Docs Home
elasticstack 0.11.15 published on Wednesday, Apr 23, 2025 by elastic
elasticstack.ElasticsearchSecurityRole
Explore with Pulumi AI
elasticstack 0.11.15 published on Wednesday, Apr 23, 2025 by elastic
Adds and updates roles in the native realm. See, https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as elasticstack from "@pulumi/elasticstack";
const roleElasticsearchSecurityRole = new elasticstack.ElasticsearchSecurityRole("roleElasticsearchSecurityRole", {
description: "Role for testing",
clusters: ["all"],
indices: [{
names: [
"index1",
"index2",
],
privileges: ["all"],
}],
applications: [{
application: "myapp",
privileges: [
"admin",
"read",
],
resources: ["*"],
}],
runAs: ["other_user"],
metadata: JSON.stringify({
version: 1,
}),
});
export const role = roleElasticsearchSecurityRole;
import pulumi
import json
import pulumi_elasticstack as elasticstack
role_elasticsearch_security_role = elasticstack.ElasticsearchSecurityRole("roleElasticsearchSecurityRole",
description="Role for testing",
clusters=["all"],
indices=[{
"names": [
"index1",
"index2",
],
"privileges": ["all"],
}],
applications=[{
"application": "myapp",
"privileges": [
"admin",
"read",
],
"resources": ["*"],
}],
run_as=["other_user"],
metadata=json.dumps({
"version": 1,
}))
pulumi.export("role", role_elasticsearch_security_role)
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/elasticstack/elasticstack"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"version": 1,
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
roleElasticsearchSecurityRole, err := elasticstack.NewElasticsearchSecurityRole(ctx, "roleElasticsearchSecurityRole", &elasticstack.ElasticsearchSecurityRoleArgs{
Description: pulumi.String("Role for testing"),
Clusters: pulumi.StringArray{
pulumi.String("all"),
},
Indices: elasticstack.ElasticsearchSecurityRoleIndexArray{
&elasticstack.ElasticsearchSecurityRoleIndexArgs{
Names: pulumi.StringArray{
pulumi.String("index1"),
pulumi.String("index2"),
},
Privileges: pulumi.StringArray{
pulumi.String("all"),
},
},
},
Applications: elasticstack.ElasticsearchSecurityRoleApplicationArray{
&elasticstack.ElasticsearchSecurityRoleApplicationArgs{
Application: pulumi.String("myapp"),
Privileges: pulumi.StringArray{
pulumi.String("admin"),
pulumi.String("read"),
},
Resources: pulumi.StringArray{
pulumi.String("*"),
},
},
},
RunAs: pulumi.StringArray{
pulumi.String("other_user"),
},
Metadata: pulumi.String(json0),
})
if err != nil {
return err
}
ctx.Export("role", roleElasticsearchSecurityRole)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Elasticstack = Pulumi.Elasticstack;
return await Deployment.RunAsync(() =>
{
var roleElasticsearchSecurityRole = new Elasticstack.ElasticsearchSecurityRole("roleElasticsearchSecurityRole", new()
{
Description = "Role for testing",
Clusters = new[]
{
"all",
},
Indices = new[]
{
new Elasticstack.Inputs.ElasticsearchSecurityRoleIndexArgs
{
Names = new[]
{
"index1",
"index2",
},
Privileges = new[]
{
"all",
},
},
},
Applications = new[]
{
new Elasticstack.Inputs.ElasticsearchSecurityRoleApplicationArgs
{
Application = "myapp",
Privileges = new[]
{
"admin",
"read",
},
Resources = new[]
{
"*",
},
},
},
RunAs = new[]
{
"other_user",
},
Metadata = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["version"] = 1,
}),
});
return new Dictionary<string, object?>
{
["role"] = roleElasticsearchSecurityRole,
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.elasticstack.ElasticsearchSecurityRole;
import com.pulumi.elasticstack.ElasticsearchSecurityRoleArgs;
import com.pulumi.elasticstack.inputs.ElasticsearchSecurityRoleIndexArgs;
import com.pulumi.elasticstack.inputs.ElasticsearchSecurityRoleApplicationArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var roleElasticsearchSecurityRole = new ElasticsearchSecurityRole("roleElasticsearchSecurityRole", ElasticsearchSecurityRoleArgs.builder()
.description("Role for testing")
.clusters("all")
.indices(ElasticsearchSecurityRoleIndexArgs.builder()
.names(
"index1",
"index2")
.privileges("all")
.build())
.applications(ElasticsearchSecurityRoleApplicationArgs.builder()
.application("myapp")
.privileges(
"admin",
"read")
.resources("*")
.build())
.runAs("other_user")
.metadata(serializeJson(
jsonObject(
jsonProperty("version", 1)
)))
.build());
ctx.export("role", roleElasticsearchSecurityRole);
}
}
resources:
roleElasticsearchSecurityRole:
type: elasticstack:ElasticsearchSecurityRole
properties:
description: Role for testing
clusters:
- all
indices:
- names:
- index1
- index2
privileges:
- all
applications:
- application: myapp
privileges:
- admin
- read
resources:
- '*'
runAs:
- other_user
metadata:
fn::toJSON:
version: 1
outputs:
role: ${roleElasticsearchSecurityRole}
Create ElasticsearchSecurityRole Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ElasticsearchSecurityRole(name: string, args?: ElasticsearchSecurityRoleArgs, opts?: CustomResourceOptions);@overload
def ElasticsearchSecurityRole(resource_name: str,
args: Optional[ElasticsearchSecurityRoleArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ElasticsearchSecurityRole(resource_name: str,
opts: Optional[ResourceOptions] = None,
applications: Optional[Sequence[ElasticsearchSecurityRoleApplicationArgs]] = None,
clusters: Optional[Sequence[str]] = None,
description: Optional[str] = None,
elasticsearch_connection: Optional[ElasticsearchSecurityRoleElasticsearchConnectionArgs] = None,
global_: Optional[str] = None,
indices: Optional[Sequence[ElasticsearchSecurityRoleIndexArgs]] = None,
metadata: Optional[str] = None,
name: Optional[str] = None,
remote_indices: Optional[Sequence[ElasticsearchSecurityRoleRemoteIndexArgs]] = None,
run_as: Optional[Sequence[str]] = None)func NewElasticsearchSecurityRole(ctx *Context, name string, args *ElasticsearchSecurityRoleArgs, opts ...ResourceOption) (*ElasticsearchSecurityRole, error)public ElasticsearchSecurityRole(string name, ElasticsearchSecurityRoleArgs? args = null, CustomResourceOptions? opts = null)
public ElasticsearchSecurityRole(String name, ElasticsearchSecurityRoleArgs args)
public ElasticsearchSecurityRole(String name, ElasticsearchSecurityRoleArgs args, CustomResourceOptions options)
type: elasticstack:ElasticsearchSecurityRole
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ElasticsearchSecurityRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ElasticsearchSecurityRoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ElasticsearchSecurityRoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ElasticsearchSecurityRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ElasticsearchSecurityRoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var elasticsearchSecurityRoleResource = new Elasticstack.ElasticsearchSecurityRole("elasticsearchSecurityRoleResource", new()
{
Applications = new[]
{
new Elasticstack.Inputs.ElasticsearchSecurityRoleApplicationArgs
{
Application = "string",
Privileges = new[]
{
"string",
},
Resources = new[]
{
"string",
},
},
},
Clusters = new[]
{
"string",
},
Description = "string",
Global = "string",
Indices = new[]
{
new Elasticstack.Inputs.ElasticsearchSecurityRoleIndexArgs
{
Names = new[]
{
"string",
},
Privileges = new[]
{
"string",
},
AllowRestrictedIndices = false,
FieldSecurity = new Elasticstack.Inputs.ElasticsearchSecurityRoleIndexFieldSecurityArgs
{
Excepts = new[]
{
"string",
},
Grants = new[]
{
"string",
},
},
Query = "string",
},
},
Metadata = "string",
Name = "string",
RemoteIndices = new[]
{
new Elasticstack.Inputs.ElasticsearchSecurityRoleRemoteIndexArgs
{
Clusters = new[]
{
"string",
},
Names = new[]
{
"string",
},
Privileges = new[]
{
"string",
},
FieldSecurity = new Elasticstack.Inputs.ElasticsearchSecurityRoleRemoteIndexFieldSecurityArgs
{
Excepts = new[]
{
"string",
},
Grants = new[]
{
"string",
},
},
Query = "string",
},
},
RunAs = new[]
{
"string",
},
});
example, err := elasticstack.NewElasticsearchSecurityRole(ctx, "elasticsearchSecurityRoleResource", &elasticstack.ElasticsearchSecurityRoleArgs{
Applications: elasticstack.ElasticsearchSecurityRoleApplicationArray{
&elasticstack.ElasticsearchSecurityRoleApplicationArgs{
Application: pulumi.String("string"),
Privileges: pulumi.StringArray{
pulumi.String("string"),
},
Resources: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Clusters: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
Global: pulumi.String("string"),
Indices: elasticstack.ElasticsearchSecurityRoleIndexArray{
&elasticstack.ElasticsearchSecurityRoleIndexArgs{
Names: pulumi.StringArray{
pulumi.String("string"),
},
Privileges: pulumi.StringArray{
pulumi.String("string"),
},
AllowRestrictedIndices: pulumi.Bool(false),
FieldSecurity: &elasticstack.ElasticsearchSecurityRoleIndexFieldSecurityArgs{
Excepts: pulumi.StringArray{
pulumi.String("string"),
},
Grants: pulumi.StringArray{
pulumi.String("string"),
},
},
Query: pulumi.String("string"),
},
},
Metadata: pulumi.String("string"),
Name: pulumi.String("string"),
RemoteIndices: elasticstack.ElasticsearchSecurityRoleRemoteIndexArray{
&elasticstack.ElasticsearchSecurityRoleRemoteIndexArgs{
Clusters: pulumi.StringArray{
pulumi.String("string"),
},
Names: pulumi.StringArray{
pulumi.String("string"),
},
Privileges: pulumi.StringArray{
pulumi.String("string"),
},
FieldSecurity: &elasticstack.ElasticsearchSecurityRoleRemoteIndexFieldSecurityArgs{
Excepts: pulumi.StringArray{
pulumi.String("string"),
},
Grants: pulumi.StringArray{
pulumi.String("string"),
},
},
Query: pulumi.String("string"),
},
},
RunAs: pulumi.StringArray{
pulumi.String("string"),
},
})
var elasticsearchSecurityRoleResource = new ElasticsearchSecurityRole("elasticsearchSecurityRoleResource", ElasticsearchSecurityRoleArgs.builder()
.applications(ElasticsearchSecurityRoleApplicationArgs.builder()
.application("string")
.privileges("string")
.resources("string")
.build())
.clusters("string")
.description("string")
.global("string")
.indices(ElasticsearchSecurityRoleIndexArgs.builder()
.names("string")
.privileges("string")
.allowRestrictedIndices(false)
.fieldSecurity(ElasticsearchSecurityRoleIndexFieldSecurityArgs.builder()
.excepts("string")
.grants("string")
.build())
.query("string")
.build())
.metadata("string")
.name("string")
.remoteIndices(ElasticsearchSecurityRoleRemoteIndexArgs.builder()
.clusters("string")
.names("string")
.privileges("string")
.fieldSecurity(ElasticsearchSecurityRoleRemoteIndexFieldSecurityArgs.builder()
.excepts("string")
.grants("string")
.build())
.query("string")
.build())
.runAs("string")
.build());
elasticsearch_security_role_resource = elasticstack.ElasticsearchSecurityRole("elasticsearchSecurityRoleResource",
applications=[{
"application": "string",
"privileges": ["string"],
"resources": ["string"],
}],
clusters=["string"],
description="string",
global_="string",
indices=[{
"names": ["string"],
"privileges": ["string"],
"allow_restricted_indices": False,
"field_security": {
"excepts": ["string"],
"grants": ["string"],
},
"query": "string",
}],
metadata="string",
name="string",
remote_indices=[{
"clusters": ["string"],
"names": ["string"],
"privileges": ["string"],
"field_security": {
"excepts": ["string"],
"grants": ["string"],
},
"query": "string",
}],
run_as=["string"])
const elasticsearchSecurityRoleResource = new elasticstack.ElasticsearchSecurityRole("elasticsearchSecurityRoleResource", {
applications: [{
application: "string",
privileges: ["string"],
resources: ["string"],
}],
clusters: ["string"],
description: "string",
global: "string",
indices: [{
names: ["string"],
privileges: ["string"],
allowRestrictedIndices: false,
fieldSecurity: {
excepts: ["string"],
grants: ["string"],
},
query: "string",
}],
metadata: "string",
name: "string",
remoteIndices: [{
clusters: ["string"],
names: ["string"],
privileges: ["string"],
fieldSecurity: {
excepts: ["string"],
grants: ["string"],
},
query: "string",
}],
runAs: ["string"],
});
type: elasticstack:ElasticsearchSecurityRole
properties:
applications:
- application: string
privileges:
- string
resources:
- string
clusters:
- string
description: string
global: string
indices:
- allowRestrictedIndices: false
fieldSecurity:
excepts:
- string
grants:
- string
names:
- string
privileges:
- string
query: string
metadata: string
name: string
remoteIndices:
- clusters:
- string
fieldSecurity:
excepts:
- string
grants:
- string
names:
- string
privileges:
- string
query: string
runAs:
- string
ElasticsearchSecurityRole Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ElasticsearchSecurityRole resource accepts the following input properties:
- Applications
List<Elasticsearch
Security Role Application> - A list of application privilege entries.
- Clusters List<string>
- A list of cluster privileges. These privileges define the cluster level actions that users with this role are able to execute.
- Description string
- The description of the role.
- Elasticsearch
Connection ElasticsearchSecurity Role Elasticsearch Connection - Elasticsearch connection configuration block. This property will be removed in a future provider version. Configure the Elasticsearch connection via the provider configuration instead.
- Global string
- An object defining global privileges.
- Indices
List<Elasticsearch
Security Role Index> - A list of indices permissions entries.
- Metadata string
- Optional meta-data.
- Name string
- The name of the role.
- Remote
Indices List<ElasticsearchSecurity Role Remote Index> - A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model.
- Run
As List<string> - A list of users that the owners of this role can impersonate.
- Applications
[]Elasticsearch
Security Role Application Args - A list of application privilege entries.
- Clusters []string
- A list of cluster privileges. These privileges define the cluster level actions that users with this role are able to execute.
- Description string
- The description of the role.
- Elasticsearch
Connection ElasticsearchSecurity Role Elasticsearch Connection Args - Elasticsearch connection configuration block. This property will be removed in a future provider version. Configure the Elasticsearch connection via the provider configuration instead.
- Global string
- An object defining global privileges.
- Indices
[]Elasticsearch
Security Role Index Args - A list of indices permissions entries.
- Metadata string
- Optional meta-data.
- Name string
- The name of the role.
- Remote
Indices []ElasticsearchSecurity Role Remote Index Args - A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model.
- Run
As []string - A list of users that the owners of this role can impersonate.
- applications
List<Elasticsearch
Security Role Application> - A list of application privilege entries.
- clusters List<String>
- A list of cluster privileges. These privileges define the cluster level actions that users with this role are able to execute.
- description String
- The description of the role.
- elasticsearch
Connection ElasticsearchSecurity Role Elasticsearch Connection - Elasticsearch connection configuration block. This property will be removed in a future provider version. Configure the Elasticsearch connection via the provider configuration instead.
- global String
- An object defining global privileges.
- indices
List<Elasticsearch
Security Role Index> - A list of indices permissions entries.
- metadata String
- Optional meta-data.
- name String
- The name of the role.
- remote
Indices List<ElasticsearchSecurity Role Remote Index> - A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model.
- run
As List<String> - A list of users that the owners of this role can impersonate.
- applications
Elasticsearch
Security Role Application[] - A list of application privilege entries.
- clusters string[]
- A list of cluster privileges. These privileges define the cluster level actions that users with this role are able to execute.
- description string
- The description of the role.
- elasticsearch
Connection ElasticsearchSecurity Role Elasticsearch Connection - Elasticsearch connection configuration block. This property will be removed in a future provider version. Configure the Elasticsearch connection via the provider configuration instead.
- global string
- An object defining global privileges.
- indices
Elasticsearch
Security Role Index[] - A list of indices permissions entries.
- metadata string
- Optional meta-data.
- name string
- The name of the role.
- remote
Indices ElasticsearchSecurity Role Remote Index[] - A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model.
- run
As string[] - A list of users that the owners of this role can impersonate.
- applications
Sequence[Elasticsearch
Security Role Application Args] - A list of application privilege entries.
- clusters Sequence[str]
- A list of cluster privileges. These privileges define the cluster level actions that users with this role are able to execute.
- description str
- The description of the role.
- elasticsearch_
connection ElasticsearchSecurity Role Elasticsearch Connection Args - Elasticsearch connection configuration block. This property will be removed in a future provider version. Configure the Elasticsearch connection via the provider configuration instead.
- global_ str
- An object defining global privileges.
- indices
Sequence[Elasticsearch
Security Role Index Args] - A list of indices permissions entries.
- metadata str
- Optional meta-data.
- name str
- The name of the role.
- remote_
indices Sequence[ElasticsearchSecurity Role Remote Index Args] - A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model.
- run_
as Sequence[str] - A list of users that the owners of this role can impersonate.
- applications List<Property Map>
- A list of application privilege entries.
- clusters List<String>
- A list of cluster privileges. These privileges define the cluster level actions that users with this role are able to execute.
- description String
- The description of the role.
- elasticsearch
Connection Property Map - Elasticsearch connection configuration block. This property will be removed in a future provider version. Configure the Elasticsearch connection via the provider configuration instead.
- global String
- An object defining global privileges.
- indices List<Property Map>
- A list of indices permissions entries.
- metadata String
- Optional meta-data.
- name String
- The name of the role.
- remote
Indices List<Property Map> - A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model.
- run
As List<String> - A list of users that the owners of this role can impersonate.
Outputs
All input properties are implicitly available as output properties. Additionally, the ElasticsearchSecurityRole resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ElasticsearchSecurityRole Resource
Get an existing ElasticsearchSecurityRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ElasticsearchSecurityRoleState, opts?: CustomResourceOptions): ElasticsearchSecurityRole@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
applications: Optional[Sequence[ElasticsearchSecurityRoleApplicationArgs]] = None,
clusters: Optional[Sequence[str]] = None,
description: Optional[str] = None,
elasticsearch_connection: Optional[ElasticsearchSecurityRoleElasticsearchConnectionArgs] = None,
global_: Optional[str] = None,
indices: Optional[Sequence[ElasticsearchSecurityRoleIndexArgs]] = None,
metadata: Optional[str] = None,
name: Optional[str] = None,
remote_indices: Optional[Sequence[ElasticsearchSecurityRoleRemoteIndexArgs]] = None,
run_as: Optional[Sequence[str]] = None) -> ElasticsearchSecurityRolefunc GetElasticsearchSecurityRole(ctx *Context, name string, id IDInput, state *ElasticsearchSecurityRoleState, opts ...ResourceOption) (*ElasticsearchSecurityRole, error)public static ElasticsearchSecurityRole Get(string name, Input<string> id, ElasticsearchSecurityRoleState? state, CustomResourceOptions? opts = null)public static ElasticsearchSecurityRole get(String name, Output<String> id, ElasticsearchSecurityRoleState state, CustomResourceOptions options)resources: _: type: elasticstack:ElasticsearchSecurityRole get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Applications
List<Elasticsearch
Security Role Application> - A list of application privilege entries.
- Clusters List<string>
- A list of cluster privileges. These privileges define the cluster level actions that users with this role are able to execute.
- Description string
- The description of the role.
- Elasticsearch
Connection ElasticsearchSecurity Role Elasticsearch Connection - Elasticsearch connection configuration block. This property will be removed in a future provider version. Configure the Elasticsearch connection via the provider configuration instead.
- Global string
- An object defining global privileges.
- Indices
List<Elasticsearch
Security Role Index> - A list of indices permissions entries.
- Metadata string
- Optional meta-data.
- Name string
- The name of the role.
- Remote
Indices List<ElasticsearchSecurity Role Remote Index> - A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model.
- Run
As List<string> - A list of users that the owners of this role can impersonate.
- Applications
[]Elasticsearch
Security Role Application Args - A list of application privilege entries.
- Clusters []string
- A list of cluster privileges. These privileges define the cluster level actions that users with this role are able to execute.
- Description string
- The description of the role.
- Elasticsearch
Connection ElasticsearchSecurity Role Elasticsearch Connection Args - Elasticsearch connection configuration block. This property will be removed in a future provider version. Configure the Elasticsearch connection via the provider configuration instead.
- Global string
- An object defining global privileges.
- Indices
[]Elasticsearch
Security Role Index Args - A list of indices permissions entries.
- Metadata string
- Optional meta-data.
- Name string
- The name of the role.
- Remote
Indices []ElasticsearchSecurity Role Remote Index Args - A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model.
- Run
As []string - A list of users that the owners of this role can impersonate.
- applications
List<Elasticsearch
Security Role Application> - A list of application privilege entries.
- clusters List<String>
- A list of cluster privileges. These privileges define the cluster level actions that users with this role are able to execute.
- description String
- The description of the role.
- elasticsearch
Connection ElasticsearchSecurity Role Elasticsearch Connection - Elasticsearch connection configuration block. This property will be removed in a future provider version. Configure the Elasticsearch connection via the provider configuration instead.
- global String
- An object defining global privileges.
- indices
List<Elasticsearch
Security Role Index> - A list of indices permissions entries.
- metadata String
- Optional meta-data.
- name String
- The name of the role.
- remote
Indices List<ElasticsearchSecurity Role Remote Index> - A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model.
- run
As List<String> - A list of users that the owners of this role can impersonate.
- applications
Elasticsearch
Security Role Application[] - A list of application privilege entries.
- clusters string[]
- A list of cluster privileges. These privileges define the cluster level actions that users with this role are able to execute.
- description string
- The description of the role.
- elasticsearch
Connection ElasticsearchSecurity Role Elasticsearch Connection - Elasticsearch connection configuration block. This property will be removed in a future provider version. Configure the Elasticsearch connection via the provider configuration instead.
- global string
- An object defining global privileges.
- indices
Elasticsearch
Security Role Index[] - A list of indices permissions entries.
- metadata string
- Optional meta-data.
- name string
- The name of the role.
- remote
Indices ElasticsearchSecurity Role Remote Index[] - A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model.
- run
As string[] - A list of users that the owners of this role can impersonate.
- applications
Sequence[Elasticsearch
Security Role Application Args] - A list of application privilege entries.
- clusters Sequence[str]
- A list of cluster privileges. These privileges define the cluster level actions that users with this role are able to execute.
- description str
- The description of the role.
- elasticsearch_
connection ElasticsearchSecurity Role Elasticsearch Connection Args - Elasticsearch connection configuration block. This property will be removed in a future provider version. Configure the Elasticsearch connection via the provider configuration instead.
- global_ str
- An object defining global privileges.
- indices
Sequence[Elasticsearch
Security Role Index Args] - A list of indices permissions entries.
- metadata str
- Optional meta-data.
- name str
- The name of the role.
- remote_
indices Sequence[ElasticsearchSecurity Role Remote Index Args] - A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model.
- run_
as Sequence[str] - A list of users that the owners of this role can impersonate.
- applications List<Property Map>
- A list of application privilege entries.
- clusters List<String>
- A list of cluster privileges. These privileges define the cluster level actions that users with this role are able to execute.
- description String
- The description of the role.
- elasticsearch
Connection Property Map - Elasticsearch connection configuration block. This property will be removed in a future provider version. Configure the Elasticsearch connection via the provider configuration instead.
- global String
- An object defining global privileges.
- indices List<Property Map>
- A list of indices permissions entries.
- metadata String
- Optional meta-data.
- name String
- The name of the role.
- remote
Indices List<Property Map> - A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model.
- run
As List<String> - A list of users that the owners of this role can impersonate.
Supporting Types
ElasticsearchSecurityRoleApplication, ElasticsearchSecurityRoleApplicationArgs
- Application string
- The name of the application to which this entry applies.
- Privileges List<string>
- A list of strings, where each element is the name of an application privilege or action.
- Resources List<string>
- A list resources to which the privileges are applied.
- Application string
- The name of the application to which this entry applies.
- Privileges []string
- A list of strings, where each element is the name of an application privilege or action.
- Resources []string
- A list resources to which the privileges are applied.
- application String
- The name of the application to which this entry applies.
- privileges List<String>
- A list of strings, where each element is the name of an application privilege or action.
- resources List<String>
- A list resources to which the privileges are applied.
- application string
- The name of the application to which this entry applies.
- privileges string[]
- A list of strings, where each element is the name of an application privilege or action.
- resources string[]
- A list resources to which the privileges are applied.
- application str
- The name of the application to which this entry applies.
- privileges Sequence[str]
- A list of strings, where each element is the name of an application privilege or action.
- resources Sequence[str]
- A list resources to which the privileges are applied.
- application String
- The name of the application to which this entry applies.
- privileges List<String>
- A list of strings, where each element is the name of an application privilege or action.
- resources List<String>
- A list resources to which the privileges are applied.
ElasticsearchSecurityRoleElasticsearchConnection, ElasticsearchSecurityRoleElasticsearchConnectionArgs
- Api
Key string - API Key to use for authentication to Elasticsearch
- Bearer
Token string - Bearer Token to use for authentication to Elasticsearch
- Ca
Data string - PEM-encoded custom Certificate Authority certificate
- Ca
File string - Path to a custom Certificate Authority certificate
- Cert
Data string - PEM encoded certificate for client auth
- Cert
File string - Path to a file containing the PEM encoded certificate for client auth
- Endpoints List<string>
- Es
Client stringAuthentication - ES Client Authentication field to be used with the JWT token
- Insecure bool
- Disable TLS certificate validation
- Key
Data string - PEM encoded private key for client auth
- Key
File string - Path to a file containing the PEM encoded private key for client auth
- Password string
- Password to use for API authentication to Elasticsearch.
- Username string
- Username to use for API authentication to Elasticsearch.
- Api
Key string - API Key to use for authentication to Elasticsearch
- Bearer
Token string - Bearer Token to use for authentication to Elasticsearch
- Ca
Data string - PEM-encoded custom Certificate Authority certificate
- Ca
File string - Path to a custom Certificate Authority certificate
- Cert
Data string - PEM encoded certificate for client auth
- Cert
File string - Path to a file containing the PEM encoded certificate for client auth
- Endpoints []string
- Es
Client stringAuthentication - ES Client Authentication field to be used with the JWT token
- Insecure bool
- Disable TLS certificate validation
- Key
Data string - PEM encoded private key for client auth
- Key
File string - Path to a file containing the PEM encoded private key for client auth
- Password string
- Password to use for API authentication to Elasticsearch.
- Username string
- Username to use for API authentication to Elasticsearch.
- api
Key String - API Key to use for authentication to Elasticsearch
- bearer
Token String - Bearer Token to use for authentication to Elasticsearch
- ca
Data String - PEM-encoded custom Certificate Authority certificate
- ca
File String - Path to a custom Certificate Authority certificate
- cert
Data String - PEM encoded certificate for client auth
- cert
File String - Path to a file containing the PEM encoded certificate for client auth
- endpoints List<String>
- es
Client StringAuthentication - ES Client Authentication field to be used with the JWT token
- insecure Boolean
- Disable TLS certificate validation
- key
Data String - PEM encoded private key for client auth
- key
File String - Path to a file containing the PEM encoded private key for client auth
- password String
- Password to use for API authentication to Elasticsearch.
- username String
- Username to use for API authentication to Elasticsearch.
- api
Key string - API Key to use for authentication to Elasticsearch
- bearer
Token string - Bearer Token to use for authentication to Elasticsearch
- ca
Data string - PEM-encoded custom Certificate Authority certificate
- ca
File string - Path to a custom Certificate Authority certificate
- cert
Data string - PEM encoded certificate for client auth
- cert
File string - Path to a file containing the PEM encoded certificate for client auth
- endpoints string[]
- es
Client stringAuthentication - ES Client Authentication field to be used with the JWT token
- insecure boolean
- Disable TLS certificate validation
- key
Data string - PEM encoded private key for client auth
- key
File string - Path to a file containing the PEM encoded private key for client auth
- password string
- Password to use for API authentication to Elasticsearch.
- username string
- Username to use for API authentication to Elasticsearch.
- api_
key str - API Key to use for authentication to Elasticsearch
- bearer_
token str - Bearer Token to use for authentication to Elasticsearch
- ca_
data str - PEM-encoded custom Certificate Authority certificate
- ca_
file str - Path to a custom Certificate Authority certificate
- cert_
data str - PEM encoded certificate for client auth
- cert_
file str - Path to a file containing the PEM encoded certificate for client auth
- endpoints Sequence[str]
- es_
client_ strauthentication - ES Client Authentication field to be used with the JWT token
- insecure bool
- Disable TLS certificate validation
- key_
data str - PEM encoded private key for client auth
- key_
file str - Path to a file containing the PEM encoded private key for client auth
- password str
- Password to use for API authentication to Elasticsearch.
- username str
- Username to use for API authentication to Elasticsearch.
- api
Key String - API Key to use for authentication to Elasticsearch
- bearer
Token String - Bearer Token to use for authentication to Elasticsearch
- ca
Data String - PEM-encoded custom Certificate Authority certificate
- ca
File String - Path to a custom Certificate Authority certificate
- cert
Data String - PEM encoded certificate for client auth
- cert
File String - Path to a file containing the PEM encoded certificate for client auth
- endpoints List<String>
- es
Client StringAuthentication - ES Client Authentication field to be used with the JWT token
- insecure Boolean
- Disable TLS certificate validation
- key
Data String - PEM encoded private key for client auth
- key
File String - Path to a file containing the PEM encoded private key for client auth
- password String
- Password to use for API authentication to Elasticsearch.
- username String
- Username to use for API authentication to Elasticsearch.
ElasticsearchSecurityRoleIndex, ElasticsearchSecurityRoleIndexArgs
- Names List<string>
- A list of indices (or index name patterns) to which the permissions in this entry apply.
- Privileges List<string>
- The index level privileges that the owners of the role have on the specified indices.
- Allow
Restricted boolIndices - Include matching restricted indices in names parameter. Usage is strongly discouraged as it can grant unrestricted operations on critical data, make the entire system unstable or leak sensitive information.
- Field
Security ElasticsearchSecurity Role Index Field Security - The document fields that the owners of the role have read access to.
- Query string
- A search query that defines the documents the owners of the role have read access to.
- Names []string
- A list of indices (or index name patterns) to which the permissions in this entry apply.
- Privileges []string
- The index level privileges that the owners of the role have on the specified indices.
- Allow
Restricted boolIndices - Include matching restricted indices in names parameter. Usage is strongly discouraged as it can grant unrestricted operations on critical data, make the entire system unstable or leak sensitive information.
- Field
Security ElasticsearchSecurity Role Index Field Security - The document fields that the owners of the role have read access to.
- Query string
- A search query that defines the documents the owners of the role have read access to.
- names List<String>
- A list of indices (or index name patterns) to which the permissions in this entry apply.
- privileges List<String>
- The index level privileges that the owners of the role have on the specified indices.
- allow
Restricted BooleanIndices - Include matching restricted indices in names parameter. Usage is strongly discouraged as it can grant unrestricted operations on critical data, make the entire system unstable or leak sensitive information.
- field
Security ElasticsearchSecurity Role Index Field Security - The document fields that the owners of the role have read access to.
- query String
- A search query that defines the documents the owners of the role have read access to.
- names string[]
- A list of indices (or index name patterns) to which the permissions in this entry apply.
- privileges string[]
- The index level privileges that the owners of the role have on the specified indices.
- allow
Restricted booleanIndices - Include matching restricted indices in names parameter. Usage is strongly discouraged as it can grant unrestricted operations on critical data, make the entire system unstable or leak sensitive information.
- field
Security ElasticsearchSecurity Role Index Field Security - The document fields that the owners of the role have read access to.
- query string
- A search query that defines the documents the owners of the role have read access to.
- names Sequence[str]
- A list of indices (or index name patterns) to which the permissions in this entry apply.
- privileges Sequence[str]
- The index level privileges that the owners of the role have on the specified indices.
- allow_
restricted_ boolindices - Include matching restricted indices in names parameter. Usage is strongly discouraged as it can grant unrestricted operations on critical data, make the entire system unstable or leak sensitive information.
- field_
security ElasticsearchSecurity Role Index Field Security - The document fields that the owners of the role have read access to.
- query str
- A search query that defines the documents the owners of the role have read access to.
- names List<String>
- A list of indices (or index name patterns) to which the permissions in this entry apply.
- privileges List<String>
- The index level privileges that the owners of the role have on the specified indices.
- allow
Restricted BooleanIndices - Include matching restricted indices in names parameter. Usage is strongly discouraged as it can grant unrestricted operations on critical data, make the entire system unstable or leak sensitive information.
- field
Security Property Map - The document fields that the owners of the role have read access to.
- query String
- A search query that defines the documents the owners of the role have read access to.
ElasticsearchSecurityRoleIndexFieldSecurity, ElasticsearchSecurityRoleIndexFieldSecurityArgs
ElasticsearchSecurityRoleRemoteIndex, ElasticsearchSecurityRoleRemoteIndexArgs
- Clusters List<string>
- A list of cluster aliases to which the permissions in this entry apply.
- Names List<string>
- A list of indices (or index name patterns) to which the permissions in this entry apply.
- Privileges List<string>
- The index level privileges that the owners of the role have on the specified indices.
- Field
Security ElasticsearchSecurity Role Remote Index Field Security - The document fields that the owners of the role have read access to.
- Query string
- A search query that defines the documents the owners of the role have read access to.
- Clusters []string
- A list of cluster aliases to which the permissions in this entry apply.
- Names []string
- A list of indices (or index name patterns) to which the permissions in this entry apply.
- Privileges []string
- The index level privileges that the owners of the role have on the specified indices.
- Field
Security ElasticsearchSecurity Role Remote Index Field Security - The document fields that the owners of the role have read access to.
- Query string
- A search query that defines the documents the owners of the role have read access to.
- clusters List<String>
- A list of cluster aliases to which the permissions in this entry apply.
- names List<String>
- A list of indices (or index name patterns) to which the permissions in this entry apply.
- privileges List<String>
- The index level privileges that the owners of the role have on the specified indices.
- field
Security ElasticsearchSecurity Role Remote Index Field Security - The document fields that the owners of the role have read access to.
- query String
- A search query that defines the documents the owners of the role have read access to.
- clusters string[]
- A list of cluster aliases to which the permissions in this entry apply.
- names string[]
- A list of indices (or index name patterns) to which the permissions in this entry apply.
- privileges string[]
- The index level privileges that the owners of the role have on the specified indices.
- field
Security ElasticsearchSecurity Role Remote Index Field Security - The document fields that the owners of the role have read access to.
- query string
- A search query that defines the documents the owners of the role have read access to.
- clusters Sequence[str]
- A list of cluster aliases to which the permissions in this entry apply.
- names Sequence[str]
- A list of indices (or index name patterns) to which the permissions in this entry apply.
- privileges Sequence[str]
- The index level privileges that the owners of the role have on the specified indices.
- field_
security ElasticsearchSecurity Role Remote Index Field Security - The document fields that the owners of the role have read access to.
- query str
- A search query that defines the documents the owners of the role have read access to.
- clusters List<String>
- A list of cluster aliases to which the permissions in this entry apply.
- names List<String>
- A list of indices (or index name patterns) to which the permissions in this entry apply.
- privileges List<String>
- The index level privileges that the owners of the role have on the specified indices.
- field
Security Property Map - The document fields that the owners of the role have read access to.
- query String
- A search query that defines the documents the owners of the role have read access to.
ElasticsearchSecurityRoleRemoteIndexFieldSecurity, ElasticsearchSecurityRoleRemoteIndexFieldSecurityArgs
Import
$ pulumi import elasticstack:index/elasticsearchSecurityRole:ElasticsearchSecurityRole my_role <cluster_uuid>/<role name>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- elasticstack elastic/terraform-provider-elasticstack
- License
- Notes
- This Pulumi package is based on the
elasticstackTerraform Provider.
elasticstack 0.11.15 published on Wednesday, Apr 23, 2025 by elastic