tencentcloud 1.82.68 published on Friday, Feb 6, 2026 by tencentcloudstack
tencentcloud 1.82.68 published on Friday, Feb 6, 2026 by tencentcloudstack
Provides a resource to create a TKE kubernetes user permissions
NOTE: This resource must exclusive in one target Uin, do not declare additional permissions resources of this target Uin elsewhere.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";
const example = new tencentcloud.KubernetesUserPermissions("example", {
targetUin: "100056451191",
permissions: [
{
clusterId: "cls-62ch3v24",
roleName: "tke:admin",
roleType: "cluster",
isCustom: false,
},
{
clusterId: "cls-62ch3v24",
roleName: "tke:admin",
roleType: "namespace",
isCustom: false,
namespace: "default",
},
],
});
import pulumi
import pulumi_tencentcloud as tencentcloud
example = tencentcloud.KubernetesUserPermissions("example",
target_uin="100056451191",
permissions=[
{
"cluster_id": "cls-62ch3v24",
"role_name": "tke:admin",
"role_type": "cluster",
"is_custom": False,
},
{
"cluster_id": "cls-62ch3v24",
"role_name": "tke:admin",
"role_type": "namespace",
"is_custom": False,
"namespace": "default",
},
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := tencentcloud.NewKubernetesUserPermissions(ctx, "example", &tencentcloud.KubernetesUserPermissionsArgs{
TargetUin: pulumi.String("100056451191"),
Permissions: tencentcloud.KubernetesUserPermissionsPermissionArray{
&tencentcloud.KubernetesUserPermissionsPermissionArgs{
ClusterId: pulumi.String("cls-62ch3v24"),
RoleName: pulumi.String("tke:admin"),
RoleType: pulumi.String("cluster"),
IsCustom: pulumi.Bool(false),
},
&tencentcloud.KubernetesUserPermissionsPermissionArgs{
ClusterId: pulumi.String("cls-62ch3v24"),
RoleName: pulumi.String("tke:admin"),
RoleType: pulumi.String("namespace"),
IsCustom: pulumi.Bool(false),
Namespace: pulumi.String("default"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;
return await Deployment.RunAsync(() =>
{
var example = new Tencentcloud.KubernetesUserPermissions("example", new()
{
TargetUin = "100056451191",
Permissions = new[]
{
new Tencentcloud.Inputs.KubernetesUserPermissionsPermissionArgs
{
ClusterId = "cls-62ch3v24",
RoleName = "tke:admin",
RoleType = "cluster",
IsCustom = false,
},
new Tencentcloud.Inputs.KubernetesUserPermissionsPermissionArgs
{
ClusterId = "cls-62ch3v24",
RoleName = "tke:admin",
RoleType = "namespace",
IsCustom = false,
Namespace = "default",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.KubernetesUserPermissions;
import com.pulumi.tencentcloud.KubernetesUserPermissionsArgs;
import com.pulumi.tencentcloud.inputs.KubernetesUserPermissionsPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new KubernetesUserPermissions("example", KubernetesUserPermissionsArgs.builder()
.targetUin("100056451191")
.permissions(
KubernetesUserPermissionsPermissionArgs.builder()
.clusterId("cls-62ch3v24")
.roleName("tke:admin")
.roleType("cluster")
.isCustom(false)
.build(),
KubernetesUserPermissionsPermissionArgs.builder()
.clusterId("cls-62ch3v24")
.roleName("tke:admin")
.roleType("namespace")
.isCustom(false)
.namespace("default")
.build())
.build());
}
}
resources:
example:
type: tencentcloud:KubernetesUserPermissions
properties:
targetUin: '100056451191'
permissions:
- clusterId: cls-62ch3v24
roleName: tke:admin
roleType: cluster
isCustom: false
- clusterId: cls-62ch3v24
roleName: tke:admin
roleType: namespace
isCustom: false
namespace: default
Create KubernetesUserPermissions Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new KubernetesUserPermissions(name: string, args: KubernetesUserPermissionsArgs, opts?: CustomResourceOptions);@overload
def KubernetesUserPermissions(resource_name: str,
args: KubernetesUserPermissionsArgs,
opts: Optional[ResourceOptions] = None)
@overload
def KubernetesUserPermissions(resource_name: str,
opts: Optional[ResourceOptions] = None,
target_uin: Optional[str] = None,
kubernetes_user_permissions_id: Optional[str] = None,
permissions: Optional[Sequence[KubernetesUserPermissionsPermissionArgs]] = None)func NewKubernetesUserPermissions(ctx *Context, name string, args KubernetesUserPermissionsArgs, opts ...ResourceOption) (*KubernetesUserPermissions, error)public KubernetesUserPermissions(string name, KubernetesUserPermissionsArgs args, CustomResourceOptions? opts = null)
public KubernetesUserPermissions(String name, KubernetesUserPermissionsArgs args)
public KubernetesUserPermissions(String name, KubernetesUserPermissionsArgs args, CustomResourceOptions options)
type: tencentcloud:KubernetesUserPermissions
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KubernetesUserPermissionsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KubernetesUserPermissionsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KubernetesUserPermissionsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KubernetesUserPermissionsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KubernetesUserPermissionsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
KubernetesUserPermissions Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The KubernetesUserPermissions resource accepts the following input properties:
- Target
Uin string - Unique identifier of the user to be authorized (supports sub-account UIN and role UIN).
- Kubernetes
User stringPermissions Id - ID of the resource.
- Permissions
List<Kubernetes
User Permissions Permission> - Complete list of permissions that the user should ultimately have. Uses declarative semantics, the passed list represents all permissions the user should ultimately have, the system will automatically calculate differences and perform necessary create/delete operations. When empty or not provided, all permissions for this user will be cleared. Maximum support for 100 permission items.
- Target
Uin string - Unique identifier of the user to be authorized (supports sub-account UIN and role UIN).
- Kubernetes
User stringPermissions Id - ID of the resource.
- Permissions
[]Kubernetes
User Permissions Permission Args - Complete list of permissions that the user should ultimately have. Uses declarative semantics, the passed list represents all permissions the user should ultimately have, the system will automatically calculate differences and perform necessary create/delete operations. When empty or not provided, all permissions for this user will be cleared. Maximum support for 100 permission items.
- target
Uin String - Unique identifier of the user to be authorized (supports sub-account UIN and role UIN).
- kubernetes
User StringPermissions Id - ID of the resource.
- permissions
List<Kubernetes
User Permissions Permission> - Complete list of permissions that the user should ultimately have. Uses declarative semantics, the passed list represents all permissions the user should ultimately have, the system will automatically calculate differences and perform necessary create/delete operations. When empty or not provided, all permissions for this user will be cleared. Maximum support for 100 permission items.
- target
Uin string - Unique identifier of the user to be authorized (supports sub-account UIN and role UIN).
- kubernetes
User stringPermissions Id - ID of the resource.
- permissions
Kubernetes
User Permissions Permission[] - Complete list of permissions that the user should ultimately have. Uses declarative semantics, the passed list represents all permissions the user should ultimately have, the system will automatically calculate differences and perform necessary create/delete operations. When empty or not provided, all permissions for this user will be cleared. Maximum support for 100 permission items.
- target_
uin str - Unique identifier of the user to be authorized (supports sub-account UIN and role UIN).
- kubernetes_
user_ strpermissions_ id - ID of the resource.
- permissions
Sequence[Kubernetes
User Permissions Permission Args] - Complete list of permissions that the user should ultimately have. Uses declarative semantics, the passed list represents all permissions the user should ultimately have, the system will automatically calculate differences and perform necessary create/delete operations. When empty or not provided, all permissions for this user will be cleared. Maximum support for 100 permission items.
- target
Uin String - Unique identifier of the user to be authorized (supports sub-account UIN and role UIN).
- kubernetes
User StringPermissions Id - ID of the resource.
- permissions List<Property Map>
- Complete list of permissions that the user should ultimately have. Uses declarative semantics, the passed list represents all permissions the user should ultimately have, the system will automatically calculate differences and perform necessary create/delete operations. When empty or not provided, all permissions for this user will be cleared. Maximum support for 100 permission items.
Outputs
All input properties are implicitly available as output properties. Additionally, the KubernetesUserPermissions resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing KubernetesUserPermissions Resource
Get an existing KubernetesUserPermissions resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KubernetesUserPermissionsState, opts?: CustomResourceOptions): KubernetesUserPermissions@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
kubernetes_user_permissions_id: Optional[str] = None,
permissions: Optional[Sequence[KubernetesUserPermissionsPermissionArgs]] = None,
target_uin: Optional[str] = None) -> KubernetesUserPermissionsfunc GetKubernetesUserPermissions(ctx *Context, name string, id IDInput, state *KubernetesUserPermissionsState, opts ...ResourceOption) (*KubernetesUserPermissions, error)public static KubernetesUserPermissions Get(string name, Input<string> id, KubernetesUserPermissionsState? state, CustomResourceOptions? opts = null)public static KubernetesUserPermissions get(String name, Output<String> id, KubernetesUserPermissionsState state, CustomResourceOptions options)resources: _: type: tencentcloud:KubernetesUserPermissions get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Kubernetes
User stringPermissions Id - ID of the resource.
- Permissions
List<Kubernetes
User Permissions Permission> - Complete list of permissions that the user should ultimately have. Uses declarative semantics, the passed list represents all permissions the user should ultimately have, the system will automatically calculate differences and perform necessary create/delete operations. When empty or not provided, all permissions for this user will be cleared. Maximum support for 100 permission items.
- Target
Uin string - Unique identifier of the user to be authorized (supports sub-account UIN and role UIN).
- Kubernetes
User stringPermissions Id - ID of the resource.
- Permissions
[]Kubernetes
User Permissions Permission Args - Complete list of permissions that the user should ultimately have. Uses declarative semantics, the passed list represents all permissions the user should ultimately have, the system will automatically calculate differences and perform necessary create/delete operations. When empty or not provided, all permissions for this user will be cleared. Maximum support for 100 permission items.
- Target
Uin string - Unique identifier of the user to be authorized (supports sub-account UIN and role UIN).
- kubernetes
User StringPermissions Id - ID of the resource.
- permissions
List<Kubernetes
User Permissions Permission> - Complete list of permissions that the user should ultimately have. Uses declarative semantics, the passed list represents all permissions the user should ultimately have, the system will automatically calculate differences and perform necessary create/delete operations. When empty or not provided, all permissions for this user will be cleared. Maximum support for 100 permission items.
- target
Uin String - Unique identifier of the user to be authorized (supports sub-account UIN and role UIN).
- kubernetes
User stringPermissions Id - ID of the resource.
- permissions
Kubernetes
User Permissions Permission[] - Complete list of permissions that the user should ultimately have. Uses declarative semantics, the passed list represents all permissions the user should ultimately have, the system will automatically calculate differences and perform necessary create/delete operations. When empty or not provided, all permissions for this user will be cleared. Maximum support for 100 permission items.
- target
Uin string - Unique identifier of the user to be authorized (supports sub-account UIN and role UIN).
- kubernetes_
user_ strpermissions_ id - ID of the resource.
- permissions
Sequence[Kubernetes
User Permissions Permission Args] - Complete list of permissions that the user should ultimately have. Uses declarative semantics, the passed list represents all permissions the user should ultimately have, the system will automatically calculate differences and perform necessary create/delete operations. When empty or not provided, all permissions for this user will be cleared. Maximum support for 100 permission items.
- target_
uin str - Unique identifier of the user to be authorized (supports sub-account UIN and role UIN).
- kubernetes
User StringPermissions Id - ID of the resource.
- permissions List<Property Map>
- Complete list of permissions that the user should ultimately have. Uses declarative semantics, the passed list represents all permissions the user should ultimately have, the system will automatically calculate differences and perform necessary create/delete operations. When empty or not provided, all permissions for this user will be cleared. Maximum support for 100 permission items.
- target
Uin String - Unique identifier of the user to be authorized (supports sub-account UIN and role UIN).
Supporting Types
KubernetesUserPermissionsPermission, KubernetesUserPermissionsPermissionArgs
- Cluster
Id string - Cluster ID.
- Role
Name string - Role name. Predefined roles include: tke:admin (cluster administrator), tke:ops (operations personnel), tke:dev (developer), tke:ro (read-only user), tke:ns:dev (namespace developer), tke:ns:ro (namespace read-only user), others are user-defined roles.
- Role
Type string - Authorization type. Enum values: cluster (cluster-level permissions, corresponding to ClusterRoleBinding), namespace (namespace-level permissions, corresponding to RoleBinding).
- Is
Custom bool - Whether it is a custom role, default false.
- Namespace string
- Namespace. Required when RoleType is namespace.
- Cluster
Id string - Cluster ID.
- Role
Name string - Role name. Predefined roles include: tke:admin (cluster administrator), tke:ops (operations personnel), tke:dev (developer), tke:ro (read-only user), tke:ns:dev (namespace developer), tke:ns:ro (namespace read-only user), others are user-defined roles.
- Role
Type string - Authorization type. Enum values: cluster (cluster-level permissions, corresponding to ClusterRoleBinding), namespace (namespace-level permissions, corresponding to RoleBinding).
- Is
Custom bool - Whether it is a custom role, default false.
- Namespace string
- Namespace. Required when RoleType is namespace.
- cluster
Id String - Cluster ID.
- role
Name String - Role name. Predefined roles include: tke:admin (cluster administrator), tke:ops (operations personnel), tke:dev (developer), tke:ro (read-only user), tke:ns:dev (namespace developer), tke:ns:ro (namespace read-only user), others are user-defined roles.
- role
Type String - Authorization type. Enum values: cluster (cluster-level permissions, corresponding to ClusterRoleBinding), namespace (namespace-level permissions, corresponding to RoleBinding).
- is
Custom Boolean - Whether it is a custom role, default false.
- namespace String
- Namespace. Required when RoleType is namespace.
- cluster
Id string - Cluster ID.
- role
Name string - Role name. Predefined roles include: tke:admin (cluster administrator), tke:ops (operations personnel), tke:dev (developer), tke:ro (read-only user), tke:ns:dev (namespace developer), tke:ns:ro (namespace read-only user), others are user-defined roles.
- role
Type string - Authorization type. Enum values: cluster (cluster-level permissions, corresponding to ClusterRoleBinding), namespace (namespace-level permissions, corresponding to RoleBinding).
- is
Custom boolean - Whether it is a custom role, default false.
- namespace string
- Namespace. Required when RoleType is namespace.
- cluster_
id str - Cluster ID.
- role_
name str - Role name. Predefined roles include: tke:admin (cluster administrator), tke:ops (operations personnel), tke:dev (developer), tke:ro (read-only user), tke:ns:dev (namespace developer), tke:ns:ro (namespace read-only user), others are user-defined roles.
- role_
type str - Authorization type. Enum values: cluster (cluster-level permissions, corresponding to ClusterRoleBinding), namespace (namespace-level permissions, corresponding to RoleBinding).
- is_
custom bool - Whether it is a custom role, default false.
- namespace str
- Namespace. Required when RoleType is namespace.
- cluster
Id String - Cluster ID.
- role
Name String - Role name. Predefined roles include: tke:admin (cluster administrator), tke:ops (operations personnel), tke:dev (developer), tke:ro (read-only user), tke:ns:dev (namespace developer), tke:ns:ro (namespace read-only user), others are user-defined roles.
- role
Type String - Authorization type. Enum values: cluster (cluster-level permissions, corresponding to ClusterRoleBinding), namespace (namespace-level permissions, corresponding to RoleBinding).
- is
Custom Boolean - Whether it is a custom role, default false.
- namespace String
- Namespace. Required when RoleType is namespace.
Import
TKE kubernetes user permissions can be imported using the id, e.g.
$ pulumi import tencentcloud:index/kubernetesUserPermissions:KubernetesUserPermissions example 100056451191
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- tencentcloud tencentcloudstack/terraform-provider-tencentcloud
- License
- Notes
- This Pulumi package is based on the
tencentcloudTerraform Provider.
tencentcloud 1.82.68 published on Friday, Feb 6, 2026 by tencentcloudstack
