Docs Home
incapsula 3.33.0 published on Wednesday, Apr 30, 2025 by imperva
incapsula.AccountRole
Explore with Pulumi AI
incapsula 3.33.0 published on Wednesday, Apr 30, 2025 by imperva
Provides an account role resource. Each account has the option to create roles, to grant a fixed set of permissions to users. This resource enables you to create roles.
The role permissions should be added as keys (strings) and may be taken from the incapsula.getAccountPermissions data source.
The incapsula.getAccountPermissions data source contains the account permissions list.
To get the current list of permission in the account, use the /v1/abilities/accounts/{accountId} API found in the v1 section of the
Role Management API Definition page.
Example Usage
Basic Usage - List
The basic usage is to use lists of account permissions keys.
import * as pulumi from "@pulumi/pulumi";
import * as incapsula from "@pulumi/incapsula";
const role1 = new incapsula.AccountRole("role1", {
accountId: data.incapsula_account_data.account_data.current_account,
description: "Sample Role Description 1",
permissions: [
"canAddSite",
"canEditSite",
],
});
import pulumi
import pulumi_incapsula as incapsula
role1 = incapsula.AccountRole("role1",
account_id=data["incapsula_account_data"]["account_data"]["current_account"],
description="Sample Role Description 1",
permissions=[
"canAddSite",
"canEditSite",
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/incapsula/v3/incapsula"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := incapsula.NewAccountRole(ctx, "role1", &incapsula.AccountRoleArgs{
AccountId: pulumi.Any(data.Incapsula_account_data.Account_data.Current_account),
Description: pulumi.String("Sample Role Description 1"),
Permissions: pulumi.StringArray{
pulumi.String("canAddSite"),
pulumi.String("canEditSite"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Incapsula = Pulumi.Incapsula;
return await Deployment.RunAsync(() =>
{
var role1 = new Incapsula.AccountRole("role1", new()
{
AccountId = data.Incapsula_account_data.Account_data.Current_account,
Description = "Sample Role Description 1",
Permissions = new[]
{
"canAddSite",
"canEditSite",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.incapsula.AccountRole;
import com.pulumi.incapsula.AccountRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var role1 = new AccountRole("role1", AccountRoleArgs.builder()
.accountId(data.incapsula_account_data().account_data().current_account())
.description("Sample Role Description 1")
.permissions(
"canAddSite",
"canEditSite")
.build());
}
}
resources:
role1:
type: incapsula:AccountRole
properties:
accountId: ${data.incapsula_account_data.account_data.current_account}
description: Sample Role Description 1
permissions:
- canAddSite
- canEditSite
Data Sources Usage
The incapsula.getAccountPermissions data sources provide the Account Permissions display names that are more “human-readable”.
import * as pulumi from "@pulumi/pulumi";
import * as incapsula from "@pulumi/incapsula";
const accountPermissions = incapsula.getAccountPermissions({
accountId: data.incapsula_account_data.account_data.current_account,
});
const role1 = new incapsula.AccountRole("role1", {
accountId: data.incapsula_account_data.account_data.current_account,
description: "Sample Role Description 1",
permissions: [
"canAddSite",
"canEditSite",
accountPermissions.then(accountPermissions => accountPermissions.map?.["View Infra Protect settings"]),
accountPermissions.then(accountPermissions => accountPermissions.map?.["Delete exception from policy"]),
],
});
import pulumi
import pulumi_incapsula as incapsula
account_permissions = incapsula.get_account_permissions(account_id=data["incapsula_account_data"]["account_data"]["current_account"])
role1 = incapsula.AccountRole("role1",
account_id=data["incapsula_account_data"]["account_data"]["current_account"],
description="Sample Role Description 1",
permissions=[
"canAddSite",
"canEditSite",
account_permissions.map["View Infra Protect settings"],
account_permissions.map["Delete exception from policy"],
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/incapsula/v3/incapsula"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
accountPermissions, err := incapsula.GetAccountPermissions(ctx, &incapsula.GetAccountPermissionsArgs{
AccountId: data.Incapsula_account_data.Account_data.Current_account,
}, nil);
if err != nil {
return err
}
_, err = incapsula.NewAccountRole(ctx, "role1", &incapsula.AccountRoleArgs{
AccountId: pulumi.Any(data.Incapsula_account_data.Account_data.Current_account),
Description: pulumi.String("Sample Role Description 1"),
Permissions: pulumi.StringArray{
pulumi.String("canAddSite"),
pulumi.String("canEditSite"),
pulumi.String(accountPermissions.Map.View Infra Protect settings),
pulumi.String(accountPermissions.Map.Delete exception from policy),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Incapsula = Pulumi.Incapsula;
return await Deployment.RunAsync(() =>
{
var accountPermissions = Incapsula.GetAccountPermissions.Invoke(new()
{
AccountId = data.Incapsula_account_data.Account_data.Current_account,
});
var role1 = new Incapsula.AccountRole("role1", new()
{
AccountId = data.Incapsula_account_data.Account_data.Current_account,
Description = "Sample Role Description 1",
Permissions = new[]
{
"canAddSite",
"canEditSite",
accountPermissions.Apply(getAccountPermissionsResult => getAccountPermissionsResult.Map?.View_Infra_Protect_settings),
accountPermissions.Apply(getAccountPermissionsResult => getAccountPermissionsResult.Map?.Delete_exception_from_policy),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.incapsula.IncapsulaFunctions;
import com.pulumi.incapsula.inputs.GetAccountPermissionsArgs;
import com.pulumi.incapsula.AccountRole;
import com.pulumi.incapsula.AccountRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var accountPermissions = IncapsulaFunctions.getAccountPermissions(GetAccountPermissionsArgs.builder()
.accountId(data.incapsula_account_data().account_data().current_account())
.build());
var role1 = new AccountRole("role1", AccountRoleArgs.builder()
.accountId(data.incapsula_account_data().account_data().current_account())
.description("Sample Role Description 1")
.permissions(
"canAddSite",
"canEditSite",
accountPermissions.applyValue(getAccountPermissionsResult -> getAccountPermissionsResult.map().View Infra Protect settings()),
accountPermissions.applyValue(getAccountPermissionsResult -> getAccountPermissionsResult.map().Delete exception from policy()))
.build());
}
}
resources:
role1:
type: incapsula:AccountRole
properties:
accountId: ${data.incapsula_account_data.account_data.current_account}
description: Sample Role Description 1
permissions:
- canAddSite
- canEditSite
- ${accountPermissions.map"View Infra Protect settings"[%!s(MISSING)]}
- ${accountPermissions.map"Delete exception from policy"[%!s(MISSING)]}
variables:
accountPermissions:
fn::invoke:
function: incapsula:getAccountPermissions
arguments:
accountId: ${data.incapsula_account_data.account_data.current_account}
In this example, we are using the generated keys attribute filtered by filter_by_text argument.
import * as pulumi from "@pulumi/pulumi";
import * as incapsula from "@pulumi/incapsula";
const accountPermissions = incapsula.getAccountPermissions({
accountId: data.incapsula_account_data.account_data.current_account,
filterByText: "site",
});
const role2 = new incapsula.AccountRole("role2", {
accountId: data.incapsula_account_data.account_data.current_account,
description: "Sample Role Description 2",
permissions: accountPermissions.then(accountPermissions => accountPermissions.keys),
});
import pulumi
import pulumi_incapsula as incapsula
account_permissions = incapsula.get_account_permissions(account_id=data["incapsula_account_data"]["account_data"]["current_account"],
filter_by_text="site")
role2 = incapsula.AccountRole("role2",
account_id=data["incapsula_account_data"]["account_data"]["current_account"],
description="Sample Role Description 2",
permissions=account_permissions.keys)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/incapsula/v3/incapsula"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
accountPermissions, err := incapsula.GetAccountPermissions(ctx, &incapsula.GetAccountPermissionsArgs{
AccountId: data.Incapsula_account_data.Account_data.Current_account,
FilterByText: pulumi.StringRef("site"),
}, nil)
if err != nil {
return err
}
_, err = incapsula.NewAccountRole(ctx, "role2", &incapsula.AccountRoleArgs{
AccountId: pulumi.Any(data.Incapsula_account_data.Account_data.Current_account),
Description: pulumi.String("Sample Role Description 2"),
Permissions: interface{}(accountPermissions.Keys),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Incapsula = Pulumi.Incapsula;
return await Deployment.RunAsync(() =>
{
var accountPermissions = Incapsula.GetAccountPermissions.Invoke(new()
{
AccountId = data.Incapsula_account_data.Account_data.Current_account,
FilterByText = "site",
});
var role2 = new Incapsula.AccountRole("role2", new()
{
AccountId = data.Incapsula_account_data.Account_data.Current_account,
Description = "Sample Role Description 2",
Permissions = accountPermissions.Apply(getAccountPermissionsResult => getAccountPermissionsResult.Keys),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.incapsula.IncapsulaFunctions;
import com.pulumi.incapsula.inputs.GetAccountPermissionsArgs;
import com.pulumi.incapsula.AccountRole;
import com.pulumi.incapsula.AccountRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var accountPermissions = IncapsulaFunctions.getAccountPermissions(GetAccountPermissionsArgs.builder()
.accountId(data.incapsula_account_data().account_data().current_account())
.filterByText("site")
.build());
var role2 = new AccountRole("role2", AccountRoleArgs.builder()
.accountId(data.incapsula_account_data().account_data().current_account())
.description("Sample Role Description 2")
.permissions(accountPermissions.applyValue(getAccountPermissionsResult -> getAccountPermissionsResult.keys()))
.build());
}
}
resources:
role2:
type: incapsula:AccountRole
properties:
accountId: ${data.incapsula_account_data.account_data.current_account}
description: Sample Role Description 2
permissions: ${accountPermissions.keys}
variables:
accountPermissions:
fn::invoke:
function: incapsula:getAccountPermissions
arguments:
accountId: ${data.incapsula_account_data.account_data.current_account}
filterByText: site
Create AccountRole Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccountRole(name: string, args: AccountRoleArgs, opts?: CustomResourceOptions);@overload
def AccountRole(resource_name: str,
args: AccountRoleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AccountRole(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[float] = None,
account_role_id: Optional[str] = None,
description: Optional[str] = None,
name: Optional[str] = None,
permissions: Optional[Sequence[str]] = None)func NewAccountRole(ctx *Context, name string, args AccountRoleArgs, opts ...ResourceOption) (*AccountRole, error)public AccountRole(string name, AccountRoleArgs args, CustomResourceOptions? opts = null)
public AccountRole(String name, AccountRoleArgs args)
public AccountRole(String name, AccountRoleArgs args, CustomResourceOptions options)
type: incapsula:AccountRole
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccountRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccountRoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccountRoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccountRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccountRoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var accountRoleResource = new Incapsula.AccountRole("accountRoleResource", new()
{
AccountId = 0,
AccountRoleId = "string",
Description = "string",
Name = "string",
Permissions = new[]
{
"string",
},
});
example, err := incapsula.NewAccountRole(ctx, "accountRoleResource", &incapsula.AccountRoleArgs{
AccountId: pulumi.Float64(0),
AccountRoleId: pulumi.String("string"),
Description: pulumi.String("string"),
Name: pulumi.String("string"),
Permissions: pulumi.StringArray{
pulumi.String("string"),
},
})
var accountRoleResource = new AccountRole("accountRoleResource", AccountRoleArgs.builder()
.accountId(0)
.accountRoleId("string")
.description("string")
.name("string")
.permissions("string")
.build());
account_role_resource = incapsula.AccountRole("accountRoleResource",
account_id=0,
account_role_id="string",
description="string",
name="string",
permissions=["string"])
const accountRoleResource = new incapsula.AccountRole("accountRoleResource", {
accountId: 0,
accountRoleId: "string",
description: "string",
name: "string",
permissions: ["string"],
});
type: incapsula:AccountRole
properties:
accountId: 0
accountRoleId: string
description: string
name: string
permissions:
- string
AccountRole Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AccountRole resource accepts the following input properties:
- Account
Id double - Numeric identifier of the account to operate on - a reference to the account datasource may be used
- Account
Role stringId - Unique identifier in the API for the account role.
- Description string
- The role description
- Name string
- The role name
- Permissions List<string>
List of account permission keys
Default value is an empty list (role with no permissions).
incapsula.getAccountPermissionsdata source can be used in different ways (see examples above)
- Account
Id float64 - Numeric identifier of the account to operate on - a reference to the account datasource may be used
- Account
Role stringId - Unique identifier in the API for the account role.
- Description string
- The role description
- Name string
- The role name
- Permissions []string
List of account permission keys
Default value is an empty list (role with no permissions).
incapsula.getAccountPermissionsdata source can be used in different ways (see examples above)
- account
Id Double - Numeric identifier of the account to operate on - a reference to the account datasource may be used
- account
Role StringId - Unique identifier in the API for the account role.
- description String
- The role description
- name String
- The role name
- permissions List<String>
List of account permission keys
Default value is an empty list (role with no permissions).
incapsula.getAccountPermissionsdata source can be used in different ways (see examples above)
- account
Id number - Numeric identifier of the account to operate on - a reference to the account datasource may be used
- account
Role stringId - Unique identifier in the API for the account role.
- description string
- The role description
- name string
- The role name
- permissions string[]
List of account permission keys
Default value is an empty list (role with no permissions).
incapsula.getAccountPermissionsdata source can be used in different ways (see examples above)
- account_
id float - Numeric identifier of the account to operate on - a reference to the account datasource may be used
- account_
role_ strid - Unique identifier in the API for the account role.
- description str
- The role description
- name str
- The role name
- permissions Sequence[str]
List of account permission keys
Default value is an empty list (role with no permissions).
incapsula.getAccountPermissionsdata source can be used in different ways (see examples above)
- account
Id Number - Numeric identifier of the account to operate on - a reference to the account datasource may be used
- account
Role StringId - Unique identifier in the API for the account role.
- description String
- The role description
- name String
- The role name
- permissions List<String>
List of account permission keys
Default value is an empty list (role with no permissions).
incapsula.getAccountPermissionsdata source can be used in different ways (see examples above)
Outputs
All input properties are implicitly available as output properties. Additionally, the AccountRole resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing AccountRole Resource
Get an existing AccountRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccountRoleState, opts?: CustomResourceOptions): AccountRole@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[float] = None,
account_role_id: Optional[str] = None,
description: Optional[str] = None,
name: Optional[str] = None,
permissions: Optional[Sequence[str]] = None) -> AccountRolefunc GetAccountRole(ctx *Context, name string, id IDInput, state *AccountRoleState, opts ...ResourceOption) (*AccountRole, error)public static AccountRole Get(string name, Input<string> id, AccountRoleState? state, CustomResourceOptions? opts = null)public static AccountRole get(String name, Output<String> id, AccountRoleState state, CustomResourceOptions options)resources: _: type: incapsula:AccountRole get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id double - Numeric identifier of the account to operate on - a reference to the account datasource may be used
- Account
Role stringId - Unique identifier in the API for the account role.
- Description string
- The role description
- Name string
- The role name
- Permissions List<string>
List of account permission keys
Default value is an empty list (role with no permissions).
incapsula.getAccountPermissionsdata source can be used in different ways (see examples above)
- Account
Id float64 - Numeric identifier of the account to operate on - a reference to the account datasource may be used
- Account
Role stringId - Unique identifier in the API for the account role.
- Description string
- The role description
- Name string
- The role name
- Permissions []string
List of account permission keys
Default value is an empty list (role with no permissions).
incapsula.getAccountPermissionsdata source can be used in different ways (see examples above)
- account
Id Double - Numeric identifier of the account to operate on - a reference to the account datasource may be used
- account
Role StringId - Unique identifier in the API for the account role.
- description String
- The role description
- name String
- The role name
- permissions List<String>
List of account permission keys
Default value is an empty list (role with no permissions).
incapsula.getAccountPermissionsdata source can be used in different ways (see examples above)
- account
Id number - Numeric identifier of the account to operate on - a reference to the account datasource may be used
- account
Role stringId - Unique identifier in the API for the account role.
- description string
- The role description
- name string
- The role name
- permissions string[]
List of account permission keys
Default value is an empty list (role with no permissions).
incapsula.getAccountPermissionsdata source can be used in different ways (see examples above)
- account_
id float - Numeric identifier of the account to operate on - a reference to the account datasource may be used
- account_
role_ strid - Unique identifier in the API for the account role.
- description str
- The role description
- name str
- The role name
- permissions Sequence[str]
List of account permission keys
Default value is an empty list (role with no permissions).
incapsula.getAccountPermissionsdata source can be used in different ways (see examples above)
- account
Id Number - Numeric identifier of the account to operate on - a reference to the account datasource may be used
- account
Role StringId - Unique identifier in the API for the account role.
- description String
- The role description
- name String
- The role name
- permissions List<String>
List of account permission keys
Default value is an empty list (role with no permissions).
incapsula.getAccountPermissionsdata source can be used in different ways (see examples above)
Import
Account Role can be imported using the id
$ pulumi import incapsula:index/accountRole:AccountRole demo 1234
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- incapsula imperva/terraform-provider-incapsula
- License
- Notes
- This Pulumi package is based on the
incapsulaTerraform Provider.
incapsula 3.33.0 published on Wednesday, Apr 30, 2025 by imperva