Docs Home
Volcengine v0.0.32 published on Sunday, Jun 8, 2025 by Volcengine
volcengine.vke.Permission
Explore with Pulumi AI
Provides a resource to manage vke permission
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as volcengine from "@pulumi/volcengine";
import * as volcengine from "@volcengine/pulumi";
const fooZones = volcengine.ecs.getZones({});
// create vpc
const fooVpc = new volcengine.vpc.Vpc("fooVpc", {
vpcName: "acc-test-vpc",
cidrBlock: "172.16.0.0/16",
});
// create subnet
const fooSubnet = new volcengine.vpc.Subnet("fooSubnet", {
subnetName: "acc-test-subnet",
cidrBlock: "172.16.0.0/24",
zoneId: fooZones.then(fooZones => fooZones.zones?.[0]?.id),
vpcId: fooVpc.id,
});
// create security group
const fooSecurityGroup = new volcengine.vpc.SecurityGroup("fooSecurityGroup", {
securityGroupName: "acc-test-security-group",
vpcId: fooVpc.id,
});
// create vke cluster
const fooCluster = new volcengine.vke.Cluster("fooCluster", {
description: "created by terraform",
projectName: "default",
deleteProtectionEnabled: false,
clusterConfig: {
subnetIds: [fooSubnet.id],
apiServerPublicAccessEnabled: true,
apiServerPublicAccessConfig: {
publicAccessNetworkConfig: {
billingType: "PostPaidByBandwidth",
bandwidth: 1,
},
},
resourcePublicAccessDefaultEnabled: true,
},
podsConfig: {
podNetworkMode: "VpcCniShared",
vpcCniConfig: {
subnetIds: [fooSubnet.id],
},
},
servicesConfig: {
serviceCidrsv4s: ["172.30.0.0/18"],
},
tags: [{
key: "tf-k1",
value: "tf-v1",
}],
});
const fooPermission = new volcengine.vke.Permission("fooPermission", {
roleName: "vke:visitor",
granteeId: 385500000,
granteeType: "User",
roleDomain: "cluster",
clusterId: fooCluster.id,
});
import pulumi
import pulumi_volcengine as volcengine
foo_zones = volcengine.ecs.get_zones()
# create vpc
foo_vpc = volcengine.vpc.Vpc("fooVpc",
vpc_name="acc-test-vpc",
cidr_block="172.16.0.0/16")
# create subnet
foo_subnet = volcengine.vpc.Subnet("fooSubnet",
subnet_name="acc-test-subnet",
cidr_block="172.16.0.0/24",
zone_id=foo_zones.zones[0].id,
vpc_id=foo_vpc.id)
# create security group
foo_security_group = volcengine.vpc.SecurityGroup("fooSecurityGroup",
security_group_name="acc-test-security-group",
vpc_id=foo_vpc.id)
# create vke cluster
foo_cluster = volcengine.vke.Cluster("fooCluster",
description="created by terraform",
project_name="default",
delete_protection_enabled=False,
cluster_config=volcengine.vke.ClusterClusterConfigArgs(
subnet_ids=[foo_subnet.id],
api_server_public_access_enabled=True,
api_server_public_access_config=volcengine.vke.ClusterClusterConfigApiServerPublicAccessConfigArgs(
public_access_network_config=volcengine.vke.ClusterClusterConfigApiServerPublicAccessConfigPublicAccessNetworkConfigArgs(
billing_type="PostPaidByBandwidth",
bandwidth=1,
),
),
resource_public_access_default_enabled=True,
),
pods_config=volcengine.vke.ClusterPodsConfigArgs(
pod_network_mode="VpcCniShared",
vpc_cni_config=volcengine.vke.ClusterPodsConfigVpcCniConfigArgs(
subnet_ids=[foo_subnet.id],
),
),
services_config=volcengine.vke.ClusterServicesConfigArgs(
service_cidrsv4s=["172.30.0.0/18"],
),
tags=[volcengine.vke.ClusterTagArgs(
key="tf-k1",
value="tf-v1",
)])
foo_permission = volcengine.vke.Permission("fooPermission",
role_name="vke:visitor",
grantee_id=385500000,
grantee_type="User",
role_domain="cluster",
cluster_id=foo_cluster.id)
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/volcengine/pulumi-volcengine/sdk/go/volcengine/ecs"
"github.com/volcengine/pulumi-volcengine/sdk/go/volcengine/vke"
"github.com/volcengine/pulumi-volcengine/sdk/go/volcengine/vpc"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
fooZones, err := ecs.GetZones(ctx, nil, nil)
if err != nil {
return err
}
// create vpc
fooVpc, err := vpc.NewVpc(ctx, "fooVpc", &vpc.VpcArgs{
VpcName: pulumi.String("acc-test-vpc"),
CidrBlock: pulumi.String("172.16.0.0/16"),
})
if err != nil {
return err
}
// create subnet
fooSubnet, err := vpc.NewSubnet(ctx, "fooSubnet", &vpc.SubnetArgs{
SubnetName: pulumi.String("acc-test-subnet"),
CidrBlock: pulumi.String("172.16.0.0/24"),
ZoneId: pulumi.String(fooZones.Zones[0].Id),
VpcId: fooVpc.ID(),
})
if err != nil {
return err
}
// create security group
_, err = vpc.NewSecurityGroup(ctx, "fooSecurityGroup", &vpc.SecurityGroupArgs{
SecurityGroupName: pulumi.String("acc-test-security-group"),
VpcId: fooVpc.ID(),
})
if err != nil {
return err
}
// create vke cluster
fooCluster, err := vke.NewCluster(ctx, "fooCluster", &vke.ClusterArgs{
Description: pulumi.String("created by terraform"),
ProjectName: pulumi.String("default"),
DeleteProtectionEnabled: pulumi.Bool(false),
ClusterConfig: &vke.ClusterClusterConfigArgs{
SubnetIds: pulumi.StringArray{
fooSubnet.ID(),
},
ApiServerPublicAccessEnabled: pulumi.Bool(true),
ApiServerPublicAccessConfig: &vke.ClusterClusterConfigApiServerPublicAccessConfigArgs{
PublicAccessNetworkConfig: &vke.ClusterClusterConfigApiServerPublicAccessConfigPublicAccessNetworkConfigArgs{
BillingType: pulumi.String("PostPaidByBandwidth"),
Bandwidth: pulumi.Int(1),
},
},
ResourcePublicAccessDefaultEnabled: pulumi.Bool(true),
},
PodsConfig: &vke.ClusterPodsConfigArgs{
PodNetworkMode: pulumi.String("VpcCniShared"),
VpcCniConfig: &vke.ClusterPodsConfigVpcCniConfigArgs{
SubnetIds: pulumi.StringArray{
fooSubnet.ID(),
},
},
},
ServicesConfig: &vke.ClusterServicesConfigArgs{
ServiceCidrsv4s: pulumi.StringArray{
pulumi.String("172.30.0.0/18"),
},
},
Tags: vke.ClusterTagArray{
&vke.ClusterTagArgs{
Key: pulumi.String("tf-k1"),
Value: pulumi.String("tf-v1"),
},
},
})
if err != nil {
return err
}
_, err = vke.NewPermission(ctx, "fooPermission", &vke.PermissionArgs{
RoleName: pulumi.String("vke:visitor"),
GranteeId: pulumi.Int(385500000),
GranteeType: pulumi.String("User"),
RoleDomain: pulumi.String("cluster"),
ClusterId: fooCluster.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Volcengine = Pulumi.Volcengine;
return await Deployment.RunAsync(() =>
{
var fooZones = Volcengine.Ecs.GetZones.Invoke();
// create vpc
var fooVpc = new Volcengine.Vpc.Vpc("fooVpc", new()
{
VpcName = "acc-test-vpc",
CidrBlock = "172.16.0.0/16",
});
// create subnet
var fooSubnet = new Volcengine.Vpc.Subnet("fooSubnet", new()
{
SubnetName = "acc-test-subnet",
CidrBlock = "172.16.0.0/24",
ZoneId = fooZones.Apply(getZonesResult => getZonesResult.Zones[0]?.Id),
VpcId = fooVpc.Id,
});
// create security group
var fooSecurityGroup = new Volcengine.Vpc.SecurityGroup("fooSecurityGroup", new()
{
SecurityGroupName = "acc-test-security-group",
VpcId = fooVpc.Id,
});
// create vke cluster
var fooCluster = new Volcengine.Vke.Cluster("fooCluster", new()
{
Description = "created by terraform",
ProjectName = "default",
DeleteProtectionEnabled = false,
ClusterConfig = new Volcengine.Vke.Inputs.ClusterClusterConfigArgs
{
SubnetIds = new[]
{
fooSubnet.Id,
},
ApiServerPublicAccessEnabled = true,
ApiServerPublicAccessConfig = new Volcengine.Vke.Inputs.ClusterClusterConfigApiServerPublicAccessConfigArgs
{
PublicAccessNetworkConfig = new Volcengine.Vke.Inputs.ClusterClusterConfigApiServerPublicAccessConfigPublicAccessNetworkConfigArgs
{
BillingType = "PostPaidByBandwidth",
Bandwidth = 1,
},
},
ResourcePublicAccessDefaultEnabled = true,
},
PodsConfig = new Volcengine.Vke.Inputs.ClusterPodsConfigArgs
{
PodNetworkMode = "VpcCniShared",
VpcCniConfig = new Volcengine.Vke.Inputs.ClusterPodsConfigVpcCniConfigArgs
{
SubnetIds = new[]
{
fooSubnet.Id,
},
},
},
ServicesConfig = new Volcengine.Vke.Inputs.ClusterServicesConfigArgs
{
ServiceCidrsv4s = new[]
{
"172.30.0.0/18",
},
},
Tags = new[]
{
new Volcengine.Vke.Inputs.ClusterTagArgs
{
Key = "tf-k1",
Value = "tf-v1",
},
},
});
var fooPermission = new Volcengine.Vke.Permission("fooPermission", new()
{
RoleName = "vke:visitor",
GranteeId = 385500000,
GranteeType = "User",
RoleDomain = "cluster",
ClusterId = fooCluster.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.volcengine.ecs.EcsFunctions;
import com.pulumi.volcengine.ecs.inputs.GetZonesArgs;
import com.pulumi.volcengine.vpc.Vpc;
import com.pulumi.volcengine.vpc.VpcArgs;
import com.pulumi.volcengine.vpc.Subnet;
import com.pulumi.volcengine.vpc.SubnetArgs;
import com.pulumi.volcengine.vpc.SecurityGroup;
import com.pulumi.volcengine.vpc.SecurityGroupArgs;
import com.pulumi.volcengine.vke.Cluster;
import com.pulumi.volcengine.vke.ClusterArgs;
import com.pulumi.volcengine.vke.inputs.ClusterClusterConfigArgs;
import com.pulumi.volcengine.vke.inputs.ClusterClusterConfigApiServerPublicAccessConfigArgs;
import com.pulumi.volcengine.vke.inputs.ClusterClusterConfigApiServerPublicAccessConfigPublicAccessNetworkConfigArgs;
import com.pulumi.volcengine.vke.inputs.ClusterPodsConfigArgs;
import com.pulumi.volcengine.vke.inputs.ClusterPodsConfigVpcCniConfigArgs;
import com.pulumi.volcengine.vke.inputs.ClusterServicesConfigArgs;
import com.pulumi.volcengine.vke.inputs.ClusterTagArgs;
import com.pulumi.volcengine.vke.Permission;
import com.pulumi.volcengine.vke.PermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var fooZones = EcsFunctions.getZones();
// create vpc
var fooVpc = new Vpc("fooVpc", VpcArgs.builder()
.vpcName("acc-test-vpc")
.cidrBlock("172.16.0.0/16")
.build());
// create subnet
var fooSubnet = new Subnet("fooSubnet", SubnetArgs.builder()
.subnetName("acc-test-subnet")
.cidrBlock("172.16.0.0/24")
.zoneId(fooZones.applyValue(getZonesResult -> getZonesResult.zones()[0].id()))
.vpcId(fooVpc.id())
.build());
// create security group
var fooSecurityGroup = new SecurityGroup("fooSecurityGroup", SecurityGroupArgs.builder()
.securityGroupName("acc-test-security-group")
.vpcId(fooVpc.id())
.build());
// create vke cluster
var fooCluster = new Cluster("fooCluster", ClusterArgs.builder()
.description("created by terraform")
.projectName("default")
.deleteProtectionEnabled(false)
.clusterConfig(ClusterClusterConfigArgs.builder()
.subnetIds(fooSubnet.id())
.apiServerPublicAccessEnabled(true)
.apiServerPublicAccessConfig(ClusterClusterConfigApiServerPublicAccessConfigArgs.builder()
.publicAccessNetworkConfig(ClusterClusterConfigApiServerPublicAccessConfigPublicAccessNetworkConfigArgs.builder()
.billingType("PostPaidByBandwidth")
.bandwidth(1)
.build())
.build())
.resourcePublicAccessDefaultEnabled(true)
.build())
.podsConfig(ClusterPodsConfigArgs.builder()
.podNetworkMode("VpcCniShared")
.vpcCniConfig(ClusterPodsConfigVpcCniConfigArgs.builder()
.subnetIds(fooSubnet.id())
.build())
.build())
.servicesConfig(ClusterServicesConfigArgs.builder()
.serviceCidrsv4s("172.30.0.0/18")
.build())
.tags(ClusterTagArgs.builder()
.key("tf-k1")
.value("tf-v1")
.build())
.build());
var fooPermission = new Permission("fooPermission", PermissionArgs.builder()
.roleName("vke:visitor")
.granteeId(385500000)
.granteeType("User")
.roleDomain("cluster")
.clusterId(fooCluster.id())
.build());
}
}
resources:
# create vpc
fooVpc:
type: volcengine:vpc:Vpc
properties:
vpcName: acc-test-vpc
cidrBlock: 172.16.0.0/16
# create subnet
fooSubnet:
type: volcengine:vpc:Subnet
properties:
subnetName: acc-test-subnet
cidrBlock: 172.16.0.0/24
zoneId: ${fooZones.zones[0].id}
vpcId: ${fooVpc.id}
# create security group
fooSecurityGroup:
type: volcengine:vpc:SecurityGroup
properties:
securityGroupName: acc-test-security-group
vpcId: ${fooVpc.id}
# create vke cluster
fooCluster:
type: volcengine:vke:Cluster
properties:
description: created by terraform
projectName: default
deleteProtectionEnabled: false
clusterConfig:
subnetIds:
- ${fooSubnet.id}
apiServerPublicAccessEnabled: true
apiServerPublicAccessConfig:
publicAccessNetworkConfig:
billingType: PostPaidByBandwidth
bandwidth: 1
resourcePublicAccessDefaultEnabled: true
podsConfig:
podNetworkMode: VpcCniShared
vpcCniConfig:
subnetIds:
- ${fooSubnet.id}
servicesConfig:
serviceCidrsv4s:
- 172.30.0.0/18
tags:
- key: tf-k1
value: tf-v1
fooPermission:
type: volcengine:vke:Permission
properties:
roleName: vke:visitor
granteeId: 3.855e+08
granteeType: User
roleDomain: cluster
clusterId: ${fooCluster.id}
variables:
fooZones:
fn::invoke:
Function: volcengine:ecs:getZones
Arguments: {}
Create Permission Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Permission(name: string, args: PermissionArgs, opts?: CustomResourceOptions);@overload
def Permission(resource_name: str,
args: PermissionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Permission(resource_name: str,
opts: Optional[ResourceOptions] = None,
grantee_id: Optional[int] = None,
grantee_type: Optional[str] = None,
role_domain: Optional[str] = None,
role_name: Optional[str] = None,
cluster_id: Optional[str] = None,
is_custom_role: Optional[bool] = None,
namespace: Optional[str] = None)func NewPermission(ctx *Context, name string, args PermissionArgs, opts ...ResourceOption) (*Permission, error)public Permission(string name, PermissionArgs args, CustomResourceOptions? opts = null)
public Permission(String name, PermissionArgs args)
public Permission(String name, PermissionArgs args, CustomResourceOptions options)
type: volcengine:vke:Permission
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PermissionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PermissionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PermissionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PermissionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PermissionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var permissionResource = new Volcengine.Vke.Permission("permissionResource", new()
{
GranteeId = 0,
GranteeType = "string",
RoleDomain = "string",
RoleName = "string",
ClusterId = "string",
IsCustomRole = false,
Namespace = "string",
});
example, err := vke.NewPermission(ctx, "permissionResource", &vke.PermissionArgs{
GranteeId: pulumi.Int(0),
GranteeType: pulumi.String("string"),
RoleDomain: pulumi.String("string"),
RoleName: pulumi.String("string"),
ClusterId: pulumi.String("string"),
IsCustomRole: pulumi.Bool(false),
Namespace: pulumi.String("string"),
})
var permissionResource = new Permission("permissionResource", PermissionArgs.builder()
.granteeId(0)
.granteeType("string")
.roleDomain("string")
.roleName("string")
.clusterId("string")
.isCustomRole(false)
.namespace("string")
.build());
permission_resource = volcengine.vke.Permission("permissionResource",
grantee_id=0,
grantee_type="string",
role_domain="string",
role_name="string",
cluster_id="string",
is_custom_role=False,
namespace="string")
const permissionResource = new volcengine.vke.Permission("permissionResource", {
granteeId: 0,
granteeType: "string",
roleDomain: "string",
roleName: "string",
clusterId: "string",
isCustomRole: false,
namespace: "string",
});
type: volcengine:vke:Permission
properties:
clusterId: string
granteeId: 0
granteeType: string
isCustomRole: false
namespace: string
roleDomain: string
roleName: string
Permission Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Permission resource accepts the following input properties:
- Grantee
Id int - The ID of the grantee.
- Grantee
Type string - The type of the grantee. Valid values:
User. - Role
Domain string - The types of permissions granted to IAM users or roles. Valid values:
namespace,cluster,all_clusters. When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignore_changes ignore changes in fields. - Role
Name string - The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
- Cluster
Id string - The cluster ID that needs to be authorized to IAM users or roles.
- Is
Custom boolRole - Whether the RBAC role is a custom role. Default is false.
- Namespace string
- The namespace that needs to be authorized to IAM users or roles.
- Grantee
Id int - The ID of the grantee.
- Grantee
Type string - The type of the grantee. Valid values:
User. - Role
Domain string - The types of permissions granted to IAM users or roles. Valid values:
namespace,cluster,all_clusters. When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignore_changes ignore changes in fields. - Role
Name string - The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
- Cluster
Id string - The cluster ID that needs to be authorized to IAM users or roles.
- Is
Custom boolRole - Whether the RBAC role is a custom role. Default is false.
- Namespace string
- The namespace that needs to be authorized to IAM users or roles.
- grantee
Id Integer - The ID of the grantee.
- grantee
Type String - The type of the grantee. Valid values:
User. - role
Domain String - The types of permissions granted to IAM users or roles. Valid values:
namespace,cluster,all_clusters. When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignore_changes ignore changes in fields. - role
Name String - The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
- cluster
Id String - The cluster ID that needs to be authorized to IAM users or roles.
- is
Custom BooleanRole - Whether the RBAC role is a custom role. Default is false.
- namespace String
- The namespace that needs to be authorized to IAM users or roles.
- grantee
Id number - The ID of the grantee.
- grantee
Type string - The type of the grantee. Valid values:
User. - role
Domain string - The types of permissions granted to IAM users or roles. Valid values:
namespace,cluster,all_clusters. When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignore_changes ignore changes in fields. - role
Name string - The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
- cluster
Id string - The cluster ID that needs to be authorized to IAM users or roles.
- is
Custom booleanRole - Whether the RBAC role is a custom role. Default is false.
- namespace string
- The namespace that needs to be authorized to IAM users or roles.
- grantee_
id int - The ID of the grantee.
- grantee_
type str - The type of the grantee. Valid values:
User. - role_
domain str - The types of permissions granted to IAM users or roles. Valid values:
namespace,cluster,all_clusters. When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignore_changes ignore changes in fields. - role_
name str - The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
- cluster_
id str - The cluster ID that needs to be authorized to IAM users or roles.
- is_
custom_ boolrole - Whether the RBAC role is a custom role. Default is false.
- namespace str
- The namespace that needs to be authorized to IAM users or roles.
- grantee
Id Number - The ID of the grantee.
- grantee
Type String - The type of the grantee. Valid values:
User. - role
Domain String - The types of permissions granted to IAM users or roles. Valid values:
namespace,cluster,all_clusters. When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignore_changes ignore changes in fields. - role
Name String - The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
- cluster
Id String - The cluster ID that needs to be authorized to IAM users or roles.
- is
Custom BooleanRole - Whether the RBAC role is a custom role. Default is false.
- namespace String
- The namespace that needs to be authorized to IAM users or roles.
Outputs
All input properties are implicitly available as output properties. Additionally, the Permission resource produces the following output properties:
- string
- The authorized time of the RBAC Permission.
- int
- The ID of the Authorizer.
- string
- The name of the Authorizer.
- string
- The type of the Authorizer.
- Granted
At string - The granted time of the RBAC Permission.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kube
Role stringBinding Name - The name of the Kube Role Binding.
- Message string
- The message of the RBAC Permission.
- Revoked
At string - The revoked time of the RBAC Permission.
- Status string
- The status of the RBAC Permission.
- string
- The authorized time of the RBAC Permission.
- int
- The ID of the Authorizer.
- string
- The name of the Authorizer.
- string
- The type of the Authorizer.
- Granted
At string - The granted time of the RBAC Permission.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kube
Role stringBinding Name - The name of the Kube Role Binding.
- Message string
- The message of the RBAC Permission.
- Revoked
At string - The revoked time of the RBAC Permission.
- Status string
- The status of the RBAC Permission.
- String
- The authorized time of the RBAC Permission.
- Integer
- The ID of the Authorizer.
- String
- The name of the Authorizer.
- String
- The type of the Authorizer.
- granted
At String - The granted time of the RBAC Permission.
- id String
- The provider-assigned unique ID for this managed resource.
- kube
Role StringBinding Name - The name of the Kube Role Binding.
- message String
- The message of the RBAC Permission.
- revoked
At String - The revoked time of the RBAC Permission.
- status String
- The status of the RBAC Permission.
- string
- The authorized time of the RBAC Permission.
- number
- The ID of the Authorizer.
- string
- The name of the Authorizer.
- string
- The type of the Authorizer.
- granted
At string - The granted time of the RBAC Permission.
- id string
- The provider-assigned unique ID for this managed resource.
- kube
Role stringBinding Name - The name of the Kube Role Binding.
- message string
- The message of the RBAC Permission.
- revoked
At string - The revoked time of the RBAC Permission.
- status string
- The status of the RBAC Permission.
- str
- The authorized time of the RBAC Permission.
- int
- The ID of the Authorizer.
- str
- The name of the Authorizer.
- str
- The type of the Authorizer.
- granted_
at str - The granted time of the RBAC Permission.
- id str
- The provider-assigned unique ID for this managed resource.
- kube_
role_ strbinding_ name - The name of the Kube Role Binding.
- message str
- The message of the RBAC Permission.
- revoked_
at str - The revoked time of the RBAC Permission.
- status str
- The status of the RBAC Permission.
- String
- The authorized time of the RBAC Permission.
- Number
- The ID of the Authorizer.
- String
- The name of the Authorizer.
- String
- The type of the Authorizer.
- granted
At String - The granted time of the RBAC Permission.
- id String
- The provider-assigned unique ID for this managed resource.
- kube
Role StringBinding Name - The name of the Kube Role Binding.
- message String
- The message of the RBAC Permission.
- revoked
At String - The revoked time of the RBAC Permission.
- status String
- The status of the RBAC Permission.
Look up Existing Permission Resource
Get an existing Permission resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PermissionState, opts?: CustomResourceOptions): Permission@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
authorized_at: Optional[str] = None,
authorizer_id: Optional[int] = None,
authorizer_name: Optional[str] = None,
authorizer_type: Optional[str] = None,
cluster_id: Optional[str] = None,
granted_at: Optional[str] = None,
grantee_id: Optional[int] = None,
grantee_type: Optional[str] = None,
is_custom_role: Optional[bool] = None,
kube_role_binding_name: Optional[str] = None,
message: Optional[str] = None,
namespace: Optional[str] = None,
revoked_at: Optional[str] = None,
role_domain: Optional[str] = None,
role_name: Optional[str] = None,
status: Optional[str] = None) -> Permissionfunc GetPermission(ctx *Context, name string, id IDInput, state *PermissionState, opts ...ResourceOption) (*Permission, error)public static Permission Get(string name, Input<string> id, PermissionState? state, CustomResourceOptions? opts = null)public static Permission get(String name, Output<String> id, PermissionState state, CustomResourceOptions options)resources: _: type: volcengine:vke:Permission get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- string
- The authorized time of the RBAC Permission.
- int
- The ID of the Authorizer.
- string
- The name of the Authorizer.
- string
- The type of the Authorizer.
- Cluster
Id string - The cluster ID that needs to be authorized to IAM users or roles.
- Granted
At string - The granted time of the RBAC Permission.
- Grantee
Id int - The ID of the grantee.
- Grantee
Type string - The type of the grantee. Valid values:
User. - Is
Custom boolRole - Whether the RBAC role is a custom role. Default is false.
- Kube
Role stringBinding Name - The name of the Kube Role Binding.
- Message string
- The message of the RBAC Permission.
- Namespace string
- The namespace that needs to be authorized to IAM users or roles.
- Revoked
At string - The revoked time of the RBAC Permission.
- Role
Domain string - The types of permissions granted to IAM users or roles. Valid values:
namespace,cluster,all_clusters. When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignore_changes ignore changes in fields. - Role
Name string - The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
- Status string
- The status of the RBAC Permission.
- string
- The authorized time of the RBAC Permission.
- int
- The ID of the Authorizer.
- string
- The name of the Authorizer.
- string
- The type of the Authorizer.
- Cluster
Id string - The cluster ID that needs to be authorized to IAM users or roles.
- Granted
At string - The granted time of the RBAC Permission.
- Grantee
Id int - The ID of the grantee.
- Grantee
Type string - The type of the grantee. Valid values:
User. - Is
Custom boolRole - Whether the RBAC role is a custom role. Default is false.
- Kube
Role stringBinding Name - The name of the Kube Role Binding.
- Message string
- The message of the RBAC Permission.
- Namespace string
- The namespace that needs to be authorized to IAM users or roles.
- Revoked
At string - The revoked time of the RBAC Permission.
- Role
Domain string - The types of permissions granted to IAM users or roles. Valid values:
namespace,cluster,all_clusters. When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignore_changes ignore changes in fields. - Role
Name string - The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
- Status string
- The status of the RBAC Permission.
- String
- The authorized time of the RBAC Permission.
- Integer
- The ID of the Authorizer.
- String
- The name of the Authorizer.
- String
- The type of the Authorizer.
- cluster
Id String - The cluster ID that needs to be authorized to IAM users or roles.
- granted
At String - The granted time of the RBAC Permission.
- grantee
Id Integer - The ID of the grantee.
- grantee
Type String - The type of the grantee. Valid values:
User. - is
Custom BooleanRole - Whether the RBAC role is a custom role. Default is false.
- kube
Role StringBinding Name - The name of the Kube Role Binding.
- message String
- The message of the RBAC Permission.
- namespace String
- The namespace that needs to be authorized to IAM users or roles.
- revoked
At String - The revoked time of the RBAC Permission.
- role
Domain String - The types of permissions granted to IAM users or roles. Valid values:
namespace,cluster,all_clusters. When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignore_changes ignore changes in fields. - role
Name String - The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
- status String
- The status of the RBAC Permission.
- string
- The authorized time of the RBAC Permission.
- number
- The ID of the Authorizer.
- string
- The name of the Authorizer.
- string
- The type of the Authorizer.
- cluster
Id string - The cluster ID that needs to be authorized to IAM users or roles.
- granted
At string - The granted time of the RBAC Permission.
- grantee
Id number - The ID of the grantee.
- grantee
Type string - The type of the grantee. Valid values:
User. - is
Custom booleanRole - Whether the RBAC role is a custom role. Default is false.
- kube
Role stringBinding Name - The name of the Kube Role Binding.
- message string
- The message of the RBAC Permission.
- namespace string
- The namespace that needs to be authorized to IAM users or roles.
- revoked
At string - The revoked time of the RBAC Permission.
- role
Domain string - The types of permissions granted to IAM users or roles. Valid values:
namespace,cluster,all_clusters. When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignore_changes ignore changes in fields. - role
Name string - The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
- status string
- The status of the RBAC Permission.
- str
- The authorized time of the RBAC Permission.
- int
- The ID of the Authorizer.
- str
- The name of the Authorizer.
- str
- The type of the Authorizer.
- cluster_
id str - The cluster ID that needs to be authorized to IAM users or roles.
- granted_
at str - The granted time of the RBAC Permission.
- grantee_
id int - The ID of the grantee.
- grantee_
type str - The type of the grantee. Valid values:
User. - is_
custom_ boolrole - Whether the RBAC role is a custom role. Default is false.
- kube_
role_ strbinding_ name - The name of the Kube Role Binding.
- message str
- The message of the RBAC Permission.
- namespace str
- The namespace that needs to be authorized to IAM users or roles.
- revoked_
at str - The revoked time of the RBAC Permission.
- role_
domain str - The types of permissions granted to IAM users or roles. Valid values:
namespace,cluster,all_clusters. When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignore_changes ignore changes in fields. - role_
name str - The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
- status str
- The status of the RBAC Permission.
- String
- The authorized time of the RBAC Permission.
- Number
- The ID of the Authorizer.
- String
- The name of the Authorizer.
- String
- The type of the Authorizer.
- cluster
Id String - The cluster ID that needs to be authorized to IAM users or roles.
- granted
At String - The granted time of the RBAC Permission.
- grantee
Id Number - The ID of the grantee.
- grantee
Type String - The type of the grantee. Valid values:
User. - is
Custom BooleanRole - Whether the RBAC role is a custom role. Default is false.
- kube
Role StringBinding Name - The name of the Kube Role Binding.
- message String
- The message of the RBAC Permission.
- namespace String
- The namespace that needs to be authorized to IAM users or roles.
- revoked
At String - The revoked time of the RBAC Permission.
- role
Domain String - The types of permissions granted to IAM users or roles. Valid values:
namespace,cluster,all_clusters. When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignore_changes ignore changes in fields. - role
Name String - The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
- status String
- The status of the RBAC Permission.
Import
VkePermission can be imported using the id, e.g.
$ pulumi import volcengine:vke/permission:Permission default resource_id
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- volcengine volcengine/pulumi-volcengine
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
volcengineTerraform Provider.