Docs Home
opensearch 2.3.1 published on Monday, Apr 14, 2025 by opensearch-project
opensearch.User
Explore with Pulumi AI
opensearch 2.3.1 published on Monday, Apr 14, 2025 by opensearch-project
Provides an OpenSearch security user. Please refer to the OpenSearch Access Control documentation for details.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as opensearch from "@pulumi/opensearch";
// Create a user
const mapper = new opensearch.User("mapper", {
username: "app-reasdder",
password: "SuperSekret123!",
description: "a reader role for our app",
});
// And a full user, role and role mapping example:
const readerRole = new opensearch.Role("readerRole", {
roleName: "app_reader",
description: "App Reader Role",
indexPermissions: [{
indexPatterns: ["app-*"],
allowedActions: [
"get",
"read",
"search",
],
}],
});
const readerUser = new opensearch.User("readerUser", {
username: "app-reader",
password: _var.password,
});
const readerRolesMapping = new opensearch.RolesMapping("readerRolesMapping", {
roleName: readerRole.roleId,
description: "App Reader Role",
users: [readerUser.userId],
});
import pulumi
import pulumi_opensearch as opensearch
# Create a user
mapper = opensearch.User("mapper",
username="app-reasdder",
password="SuperSekret123!",
description="a reader role for our app")
# And a full user, role and role mapping example:
reader_role = opensearch.Role("readerRole",
role_name="app_reader",
description="App Reader Role",
index_permissions=[{
"index_patterns": ["app-*"],
"allowed_actions": [
"get",
"read",
"search",
],
}])
reader_user = opensearch.User("readerUser",
username="app-reader",
password=var["password"])
reader_roles_mapping = opensearch.RolesMapping("readerRolesMapping",
role_name=reader_role.role_id,
description="App Reader Role",
users=[reader_user.user_id])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/opensearch/v2/opensearch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Create a user
_, err := opensearch.NewUser(ctx, "mapper", &opensearch.UserArgs{
Username: pulumi.String("app-reasdder"),
Password: pulumi.String("SuperSekret123!"),
Description: pulumi.String("a reader role for our app"),
})
if err != nil {
return err
}
// And a full user, role and role mapping example:
readerRole, err := opensearch.NewRole(ctx, "readerRole", &opensearch.RoleArgs{
RoleName: pulumi.String("app_reader"),
Description: pulumi.String("App Reader Role"),
IndexPermissions: opensearch.RoleIndexPermissionArray{
&opensearch.RoleIndexPermissionArgs{
IndexPatterns: pulumi.StringArray{
pulumi.String("app-*"),
},
AllowedActions: pulumi.StringArray{
pulumi.String("get"),
pulumi.String("read"),
pulumi.String("search"),
},
},
},
})
if err != nil {
return err
}
readerUser, err := opensearch.NewUser(ctx, "readerUser", &opensearch.UserArgs{
Username: pulumi.String("app-reader"),
Password: pulumi.Any(_var.Password),
})
if err != nil {
return err
}
_, err = opensearch.NewRolesMapping(ctx, "readerRolesMapping", &opensearch.RolesMappingArgs{
RoleName: readerRole.RoleId,
Description: pulumi.String("App Reader Role"),
Users: pulumi.StringArray{
readerUser.UserId,
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Opensearch = Pulumi.Opensearch;
return await Deployment.RunAsync(() =>
{
// Create a user
var mapper = new Opensearch.User("mapper", new()
{
Username = "app-reasdder",
Password = "SuperSekret123!",
Description = "a reader role for our app",
});
// And a full user, role and role mapping example:
var readerRole = new Opensearch.Role("readerRole", new()
{
RoleName = "app_reader",
Description = "App Reader Role",
IndexPermissions = new[]
{
new Opensearch.Inputs.RoleIndexPermissionArgs
{
IndexPatterns = new[]
{
"app-*",
},
AllowedActions = new[]
{
"get",
"read",
"search",
},
},
},
});
var readerUser = new Opensearch.User("readerUser", new()
{
Username = "app-reader",
Password = @var.Password,
});
var readerRolesMapping = new Opensearch.RolesMapping("readerRolesMapping", new()
{
RoleName = readerRole.RoleId,
Description = "App Reader Role",
Users = new[]
{
readerUser.UserId,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.opensearch.User;
import com.pulumi.opensearch.UserArgs;
import com.pulumi.opensearch.Role;
import com.pulumi.opensearch.RoleArgs;
import com.pulumi.opensearch.inputs.RoleIndexPermissionArgs;
import com.pulumi.opensearch.RolesMapping;
import com.pulumi.opensearch.RolesMappingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Create a user
var mapper = new User("mapper", UserArgs.builder()
.username("app-reasdder")
.password("SuperSekret123!")
.description("a reader role for our app")
.build());
// And a full user, role and role mapping example:
var readerRole = new Role("readerRole", RoleArgs.builder()
.roleName("app_reader")
.description("App Reader Role")
.indexPermissions(RoleIndexPermissionArgs.builder()
.indexPatterns("app-*")
.allowedActions(
"get",
"read",
"search")
.build())
.build());
var readerUser = new User("readerUser", UserArgs.builder()
.username("app-reader")
.password(var_.password())
.build());
var readerRolesMapping = new RolesMapping("readerRolesMapping", RolesMappingArgs.builder()
.roleName(readerRole.roleId())
.description("App Reader Role")
.users(readerUser.userId())
.build());
}
}
resources:
# Create a user
mapper:
type: opensearch:User
properties:
username: app-reasdder
password: SuperSekret123!
description: a reader role for our app
# And a full user, role and role mapping example:
readerRole:
type: opensearch:Role
properties:
roleName: app_reader
description: App Reader Role
indexPermissions:
- indexPatterns:
- app-*
allowedActions:
- get
- read
- search
readerUser:
type: opensearch:User
properties:
username: app-reader
password: ${var.password}
readerRolesMapping:
type: opensearch:RolesMapping
properties:
roleName: ${readerRole.roleId}
description: App Reader Role
users:
- ${readerUser.userId}
Create User Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new User(name: string, args: UserArgs, opts?: CustomResourceOptions);@overload
def User(resource_name: str,
args: UserArgs,
opts: Optional[ResourceOptions] = None)
@overload
def User(resource_name: str,
opts: Optional[ResourceOptions] = None,
username: Optional[str] = None,
attributes: Optional[Mapping[str, str]] = None,
backend_roles: Optional[Sequence[str]] = None,
description: Optional[str] = None,
password: Optional[str] = None,
password_hash: Optional[str] = None,
user_id: Optional[str] = None)func NewUser(ctx *Context, name string, args UserArgs, opts ...ResourceOption) (*User, error)public User(string name, UserArgs args, CustomResourceOptions? opts = null)type: opensearch:User
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var userResource = new Opensearch.User("userResource", new()
{
Username = "string",
Attributes =
{
{ "string", "string" },
},
BackendRoles = new[]
{
"string",
},
Description = "string",
Password = "string",
PasswordHash = "string",
UserId = "string",
});
example, err := opensearch.NewUser(ctx, "userResource", &opensearch.UserArgs{
Username: pulumi.String("string"),
Attributes: pulumi.StringMap{
"string": pulumi.String("string"),
},
BackendRoles: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
Password: pulumi.String("string"),
PasswordHash: pulumi.String("string"),
UserId: pulumi.String("string"),
})
var userResource = new User("userResource", UserArgs.builder()
.username("string")
.attributes(Map.of("string", "string"))
.backendRoles("string")
.description("string")
.password("string")
.passwordHash("string")
.userId("string")
.build());
user_resource = opensearch.User("userResource",
username="string",
attributes={
"string": "string",
},
backend_roles=["string"],
description="string",
password="string",
password_hash="string",
user_id="string")
const userResource = new opensearch.User("userResource", {
username: "string",
attributes: {
string: "string",
},
backendRoles: ["string"],
description: "string",
password: "string",
passwordHash: "string",
userId: "string",
});
type: opensearch:User
properties:
attributes:
string: string
backendRoles:
- string
description: string
password: string
passwordHash: string
userId: string
username: string
User Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The User resource accepts the following input properties:
- Username string
- The name of the security user.
- Attributes Dictionary<string, string>
- A map of arbitrary key value string pairs stored alongside of users.
- Backend
Roles List<string> - A list of backend roles.
- Description string
- Description of the user.
- Password string
- The plain text password for the user, cannot be specified with
password_hash. Some implementations may enforce a password policy. Invalid passwords may cause a non-descriptive HTTP 400 Bad Request error. For AWS OpenSearch domains "password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one digit, and one special character". - Password
Hash string - The pre-hashed password for the user, cannot be specified with
password. - User
Id string - The ID of this resource.
- Username string
- The name of the security user.
- Attributes map[string]string
- A map of arbitrary key value string pairs stored alongside of users.
- Backend
Roles []string - A list of backend roles.
- Description string
- Description of the user.
- Password string
- The plain text password for the user, cannot be specified with
password_hash. Some implementations may enforce a password policy. Invalid passwords may cause a non-descriptive HTTP 400 Bad Request error. For AWS OpenSearch domains "password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one digit, and one special character". - Password
Hash string - The pre-hashed password for the user, cannot be specified with
password. - User
Id string - The ID of this resource.
- username String
- The name of the security user.
- attributes Map<String,String>
- A map of arbitrary key value string pairs stored alongside of users.
- backend
Roles List<String> - A list of backend roles.
- description String
- Description of the user.
- password String
- The plain text password for the user, cannot be specified with
password_hash. Some implementations may enforce a password policy. Invalid passwords may cause a non-descriptive HTTP 400 Bad Request error. For AWS OpenSearch domains "password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one digit, and one special character". - password
Hash String - The pre-hashed password for the user, cannot be specified with
password. - user
Id String - The ID of this resource.
- username string
- The name of the security user.
- attributes {[key: string]: string}
- A map of arbitrary key value string pairs stored alongside of users.
- backend
Roles string[] - A list of backend roles.
- description string
- Description of the user.
- password string
- The plain text password for the user, cannot be specified with
password_hash. Some implementations may enforce a password policy. Invalid passwords may cause a non-descriptive HTTP 400 Bad Request error. For AWS OpenSearch domains "password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one digit, and one special character". - password
Hash string - The pre-hashed password for the user, cannot be specified with
password. - user
Id string - The ID of this resource.
- username str
- The name of the security user.
- attributes Mapping[str, str]
- A map of arbitrary key value string pairs stored alongside of users.
- backend_
roles Sequence[str] - A list of backend roles.
- description str
- Description of the user.
- password str
- The plain text password for the user, cannot be specified with
password_hash. Some implementations may enforce a password policy. Invalid passwords may cause a non-descriptive HTTP 400 Bad Request error. For AWS OpenSearch domains "password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one digit, and one special character". - password_
hash str - The pre-hashed password for the user, cannot be specified with
password. - user_
id str - The ID of this resource.
- username String
- The name of the security user.
- attributes Map<String>
- A map of arbitrary key value string pairs stored alongside of users.
- backend
Roles List<String> - A list of backend roles.
- description String
- Description of the user.
- password String
- The plain text password for the user, cannot be specified with
password_hash. Some implementations may enforce a password policy. Invalid passwords may cause a non-descriptive HTTP 400 Bad Request error. For AWS OpenSearch domains "password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one digit, and one special character". - password
Hash String - The pre-hashed password for the user, cannot be specified with
password. - user
Id String - The ID of this resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing User Resource
Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: UserState, opts?: CustomResourceOptions): User@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
attributes: Optional[Mapping[str, str]] = None,
backend_roles: Optional[Sequence[str]] = None,
description: Optional[str] = None,
password: Optional[str] = None,
password_hash: Optional[str] = None,
user_id: Optional[str] = None,
username: Optional[str] = None) -> Userfunc GetUser(ctx *Context, name string, id IDInput, state *UserState, opts ...ResourceOption) (*User, error)public static User Get(string name, Input<string> id, UserState? state, CustomResourceOptions? opts = null)public static User get(String name, Output<String> id, UserState state, CustomResourceOptions options)resources: _: type: opensearch:User get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Attributes Dictionary<string, string>
- A map of arbitrary key value string pairs stored alongside of users.
- Backend
Roles List<string> - A list of backend roles.
- Description string
- Description of the user.
- Password string
- The plain text password for the user, cannot be specified with
password_hash. Some implementations may enforce a password policy. Invalid passwords may cause a non-descriptive HTTP 400 Bad Request error. For AWS OpenSearch domains "password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one digit, and one special character". - Password
Hash string - The pre-hashed password for the user, cannot be specified with
password. - User
Id string - The ID of this resource.
- Username string
- The name of the security user.
- Attributes map[string]string
- A map of arbitrary key value string pairs stored alongside of users.
- Backend
Roles []string - A list of backend roles.
- Description string
- Description of the user.
- Password string
- The plain text password for the user, cannot be specified with
password_hash. Some implementations may enforce a password policy. Invalid passwords may cause a non-descriptive HTTP 400 Bad Request error. For AWS OpenSearch domains "password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one digit, and one special character". - Password
Hash string - The pre-hashed password for the user, cannot be specified with
password. - User
Id string - The ID of this resource.
- Username string
- The name of the security user.
- attributes Map<String,String>
- A map of arbitrary key value string pairs stored alongside of users.
- backend
Roles List<String> - A list of backend roles.
- description String
- Description of the user.
- password String
- The plain text password for the user, cannot be specified with
password_hash. Some implementations may enforce a password policy. Invalid passwords may cause a non-descriptive HTTP 400 Bad Request error. For AWS OpenSearch domains "password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one digit, and one special character". - password
Hash String - The pre-hashed password for the user, cannot be specified with
password. - user
Id String - The ID of this resource.
- username String
- The name of the security user.
- attributes {[key: string]: string}
- A map of arbitrary key value string pairs stored alongside of users.
- backend
Roles string[] - A list of backend roles.
- description string
- Description of the user.
- password string
- The plain text password for the user, cannot be specified with
password_hash. Some implementations may enforce a password policy. Invalid passwords may cause a non-descriptive HTTP 400 Bad Request error. For AWS OpenSearch domains "password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one digit, and one special character". - password
Hash string - The pre-hashed password for the user, cannot be specified with
password. - user
Id string - The ID of this resource.
- username string
- The name of the security user.
- attributes Mapping[str, str]
- A map of arbitrary key value string pairs stored alongside of users.
- backend_
roles Sequence[str] - A list of backend roles.
- description str
- Description of the user.
- password str
- The plain text password for the user, cannot be specified with
password_hash. Some implementations may enforce a password policy. Invalid passwords may cause a non-descriptive HTTP 400 Bad Request error. For AWS OpenSearch domains "password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one digit, and one special character". - password_
hash str - The pre-hashed password for the user, cannot be specified with
password. - user_
id str - The ID of this resource.
- username str
- The name of the security user.
- attributes Map<String>
- A map of arbitrary key value string pairs stored alongside of users.
- backend
Roles List<String> - A list of backend roles.
- description String
- Description of the user.
- password String
- The plain text password for the user, cannot be specified with
password_hash. Some implementations may enforce a password policy. Invalid passwords may cause a non-descriptive HTTP 400 Bad Request error. For AWS OpenSearch domains "password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one digit, and one special character". - password
Hash String - The pre-hashed password for the user, cannot be specified with
password. - user
Id String - The ID of this resource.
- username String
- The name of the security user.
Import
$ pulumi import opensearch:index/user:User reader app_reader
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- opensearch opensearch-project/terraform-provider-opensearch
- License
- Notes
- This Pulumi package is based on the
opensearchTerraform Provider.
opensearch 2.3.1 published on Monday, Apr 14, 2025 by opensearch-project