astra.Role
astra.Role
resource represents custom roles for a particular Astra Org. Custom roles can be assigned to an Astra user is to grant them granular permissions when the default roles in the UI are not specific enough. Roles are composed of policies which are granted to resources.
Example Usage
using Pulumi;
using Astra = Pulumiverse.Astra;
class MyStack : Stack
{
public MyStack()
{
var example = new Astra.Role("example", new Astra.RoleArgs
{
Description = "test role",
Effect = "allow",
Policies =
{
"db-all-keyspace-create",
},
Resources =
{
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73",
},
RoleName = "puppies",
});
var example2 = new Astra.Role("example2", new Astra.RoleArgs
{
Description = "complex role",
Effect = "allow",
Policies =
{
"accesslist-read",
"db-all-keyspace-describe",
"db-keyspace-describe",
"db-table-select",
"db-table-describe",
"db-graphql",
"db-rest",
"db-cql",
},
Resources =
{
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_schema:table:*",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system:table:*",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_virtual_schema:table:*",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*:table:*",
},
RoleName = "puppies",
});
}
}
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-astra/sdk/go/astra"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := astra.NewRole(ctx, "example", &astra.RoleArgs{
Description: pulumi.String("test role"),
Effect: pulumi.String("allow"),
Policies: pulumi.StringArray{
pulumi.String("db-all-keyspace-create"),
},
Resources: pulumi.StringArray{
pulumi.String("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73"),
},
RoleName: pulumi.String("puppies"),
})
if err != nil {
return err
}
_, err = astra.NewRole(ctx, "example2", &astra.RoleArgs{
Description: pulumi.String("complex role"),
Effect: pulumi.String("allow"),
Policies: pulumi.StringArray{
pulumi.String("accesslist-read"),
pulumi.String("db-all-keyspace-describe"),
pulumi.String("db-keyspace-describe"),
pulumi.String("db-table-select"),
pulumi.String("db-table-describe"),
pulumi.String("db-graphql"),
pulumi.String("db-rest"),
pulumi.String("db-cql"),
},
Resources: pulumi.StringArray{
pulumi.String("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73"),
pulumi.String("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50"),
pulumi.String("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_schema:table:*"),
pulumi.String("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system:table:*"),
pulumi.String("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_virtual_schema:table:*"),
pulumi.String("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*"),
pulumi.String("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*:table:*"),
},
RoleName: pulumi.String("puppies"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.astra.Role;
import com.pulumi.astra.RoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Role("example", RoleArgs.builder()
.description("test role")
.effect("allow")
.policies("db-all-keyspace-create")
.resources("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73")
.roleName("puppies")
.build());
var example2 = new Role("example2", RoleArgs.builder()
.description("complex role")
.effect("allow")
.policies(
"accesslist-read",
"db-all-keyspace-describe",
"db-keyspace-describe",
"db-table-select",
"db-table-describe",
"db-graphql",
"db-rest",
"db-cql")
.resources(
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_schema:table:*",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system:table:*",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_virtual_schema:table:*",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*:table:*")
.roleName("puppies")
.build());
}
}
import pulumi
import pulumiverse_astra as astra
example = astra.Role("example",
description="test role",
effect="allow",
policies=["db-all-keyspace-create"],
resources=["drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73"],
role_name="puppies")
example2 = astra.Role("example2",
description="complex role",
effect="allow",
policies=[
"accesslist-read",
"db-all-keyspace-describe",
"db-keyspace-describe",
"db-table-select",
"db-table-describe",
"db-graphql",
"db-rest",
"db-cql",
],
resources=[
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_schema:table:*",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system:table:*",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_virtual_schema:table:*",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*:table:*",
],
role_name="puppies")
import * as pulumi from "@pulumi/pulumi";
import * as astra from "@pulumi/astra";
const example = new astra.Role("example", {
description: "test role",
effect: "allow",
policies: ["db-all-keyspace-create"],
resources: ["drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73"],
roleName: "puppies",
});
const example2 = new astra.Role("example2", {
description: "complex role",
effect: "allow",
policies: [
"accesslist-read",
"db-all-keyspace-describe",
"db-keyspace-describe",
"db-table-select",
"db-table-describe",
"db-graphql",
"db-rest",
"db-cql",
],
resources: [
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_schema:table:*",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system:table:*",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_virtual_schema:table:*",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*",
"drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*:table:*",
],
roleName: "puppies",
});
resources:
example:
type: astra:Role
properties:
description: test role
effect: allow
policies:
- db-all-keyspace-create
resources:
- drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73
roleName: puppies
example2:
type: astra:Role
properties:
description: complex role
effect: allow
policies:
- accesslist-read
- db-all-keyspace-describe
- db-keyspace-describe
- db-table-select
- db-table-describe
- db-graphql
- db-rest
- db-cql
resources:
- drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73
- drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50
- drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_schema:table:*
- drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system:table:*
- drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_virtual_schema:table:*
- drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*
- drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*:table:*
roleName: puppies
Create Role Resource
new Role(name: string, args: RoleArgs, opts?: CustomResourceOptions);
@overload
def Role(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
effect: Optional[str] = None,
policies: Optional[Sequence[str]] = None,
resources: Optional[Sequence[str]] = None,
role_name: Optional[str] = None)
@overload
def Role(resource_name: str,
args: RoleArgs,
opts: Optional[ResourceOptions] = None)
func NewRole(ctx *Context, name string, args RoleArgs, opts ...ResourceOption) (*Role, error)
public Role(string name, RoleArgs args, CustomResourceOptions? opts = null)
type: astra:Role
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Role Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Role resource accepts the following input properties:
- Description string
Role description
- Effect string
Role effect
- Policies List<string>
List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.
- Resources List<string>
Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).
- Role
Name string Role name
- Description string
Role description
- Effect string
Role effect
- Policies []string
List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.
- Resources []string
Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).
- Role
Name string Role name
- description String
Role description
- effect String
Role effect
- policies List<String>
List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.
- resources List<String>
Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).
- role
Name String Role name
- description string
Role description
- effect string
Role effect
- policies string[]
List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.
- resources string[]
Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).
- role
Name string Role name
- description str
Role description
- effect str
Role effect
- policies Sequence[str]
List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.
- resources Sequence[str]
Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).
- role_
name str Role name
- description String
Role description
- effect String
Role effect
- policies List<String>
List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.
- resources List<String>
Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).
- role
Name String Role name
Outputs
All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:
Look up Existing Role Resource
Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RoleState, opts?: CustomResourceOptions): Role
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
effect: Optional[str] = None,
policies: Optional[Sequence[str]] = None,
resources: Optional[Sequence[str]] = None,
role_id: Optional[str] = None,
role_name: Optional[str] = None) -> Role
func GetRole(ctx *Context, name string, id IDInput, state *RoleState, opts ...ResourceOption) (*Role, error)
public static Role Get(string name, Input<string> id, RoleState? state, CustomResourceOptions? opts = null)
public static Role get(String name, Output<String> id, RoleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Description string
Role description
- Effect string
Role effect
- Policies List<string>
List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.
- Resources List<string>
Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).
- Role
Id string Role ID, system generated
- Role
Name string Role name
- Description string
Role description
- Effect string
Role effect
- Policies []string
List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.
- Resources []string
Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).
- Role
Id string Role ID, system generated
- Role
Name string Role name
- description String
Role description
- effect String
Role effect
- policies List<String>
List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.
- resources List<String>
Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).
- role
Id String Role ID, system generated
- role
Name String Role name
- description string
Role description
- effect string
Role effect
- policies string[]
List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.
- resources string[]
Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).
- role
Id string Role ID, system generated
- role
Name string Role name
- description str
Role description
- effect str
Role effect
- policies Sequence[str]
List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.
- resources Sequence[str]
Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).
- role_
id str Role ID, system generated
- role_
name str Role name
- description String
Role description
- effect String
Role effect
- policies List<String>
List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.
- resources List<String>
Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).
- role
Id String Role ID, system generated
- role
Name String Role name
Import
$ pulumi import astra:index/role:Role example role-id
Package Details
- Repository
- astra pulumiverse/pulumi-astra
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
astra
Terraform Provider.