cloudflare.getApiTokenPermissionGroups (v4)

Cloudflare v4.16.0 (4.x), Mar 9 26

Viewing docs for Cloudflare v4.16.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-cloudflare

Viewing docs for Cloudflare v4.16.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-cloudflare

Example Usage

using System.Collections.Generic;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    var all = Cloudflare.GetApiTokenPermissionGroups.Invoke();

    return new Dictionary<string, object?>
    {
        ["dnsReadPermissionId"] = all.Apply(getApiTokenPermissionGroupsResult => getApiTokenPermissionGroupsResult.Zone?.DNS_Read),
        ["accountLbMonitorsAndReadId"] = all.Apply(getApiTokenPermissionGroupsResult => getApiTokenPermissionGroupsResult.Account?.Load_Balancing__Monitors_and_Pools_Read),
        ["userMembershipsReadId"] = all.Apply(getApiTokenPermissionGroupsResult => getApiTokenPermissionGroupsResult.User?.Memberships_Read),
    };
});

Example coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.CloudflareFunctions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var all = CloudflareFunctions.getApiTokenPermissionGroups();

        ctx.export("dnsReadPermissionId", all.applyValue(getApiTokenPermissionGroupsResult -> getApiTokenPermissionGroupsResult.zone().DNS Read()));
        ctx.export("accountLbMonitorsAndReadId", all.applyValue(getApiTokenPermissionGroupsResult -> getApiTokenPermissionGroupsResult.account().Load Balancing: Monitors and Pools Read()));
        ctx.export("userMembershipsReadId", all.applyValue(getApiTokenPermissionGroupsResult -> getApiTokenPermissionGroupsResult.user().Memberships Read()));
    }
}

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const all = cloudflare.getApiTokenPermissionGroups({});
export const dnsReadPermissionId = all.then(all => all.zone?.["DNS Read"]);
export const accountLbMonitorsAndReadId = all.then(all => all.account?.["Load Balancing: Monitors and Pools Read"]);
export const userMembershipsReadId = all.then(all => all.user?.["Memberships Read"]);

Example coming soon!

variables:
  all:
    fn::invoke:
      Function: cloudflare:getApiTokenPermissionGroups
      Arguments: {}
outputs:
  # Get zone level DNS read permission ID.
  dnsReadPermissionId: ${all.zone"DNS Read"[%!s(MISSING)]}
  # Get account level "Load Balancing: Monitors and Pools Read" permission ID.
  accountLbMonitorsAndReadId: '${all.account"Load Balancing: Monitors and Pools Read"[%!s(MISSING)]}'
  # Get user level "Memberships Read" permission ID.
  userMembershipsReadId: ${all.user"Memberships Read"[%!s(MISSING)]}

Using getApiTokenPermissionGroups

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getApiTokenPermissionGroups(opts?: InvokeOptions): Promise<GetApiTokenPermissionGroupsResult>
function getApiTokenPermissionGroupsOutput(opts?: InvokeOptions): Output<GetApiTokenPermissionGroupsResult>

def get_api_token_permission_groups(opts: Optional[InvokeOptions] = None) -> GetApiTokenPermissionGroupsResult
def get_api_token_permission_groups_output(opts: Optional[InvokeOptions] = None) -> Output[GetApiTokenPermissionGroupsResult]

func GetApiTokenPermissionGroups(ctx *Context, opts ...InvokeOption) (*GetApiTokenPermissionGroupsResult, error)
func GetApiTokenPermissionGroupsOutput(ctx *Context, opts ...InvokeOption) GetApiTokenPermissionGroupsResultOutput

> Note: This function is named GetApiTokenPermissionGroups in the Go SDK.

public static class GetApiTokenPermissionGroups 
{
    public static Task<GetApiTokenPermissionGroupsResult> InvokeAsync(InvokeOptions? opts = null)
    public static Output<GetApiTokenPermissionGroupsResult> Invoke(InvokeOptions? opts = null)
}

public static CompletableFuture<GetApiTokenPermissionGroupsResult> getApiTokenPermissionGroups(InvokeOptions options)
public static Output<GetApiTokenPermissionGroupsResult> getApiTokenPermissionGroups(InvokeOptions options)

fn::invoke:
  function: cloudflare:index/getApiTokenPermissionGroups:getApiTokenPermissionGroups
  arguments:
    # arguments dictionary

getApiTokenPermissionGroups Result

The following output properties are available:

Account Dictionary<string, object>: Map of permissions for account level resources.
Id string: The provider-assigned unique ID for this managed resource.
Permissions Dictionary<string, object>: Map of all permissions available. Should not be used as some permissions will overlap resource scope. Instead, use resource level specific attributes.
Deprecated: Use specific account, zone or user attributes instead.
User Dictionary<string, object>: Map of permissions for user level resources.
Zone Dictionary<string, object>: Map of permissions for zone level resources.

Account map[string]interface{}: Map of permissions for account level resources.
Id string: The provider-assigned unique ID for this managed resource.
Permissions map[string]interface{}: Map of all permissions available. Should not be used as some permissions will overlap resource scope. Instead, use resource level specific attributes.
Deprecated: Use specific account, zone or user attributes instead.
User map[string]interface{}: Map of permissions for user level resources.
Zone map[string]interface{}: Map of permissions for zone level resources.

account Map<String,Object>: Map of permissions for account level resources.
id String: The provider-assigned unique ID for this managed resource.
permissions Map<String,Object>: Map of all permissions available. Should not be used as some permissions will overlap resource scope. Instead, use resource level specific attributes.
Deprecated: Use specific account, zone or user attributes instead.
user Map<String,Object>: Map of permissions for user level resources.
zone Map<String,Object>: Map of permissions for zone level resources.

account {[key: string]: any}: Map of permissions for account level resources.
id string: The provider-assigned unique ID for this managed resource.
permissions {[key: string]: any}: Map of all permissions available. Should not be used as some permissions will overlap resource scope. Instead, use resource level specific attributes.
Deprecated: Use specific account, zone or user attributes instead.
user {[key: string]: any}: Map of permissions for user level resources.
zone {[key: string]: any}: Map of permissions for zone level resources.

account Mapping[str, Any]: Map of permissions for account level resources.
id str: The provider-assigned unique ID for this managed resource.
permissions Mapping[str, Any]: Map of all permissions available. Should not be used as some permissions will overlap resource scope. Instead, use resource level specific attributes.
Deprecated: Use specific account, zone or user attributes instead.
user Mapping[str, Any]: Map of permissions for user level resources.
zone Mapping[str, Any]: Map of permissions for zone level resources.

account Map<Any>: Map of permissions for account level resources.
id String: The provider-assigned unique ID for this managed resource.
permissions Map<Any>: Map of all permissions available. Should not be used as some permissions will overlap resource scope. Instead, use resource level specific attributes.
Deprecated: Use specific account, zone or user attributes instead.
user Map<Any>: Map of permissions for user level resources.
zone Map<Any>: Map of permissions for zone level resources.