Docs Home
athenz 1.0.45 published on Tuesday, Apr 15, 2025 by athenz
athenz.Group
Explore with Pulumi AI
athenz.Group provides an Athenz group resource.
Example Usage
IMPORTANT NOTE: please do NOT use json syntax but only hcl syntax
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.athenz.Group;
import com.pulumi.athenz.GroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var newgrp = new Group("newgrp", GroupArgs.builder()
.auditRef("create group")
.domain("some_domain")
.members(
Map.of("name", "user.<user-id>"),
Map.ofEntries(
Map.entry("expiration", "2022-12-29 23:59:59"),
Map.entry("name", "<domain>.<service-name>")
))
.tags(Map.ofEntries(
Map.entry("key1", "val1,val2"),
Map.entry("key2", "val3,val4")
))
.build());
}
}
resources:
newgrp:
type: athenz:Group
properties:
auditRef: create group
domain: some_domain
members:
- name: user.<user-id>
- expiration: 2022-12-29 23:59:59
name: <domain>.<service-name>
tags:
key1: val1,val2
key2: val3,val4
Deprecated**
import * as pulumi from "@pulumi/pulumi";
import * as athenz from "@pulumi/athenz";
const newgrp = new athenz.Group("newgrp", {
auditRef: "create group",
domain: "some_domain",
members: [
"user.<user-id>",
"<domain>.<service-name>",
],
});
import pulumi
import pulumi_athenz as athenz
newgrp = athenz.Group("newgrp",
audit_ref="create group",
domain="some_domain",
members=[
"user.<user-id>",
"<domain>.<service-name>",
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := athenz.NewGroup(ctx, "newgrp", &athenz.GroupArgs{
AuditRef: pulumi.String("create group"),
Domain: pulumi.String("some_domain"),
Members: pulumi.StringArray{
pulumi.String("user.<user-id>"),
pulumi.String("<domain>.<service-name>"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Athenz = Pulumi.Athenz;
return await Deployment.RunAsync(() =>
{
var newgrp = new Athenz.Group("newgrp", new()
{
AuditRef = "create group",
Domain = "some_domain",
Members = new[]
{
"user.<user-id>",
"<domain>.<service-name>",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.athenz.Group;
import com.pulumi.athenz.GroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var newgrp = new Group("newgrp", GroupArgs.builder()
.auditRef("create group")
.domain("some_domain")
.members(
"user.<user-id>",
"<domain>.<service-name>")
.build());
}
}
resources:
newgrp:
type: athenz:Group
properties:
auditRef: create group
domain: some_domain
members:
- user.<user-id>
- <domain>.<service-name>
Create Group Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Group(name: string, args: GroupArgs, opts?: CustomResourceOptions);@overload
def Group(resource_name: str,
args: GroupArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Group(resource_name: str,
opts: Optional[ResourceOptions] = None,
domain: Optional[str] = None,
notify_roles: Optional[str] = None,
principal_domain_filter: Optional[str] = None,
audit_ref: Optional[str] = None,
audit_enabled: Optional[bool] = None,
last_reviewed_date: Optional[str] = None,
member: Optional[Sequence[GroupMemberArgs]] = None,
members: Optional[Sequence[str]] = None,
name: Optional[str] = None,
delete_protection: Optional[bool] = None,
notify_details: Optional[str] = None,
group_id: Optional[str] = None,
review_enabled: Optional[bool] = None,
self_renew: Optional[bool] = None,
self_renew_mins: Optional[float] = None,
self_serve: Optional[bool] = None,
settings: Optional[GroupSettingsArgs] = None,
tags: Optional[Mapping[str, str]] = None,
user_authority_expiration: Optional[str] = None,
user_authority_filter: Optional[str] = None)func NewGroup(ctx *Context, name string, args GroupArgs, opts ...ResourceOption) (*Group, error)public Group(string name, GroupArgs args, CustomResourceOptions? opts = null)type: athenz:Group
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GroupArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GroupArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GroupArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var groupResource = new Athenz.Group("groupResource", new()
{
Domain = "string",
NotifyRoles = "string",
PrincipalDomainFilter = "string",
AuditRef = "string",
AuditEnabled = false,
LastReviewedDate = "string",
Member = new[]
{
new Athenz.Inputs.GroupMemberArgs
{
Name = "string",
Expiration = "string",
},
},
Name = "string",
DeleteProtection = false,
NotifyDetails = "string",
GroupId = "string",
ReviewEnabled = false,
SelfRenew = false,
SelfRenewMins = 0,
SelfServe = false,
Settings = new Athenz.Inputs.GroupSettingsArgs
{
MaxMembers = 0,
ServiceExpiryDays = 0,
UserExpiryDays = 0,
},
Tags =
{
{ "string", "string" },
},
UserAuthorityExpiration = "string",
UserAuthorityFilter = "string",
});
example, err := athenz.NewGroup(ctx, "groupResource", &athenz.GroupArgs{
Domain: pulumi.String("string"),
NotifyRoles: pulumi.String("string"),
PrincipalDomainFilter: pulumi.String("string"),
AuditRef: pulumi.String("string"),
AuditEnabled: pulumi.Bool(false),
LastReviewedDate: pulumi.String("string"),
Member: athenz.GroupMemberArray{
&athenz.GroupMemberArgs{
Name: pulumi.String("string"),
Expiration: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
DeleteProtection: pulumi.Bool(false),
NotifyDetails: pulumi.String("string"),
GroupId: pulumi.String("string"),
ReviewEnabled: pulumi.Bool(false),
SelfRenew: pulumi.Bool(false),
SelfRenewMins: pulumi.Float64(0),
SelfServe: pulumi.Bool(false),
Settings: &athenz.GroupSettingsArgs{
MaxMembers: pulumi.Float64(0),
ServiceExpiryDays: pulumi.Float64(0),
UserExpiryDays: pulumi.Float64(0),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
UserAuthorityExpiration: pulumi.String("string"),
UserAuthorityFilter: pulumi.String("string"),
})
var groupResource = new Group("groupResource", GroupArgs.builder()
.domain("string")
.notifyRoles("string")
.principalDomainFilter("string")
.auditRef("string")
.auditEnabled(false)
.lastReviewedDate("string")
.member(GroupMemberArgs.builder()
.name("string")
.expiration("string")
.build())
.name("string")
.deleteProtection(false)
.notifyDetails("string")
.groupId("string")
.reviewEnabled(false)
.selfRenew(false)
.selfRenewMins(0)
.selfServe(false)
.settings(GroupSettingsArgs.builder()
.maxMembers(0)
.serviceExpiryDays(0)
.userExpiryDays(0)
.build())
.tags(Map.of("string", "string"))
.userAuthorityExpiration("string")
.userAuthorityFilter("string")
.build());
group_resource = athenz.Group("groupResource",
domain="string",
notify_roles="string",
principal_domain_filter="string",
audit_ref="string",
audit_enabled=False,
last_reviewed_date="string",
member=[{
"name": "string",
"expiration": "string",
}],
name="string",
delete_protection=False,
notify_details="string",
group_id="string",
review_enabled=False,
self_renew=False,
self_renew_mins=0,
self_serve=False,
settings={
"max_members": 0,
"service_expiry_days": 0,
"user_expiry_days": 0,
},
tags={
"string": "string",
},
user_authority_expiration="string",
user_authority_filter="string")
const groupResource = new athenz.Group("groupResource", {
domain: "string",
notifyRoles: "string",
principalDomainFilter: "string",
auditRef: "string",
auditEnabled: false,
lastReviewedDate: "string",
member: [{
name: "string",
expiration: "string",
}],
name: "string",
deleteProtection: false,
notifyDetails: "string",
groupId: "string",
reviewEnabled: false,
selfRenew: false,
selfRenewMins: 0,
selfServe: false,
settings: {
maxMembers: 0,
serviceExpiryDays: 0,
userExpiryDays: 0,
},
tags: {
string: "string",
},
userAuthorityExpiration: "string",
userAuthorityFilter: "string",
});
type: athenz:Group
properties:
auditEnabled: false
auditRef: string
deleteProtection: false
domain: string
groupId: string
lastReviewedDate: string
member:
- expiration: string
name: string
name: string
notifyDetails: string
notifyRoles: string
principalDomainFilter: string
reviewEnabled: false
selfRenew: false
selfRenewMins: 0
selfServe: false
settings:
maxMembers: 0
serviceExpiryDays: 0
userExpiryDays: 0
tags:
string: string
userAuthorityExpiration: string
userAuthorityFilter: string
Group Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Group resource accepts the following input properties:
- Domain string
- Name of the domain that group belongs to
- Audit
Enabled bool - Audit
Ref string - Delete
Protection bool - Group
Id string - Last
Reviewed stringDate - The last reviewed timestamp for the group
- Member
List<Group
Member> - Users or services to be added as members with attribute
- Members List<string>
- Users or services to be added as members
- Name string
- Name of the standard group role
- Notify
Details string - Notify
Roles string - Principal
Domain stringFilter - Review
Enabled bool - Self
Renew bool - Self
Renew doubleMins - Self
Serve bool - Settings
Group
Settings - Advanced settings
- Dictionary<string, string>
- string
- string
- Domain string
- Name of the domain that group belongs to
- Audit
Enabled bool - Audit
Ref string - Delete
Protection bool - Group
Id string - Last
Reviewed stringDate - The last reviewed timestamp for the group
- Member
[]Group
Member Args - Users or services to be added as members with attribute
- Members []string
- Users or services to be added as members
- Name string
- Name of the standard group role
- Notify
Details string - Notify
Roles string - Principal
Domain stringFilter - Review
Enabled bool - Self
Renew bool - Self
Renew float64Mins - Self
Serve bool - Settings
Group
Settings Args - Advanced settings
- map[string]string
- string
- string
- domain String
- Name of the domain that group belongs to
- audit
Enabled Boolean - audit
Ref String - delete
Protection Boolean - group
Id String - last
Reviewed StringDate - The last reviewed timestamp for the group
- member
List<Group
Member> - Users or services to be added as members with attribute
- members List<String>
- Users or services to be added as members
- name String
- Name of the standard group role
- notify
Details String - notify
Roles String - principal
Domain StringFilter - review
Enabled Boolean - self
Renew Boolean - self
Renew DoubleMins - self
Serve Boolean - settings
Group
Settings - Advanced settings
- Map<String,String>
- String
- String
- domain string
- Name of the domain that group belongs to
- audit
Enabled boolean - audit
Ref string - delete
Protection boolean - group
Id string - last
Reviewed stringDate - The last reviewed timestamp for the group
- member
Group
Member[] - Users or services to be added as members with attribute
- members string[]
- Users or services to be added as members
- name string
- Name of the standard group role
- notify
Details string - notify
Roles string - principal
Domain stringFilter - review
Enabled boolean - self
Renew boolean - self
Renew numberMins - self
Serve boolean - settings
Group
Settings - Advanced settings
- {[key: string]: string}
- string
- string
- domain str
- Name of the domain that group belongs to
- audit_
enabled bool - audit_
ref str - delete_
protection bool - group_
id str - last_
reviewed_ strdate - The last reviewed timestamp for the group
- member
Sequence[Group
Member Args] - Users or services to be added as members with attribute
- members Sequence[str]
- Users or services to be added as members
- name str
- Name of the standard group role
- notify_
details str - notify_
roles str - principal_
domain_ strfilter - review_
enabled bool - self_
renew bool - self_
renew_ floatmins - self_
serve bool - settings
Group
Settings Args - Advanced settings
- Mapping[str, str]
- str
- str
- domain String
- Name of the domain that group belongs to
- audit
Enabled Boolean - audit
Ref String - delete
Protection Boolean - group
Id String - last
Reviewed StringDate - The last reviewed timestamp for the group
- member List<Property Map>
- Users or services to be added as members with attribute
- members List<String>
- Users or services to be added as members
- name String
- Name of the standard group role
- notify
Details String - notify
Roles String - principal
Domain StringFilter - review
Enabled Boolean - self
Renew Boolean - self
Renew NumberMins - self
Serve Boolean - settings Property Map
- Advanced settings
- Map<String>
- String
- String
Outputs
All input properties are implicitly available as output properties. Additionally, the Group resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Group Resource
Get an existing Group resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GroupState, opts?: CustomResourceOptions): Group@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
audit_enabled: Optional[bool] = None,
audit_ref: Optional[str] = None,
delete_protection: Optional[bool] = None,
domain: Optional[str] = None,
group_id: Optional[str] = None,
last_reviewed_date: Optional[str] = None,
member: Optional[Sequence[GroupMemberArgs]] = None,
members: Optional[Sequence[str]] = None,
name: Optional[str] = None,
notify_details: Optional[str] = None,
notify_roles: Optional[str] = None,
principal_domain_filter: Optional[str] = None,
review_enabled: Optional[bool] = None,
self_renew: Optional[bool] = None,
self_renew_mins: Optional[float] = None,
self_serve: Optional[bool] = None,
settings: Optional[GroupSettingsArgs] = None,
tags: Optional[Mapping[str, str]] = None,
user_authority_expiration: Optional[str] = None,
user_authority_filter: Optional[str] = None) -> Groupfunc GetGroup(ctx *Context, name string, id IDInput, state *GroupState, opts ...ResourceOption) (*Group, error)public static Group Get(string name, Input<string> id, GroupState? state, CustomResourceOptions? opts = null)public static Group get(String name, Output<String> id, GroupState state, CustomResourceOptions options)resources: _: type: athenz:Group get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Audit
Enabled bool - Audit
Ref string - Delete
Protection bool - Domain string
- Name of the domain that group belongs to
- Group
Id string - Last
Reviewed stringDate - The last reviewed timestamp for the group
- Member
List<Group
Member> - Users or services to be added as members with attribute
- Members List<string>
- Users or services to be added as members
- Name string
- Name of the standard group role
- Notify
Details string - Notify
Roles string - Principal
Domain stringFilter - Review
Enabled bool - Self
Renew bool - Self
Renew doubleMins - Self
Serve bool - Settings
Group
Settings - Advanced settings
- Dictionary<string, string>
- string
- string
- Audit
Enabled bool - Audit
Ref string - Delete
Protection bool - Domain string
- Name of the domain that group belongs to
- Group
Id string - Last
Reviewed stringDate - The last reviewed timestamp for the group
- Member
[]Group
Member Args - Users or services to be added as members with attribute
- Members []string
- Users or services to be added as members
- Name string
- Name of the standard group role
- Notify
Details string - Notify
Roles string - Principal
Domain stringFilter - Review
Enabled bool - Self
Renew bool - Self
Renew float64Mins - Self
Serve bool - Settings
Group
Settings Args - Advanced settings
- map[string]string
- string
- string
- audit
Enabled Boolean - audit
Ref String - delete
Protection Boolean - domain String
- Name of the domain that group belongs to
- group
Id String - last
Reviewed StringDate - The last reviewed timestamp for the group
- member
List<Group
Member> - Users or services to be added as members with attribute
- members List<String>
- Users or services to be added as members
- name String
- Name of the standard group role
- notify
Details String - notify
Roles String - principal
Domain StringFilter - review
Enabled Boolean - self
Renew Boolean - self
Renew DoubleMins - self
Serve Boolean - settings
Group
Settings - Advanced settings
- Map<String,String>
- String
- String
- audit
Enabled boolean - audit
Ref string - delete
Protection boolean - domain string
- Name of the domain that group belongs to
- group
Id string - last
Reviewed stringDate - The last reviewed timestamp for the group
- member
Group
Member[] - Users or services to be added as members with attribute
- members string[]
- Users or services to be added as members
- name string
- Name of the standard group role
- notify
Details string - notify
Roles string - principal
Domain stringFilter - review
Enabled boolean - self
Renew boolean - self
Renew numberMins - self
Serve boolean - settings
Group
Settings - Advanced settings
- {[key: string]: string}
- string
- string
- audit_
enabled bool - audit_
ref str - delete_
protection bool - domain str
- Name of the domain that group belongs to
- group_
id str - last_
reviewed_ strdate - The last reviewed timestamp for the group
- member
Sequence[Group
Member Args] - Users or services to be added as members with attribute
- members Sequence[str]
- Users or services to be added as members
- name str
- Name of the standard group role
- notify_
details str - notify_
roles str - principal_
domain_ strfilter - review_
enabled bool - self_
renew bool - self_
renew_ floatmins - self_
serve bool - settings
Group
Settings Args - Advanced settings
- Mapping[str, str]
- str
- str
- audit
Enabled Boolean - audit
Ref String - delete
Protection Boolean - domain String
- Name of the domain that group belongs to
- group
Id String - last
Reviewed StringDate - The last reviewed timestamp for the group
- member List<Property Map>
- Users or services to be added as members with attribute
- members List<String>
- Users or services to be added as members
- name String
- Name of the standard group role
- notify
Details String - notify
Roles String - principal
Domain StringFilter - review
Enabled Boolean - self
Renew Boolean - self
Renew NumberMins - self
Serve Boolean - settings Property Map
- Advanced settings
- Map<String>
- String
- String
Supporting Types
GroupMember, GroupMemberArgs
- Name string
- Expiration string
The expiration of the Athenz principal member. must be in this format:
<yyyy>-<mm>-<dd> <hh>:<MM>:<ss>
- Name string
- Expiration string
The expiration of the Athenz principal member. must be in this format:
<yyyy>-<mm>-<dd> <hh>:<MM>:<ss>
- name String
- expiration String
The expiration of the Athenz principal member. must be in this format:
<yyyy>-<mm>-<dd> <hh>:<MM>:<ss>
- name string
- expiration string
The expiration of the Athenz principal member. must be in this format:
<yyyy>-<mm>-<dd> <hh>:<MM>:<ss>
- name str
- expiration str
The expiration of the Athenz principal member. must be in this format:
<yyyy>-<mm>-<dd> <hh>:<MM>:<ss>
- name String
- expiration String
The expiration of the Athenz principal member. must be in this format:
<yyyy>-<mm>-<dd> <hh>:<MM>:<ss>
GroupSettings, GroupSettingsArgs
- Max
Members double - Max number of principals in the group
- Service
Expiry doubleDays - All services in the role will have specified max expiry days
- User
Expiry doubleDays - All user members in the role will have specified max expiry days
- Max
Members float64 - Max number of principals in the group
- Service
Expiry float64Days - All services in the role will have specified max expiry days
- User
Expiry float64Days - All user members in the role will have specified max expiry days
- max
Members Double - Max number of principals in the group
- service
Expiry DoubleDays - All services in the role will have specified max expiry days
- user
Expiry DoubleDays - All user members in the role will have specified max expiry days
- max
Members number - Max number of principals in the group
- service
Expiry numberDays - All services in the role will have specified max expiry days
- user
Expiry numberDays - All user members in the role will have specified max expiry days
- max_
members float - Max number of principals in the group
- service_
expiry_ floatdays - All services in the role will have specified max expiry days
- user_
expiry_ floatdays - All user members in the role will have specified max expiry days
- max
Members Number - Max number of principals in the group
- service
Expiry NumberDays - All services in the role will have specified max expiry days
- user
Expiry NumberDays - All user members in the role will have specified max expiry days
Package Details
- Repository
- athenz athenz/terraform-provider-athenz
- License
- Notes
- This Pulumi package is based on the
athenzTerraform Provider.