astra logo
astra v1.0.35, Jul 27 22

astra.Role

astra.Role resource represents custom roles for a particular Astra Org. Custom roles can be assigned to an Astra user is to grant them granular permissions when the default roles in the UI are not specific enough. Roles are composed of policies which are granted to resources.

Example Usage

using Pulumi;
using Astra = Pulumiverse.Astra;

class MyStack : Stack
{
    public MyStack()
    {
        var example = new Astra.Role("example", new Astra.RoleArgs
        {
            Description = "test role",
            Effect = "allow",
            Policies = 
            {
                "db-all-keyspace-create",
            },
            Resources = 
            {
                "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73",
            },
            RoleName = "puppies",
        });
        var example2 = new Astra.Role("example2", new Astra.RoleArgs
        {
            Description = "complex role",
            Effect = "allow",
            Policies = 
            {
                "accesslist-read",
                "db-all-keyspace-describe",
                "db-keyspace-describe",
                "db-table-select",
                "db-table-describe",
                "db-graphql",
                "db-rest",
                "db-cql",
            },
            Resources = 
            {
                "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73",
                "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50",
                "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_schema:table:*",
                "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system:table:*",
                "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_virtual_schema:table:*",
                "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*",
                "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*:table:*",
            },
            RoleName = "puppies",
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-astra/sdk/go/astra"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := astra.NewRole(ctx, "example", &astra.RoleArgs{
			Description: pulumi.String("test role"),
			Effect:      pulumi.String("allow"),
			Policies: pulumi.StringArray{
				pulumi.String("db-all-keyspace-create"),
			},
			Resources: pulumi.StringArray{
				pulumi.String("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73"),
			},
			RoleName: pulumi.String("puppies"),
		})
		if err != nil {
			return err
		}
		_, err = astra.NewRole(ctx, "example2", &astra.RoleArgs{
			Description: pulumi.String("complex role"),
			Effect:      pulumi.String("allow"),
			Policies: pulumi.StringArray{
				pulumi.String("accesslist-read"),
				pulumi.String("db-all-keyspace-describe"),
				pulumi.String("db-keyspace-describe"),
				pulumi.String("db-table-select"),
				pulumi.String("db-table-describe"),
				pulumi.String("db-graphql"),
				pulumi.String("db-rest"),
				pulumi.String("db-cql"),
			},
			Resources: pulumi.StringArray{
				pulumi.String("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73"),
				pulumi.String("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50"),
				pulumi.String("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_schema:table:*"),
				pulumi.String("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system:table:*"),
				pulumi.String("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_virtual_schema:table:*"),
				pulumi.String("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*"),
				pulumi.String("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*:table:*"),
			},
			RoleName: pulumi.String("puppies"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.astra.Role;
import com.pulumi.astra.RoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Role("example", RoleArgs.builder()        
            .description("test role")
            .effect("allow")
            .policies("db-all-keyspace-create")
            .resources("drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73")
            .roleName("puppies")
            .build());

        var example2 = new Role("example2", RoleArgs.builder()        
            .description("complex role")
            .effect("allow")
            .policies(            
                "accesslist-read",
                "db-all-keyspace-describe",
                "db-keyspace-describe",
                "db-table-select",
                "db-table-describe",
                "db-graphql",
                "db-rest",
                "db-cql")
            .resources(            
                "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73",
                "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50",
                "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_schema:table:*",
                "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system:table:*",
                "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_virtual_schema:table:*",
                "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*",
                "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*:table:*")
            .roleName("puppies")
            .build());

    }
}
import pulumi
import pulumiverse_astra as astra

example = astra.Role("example",
    description="test role",
    effect="allow",
    policies=["db-all-keyspace-create"],
    resources=["drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73"],
    role_name="puppies")
example2 = astra.Role("example2",
    description="complex role",
    effect="allow",
    policies=[
        "accesslist-read",
        "db-all-keyspace-describe",
        "db-keyspace-describe",
        "db-table-select",
        "db-table-describe",
        "db-graphql",
        "db-rest",
        "db-cql",
    ],
    resources=[
        "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73",
        "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50",
        "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_schema:table:*",
        "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system:table:*",
        "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_virtual_schema:table:*",
        "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*",
        "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*:table:*",
    ],
    role_name="puppies")
import * as pulumi from "@pulumi/pulumi";
import * as astra from "@pulumi/astra";

const example = new astra.Role("example", {
    description: "test role",
    effect: "allow",
    policies: ["db-all-keyspace-create"],
    resources: ["drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73"],
    roleName: "puppies",
});
const example2 = new astra.Role("example2", {
    description: "complex role",
    effect: "allow",
    policies: [
        "accesslist-read",
        "db-all-keyspace-describe",
        "db-keyspace-describe",
        "db-table-select",
        "db-table-describe",
        "db-graphql",
        "db-rest",
        "db-cql",
    ],
    resources: [
        "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73",
        "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50",
        "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_schema:table:*",
        "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system:table:*",
        "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_virtual_schema:table:*",
        "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*",
        "drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*:table:*",
    ],
    roleName: "puppies",
});
resources:
  example:
    type: astra:Role
    properties:
      description: test role
      effect: allow
      policies:
        - db-all-keyspace-create
      resources:
        - drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73
      roleName: puppies
  example2:
    type: astra:Role
    properties:
      description: complex role
      effect: allow
      policies:
        - accesslist-read
        - db-all-keyspace-describe
        - db-keyspace-describe
        - db-table-select
        - db-table-describe
        - db-graphql
        - db-rest
        - db-cql
      resources:
        - drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73
        - drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50
        - drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_schema:table:*
        - drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system:table:*
        - drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:system_virtual_schema:table:*
        - drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*
        - drn:astra:org:f9f4b1e0-4c05-451e-9bba-d631295a7f73:db:5b70892f-e01a-4595-98e6-19ecc9985d50:keyspace:*:table:*
      roleName: puppies

Create Role Resource

new Role(name: string, args: RoleArgs, opts?: CustomResourceOptions);
@overload
def Role(resource_name: str,
         opts: Optional[ResourceOptions] = None,
         description: Optional[str] = None,
         effect: Optional[str] = None,
         policies: Optional[Sequence[str]] = None,
         resources: Optional[Sequence[str]] = None,
         role_name: Optional[str] = None)
@overload
def Role(resource_name: str,
         args: RoleArgs,
         opts: Optional[ResourceOptions] = None)
func NewRole(ctx *Context, name string, args RoleArgs, opts ...ResourceOption) (*Role, error)
public Role(string name, RoleArgs args, CustomResourceOptions? opts = null)
public Role(String name, RoleArgs args)
public Role(String name, RoleArgs args, CustomResourceOptions options)
type: astra:Role
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args RoleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args RoleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args RoleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args RoleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args RoleArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Role Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Role resource accepts the following input properties:

Description string

Role description

Effect string

Role effect

Policies List<string>

List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.

Resources List<string>

Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).

RoleName string

Role name

Description string

Role description

Effect string

Role effect

Policies []string

List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.

Resources []string

Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).

RoleName string

Role name

description String

Role description

effect String

Role effect

policies List<String>

List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.

resources List<String>

Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).

roleName String

Role name

description string

Role description

effect string

Role effect

policies string[]

List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.

resources string[]

Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).

roleName string

Role name

description str

Role description

effect str

Role effect

policies Sequence[str]

List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.

resources Sequence[str]

Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).

role_name str

Role name

description String

Role description

effect String

Role effect

policies List<String>

List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.

resources List<String>

Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).

roleName String

Role name

Outputs

All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

RoleId string

Role ID, system generated

Id string

The provider-assigned unique ID for this managed resource.

RoleId string

Role ID, system generated

id String

The provider-assigned unique ID for this managed resource.

roleId String

Role ID, system generated

id string

The provider-assigned unique ID for this managed resource.

roleId string

Role ID, system generated

id str

The provider-assigned unique ID for this managed resource.

role_id str

Role ID, system generated

id String

The provider-assigned unique ID for this managed resource.

roleId String

Role ID, system generated

Look up Existing Role Resource

Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: RoleState, opts?: CustomResourceOptions): Role
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description: Optional[str] = None,
        effect: Optional[str] = None,
        policies: Optional[Sequence[str]] = None,
        resources: Optional[Sequence[str]] = None,
        role_id: Optional[str] = None,
        role_name: Optional[str] = None) -> Role
func GetRole(ctx *Context, name string, id IDInput, state *RoleState, opts ...ResourceOption) (*Role, error)
public static Role Get(string name, Input<string> id, RoleState? state, CustomResourceOptions? opts = null)
public static Role get(String name, Output<String> id, RoleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Description string

Role description

Effect string

Role effect

Policies List<string>

List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.

Resources List<string>

Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).

RoleId string

Role ID, system generated

RoleName string

Role name

Description string

Role description

Effect string

Role effect

Policies []string

List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.

Resources []string

Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).

RoleId string

Role ID, system generated

RoleName string

Role name

description String

Role description

effect String

Role effect

policies List<String>

List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.

resources List<String>

Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).

roleId String

Role ID, system generated

roleName String

Role name

description string

Role description

effect string

Role effect

policies string[]

List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.

resources string[]

Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).

roleId string

Role ID, system generated

roleName string

Role name

description str

Role description

effect str

Role effect

policies Sequence[str]

List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.

resources Sequence[str]

Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).

role_id str

Role ID, system generated

role_name str

Role name

description String

Role description

effect String

Role effect

policies List<String>

List of policies for the role. See https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail for supported policies.

resources List<String>

Resources for which role is applicable (format is "drn:astra:org:", followed by optional resource criteria. See example usage above).

roleId String

Role ID, system generated

roleName String

Role name

Import

 $ pulumi import astra:index/role:Role example role-id

Package Details

Repository
astra pulumiverse/pulumi-astra
License
Apache-2.0
Notes

This Pulumi package is based on the astra Terraform Provider.