this role to view Usage reports. Currently only 'none' and 'all' values are supported.
Supporting Types
RoleAssocAuthMethod, RoleAssocAuthMethodArgs
- Am
Name string - The auth method to associate
- Access
Id string - The access ID of the auth method
- Assoc
Id string - The association ID
- Case
Sensitive string - Treat sub claims as case-sensitive
- Sub
Claims Dictionary<string, string> - key/val of sub claims, e.g group=admins,developers
- Am
Name string - The auth method to associate
- Access
Id string - The access ID of the auth method
- Assoc
Id string - The association ID
- Case
Sensitive string - Treat sub claims as case-sensitive
- Sub
Claims map[string]string - key/val of sub claims, e.g group=admins,developers
- am
Name String - The auth method to associate
- access
Id String - The access ID of the auth method
- assoc
Id String - The association ID
- case
Sensitive String - Treat sub claims as case-sensitive
- sub
Claims Map<String,String> - key/val of sub claims, e.g group=admins,developers
- am
Name string - The auth method to associate
- access
Id string - The access ID of the auth method
- assoc
Id string - The association ID
- case
Sensitive string - Treat sub claims as case-sensitive
- sub
Claims {[key: string]: string} - key/val of sub claims, e.g group=admins,developers
- am_
name str - The auth method to associate
- access_
id str - The access ID of the auth method
- assoc_
id str - The association ID
- case_
sensitive str - Treat sub claims as case-sensitive
- sub_
claims Mapping[str, str] - key/val of sub claims, e.g group=admins,developers
- am
Name String - The auth method to associate
- access
Id String - The access ID of the auth method
- assoc
Id String - The association ID
- case
Sensitive String - Treat sub claims as case-sensitive
- sub
Claims Map<String> - key/val of sub claims, e.g group=admins,developers
RoleRestrictedRule, RoleRestrictedRuleArgs
- Capabilities List<string>
- Path string
- Rule
Type string
- Capabilities []string
- Path string
- Rule
Type string
- capabilities List<String>
- path String
- rule
Type String
- capabilities string[]
- path string
- rule
Type string
- capabilities Sequence[str]
- path str
- rule_
type str
- capabilities List<String>
- path String
- rule
Type String
RoleRule, RoleRuleArgs
- Capabilities List<string>
- List of the approved/denied capabilities in the path options: [read, create, update, delete, list, deny] for sra-rule type: [allowaccess, requestaccess, justifyaccessonly, approvalauthority, uploadfiles, download_files]
- Path string
- The path the rule refers to
- Rule
Type string - item-rule, target-rule, role-rule, auth-method-rule, sra-rule
- Capabilities []string
- List of the approved/denied capabilities in the path options: [read, create, update, delete, list, deny] for sra-rule type: [allowaccess, requestaccess, justifyaccessonly, approvalauthority, uploadfiles, download_files]
- Path string
- The path the rule refers to
- Rule
Type string - item-rule, target-rule, role-rule, auth-method-rule, sra-rule
- capabilities List<String>
- List of the approved/denied capabilities in the path options: [read, create, update, delete, list, deny] for sra-rule type: [allowaccess, requestaccess, justifyaccessonly, approvalauthority, uploadfiles, download_files]
- path String
- The path the rule refers to
- rule
Type String - item-rule, target-rule, role-rule, auth-method-rule, sra-rule
- capabilities string[]
- List of the approved/denied capabilities in the path options: [read, create, update, delete, list, deny] for sra-rule type: [allowaccess, requestaccess, justifyaccessonly, approvalauthority, uploadfiles, download_files]
- path string
- The path the rule refers to
- rule
Type string - item-rule, target-rule, role-rule, auth-method-rule, sra-rule
- capabilities Sequence[str]
- List of the approved/denied capabilities in the path options: [read, create, update, delete, list, deny] for sra-rule type: [allowaccess, requestaccess, justifyaccessonly, approvalauthority, uploadfiles, download_files]
- path str
- The path the rule refers to
- rule_
type str - item-rule, target-rule, role-rule, auth-method-rule, sra-rule
- capabilities List<String>
- List of the approved/denied capabilities in the path options: [read, create, update, delete, list, deny] for sra-rule type: [allowaccess, requestaccess, justifyaccessonly, approvalauthority, uploadfiles, download_files]
- path String
- The path the rule refers to
- rule
Type String - item-rule, target-rule, role-rule, auth-method-rule, sra-rule
Import
$ pulumi import akeyless:index/role:Role example /full-role-path/and-name-in-akeyless
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- akeyless akeyless-community/terraform-provider-akeyless
- License
- Notes
- This Pulumi package is based on the
akeylessTerraform Provider.
akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community