volcenginecc.vke.Permission

volcenginecc v0.0.32, Apr 23 26

Viewing docs for volcenginecc v0.0.32
published on Thursday, Apr 23, 2026 by Volcengine

Schema (JSON)

volcengine/pulumi-volcenginecc

Viewing docs for volcenginecc v0.0.32
published on Thursday, Apr 23, 2026 by Volcengine

Schema (JSON)

volcengine/pulumi-volcenginecc

Container Service provides cluster RBAC authorization, granting RBAC access permissions to IAM users or roles. This includes accessible resources, scope of permissions, and predefined role types, enabling better management of cluster security access control and meeting enterprise users’ requirements for fine-grained resource access control.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as volcenginecc from "@volcengine/pulumi-volcenginecc";

const vKEPermissionDemo = new volcenginecc.vke.Permission("VKEPermissionDemo", {
    roleDomain: "namespace",
    clusterId: "cd48m3cb1b2ba7l6ebgp0xxxxx",
    namespace: "kube-public",
    roleName: "vke:visitor",
    isCustomRole: false,
    granteeId: 59433888,
    granteeType: "User",
});

import pulumi
import pulumi_volcenginecc as volcenginecc

v_ke_permission_demo = volcenginecc.vke.Permission("VKEPermissionDemo",
    role_domain="namespace",
    cluster_id="cd48m3cb1b2ba7l6ebgp0xxxxx",
    namespace="kube-public",
    role_name="vke:visitor",
    is_custom_role=False,
    grantee_id=59433888,
    grantee_type="User")

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/volcengine/pulumi-volcenginecc/sdk/go/volcenginecc/vke"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := vke.NewPermission(ctx, "VKEPermissionDemo", &vke.PermissionArgs{
			RoleDomain:   pulumi.String("namespace"),
			ClusterId:    pulumi.String("cd48m3cb1b2ba7l6ebgp0xxxxx"),
			Namespace:    pulumi.String("kube-public"),
			RoleName:     pulumi.String("vke:visitor"),
			IsCustomRole: pulumi.Bool(false),
			GranteeId:    pulumi.Int(59433888),
			GranteeType:  pulumi.String("User"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Volcenginecc = Volcengine.Pulumi.Volcenginecc;

return await Deployment.RunAsync(() => 
{
    var vKEPermissionDemo = new Volcenginecc.Vke.Permission("VKEPermissionDemo", new()
    {
        RoleDomain = "namespace",
        ClusterId = "cd48m3cb1b2ba7l6ebgp0xxxxx",
        Namespace = "kube-public",
        RoleName = "vke:visitor",
        IsCustomRole = false,
        GranteeId = 59433888,
        GranteeType = "User",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.volcengine.volcenginecc.vke.Permission;
import com.volcengine.volcenginecc.vke.PermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var vKEPermissionDemo = new Permission("vKEPermissionDemo", PermissionArgs.builder()
            .roleDomain("namespace")
            .clusterId("cd48m3cb1b2ba7l6ebgp0xxxxx")
            .namespace("kube-public")
            .roleName("vke:visitor")
            .isCustomRole(false)
            .granteeId(59433888)
            .granteeType("User")
            .build());

    }
}

resources:
  vKEPermissionDemo:
    type: volcenginecc:vke:Permission
    name: VKEPermissionDemo
    properties:
      roleDomain: namespace
      clusterId: cd48m3cb1b2ba7l6ebgp0xxxxx
      namespace: kube-public
      roleName: vke:visitor
      isCustomRole: false
      granteeId: 5.9433888e+07
      granteeType: User

Create Permission Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Permission(name: string, args?: PermissionArgs, opts?: CustomResourceOptions);

@overload
def Permission(resource_name: str,
               args: Optional[PermissionArgs] = None,
               opts: Optional[ResourceOptions] = None)

@overload
def Permission(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               authorizer_id: Optional[int] = None,
               authorizer_type: Optional[str] = None,
               cluster_id: Optional[str] = None,
               grantee_id: Optional[int] = None,
               grantee_type: Optional[str] = None,
               is_custom_role: Optional[bool] = None,
               namespace: Optional[str] = None,
               role_domain: Optional[str] = None,
               role_name: Optional[str] = None)

func NewPermission(ctx *Context, name string, args *PermissionArgs, opts ...ResourceOption) (*Permission, error)

public Permission(string name, PermissionArgs? args = null, CustomResourceOptions? opts = null)

public Permission(String name, PermissionArgs args)
public Permission(String name, PermissionArgs args, CustomResourceOptions options)

type: volcenginecc:vke:Permission
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PermissionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PermissionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PermissionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PermissionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PermissionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Permission Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Permission resource accepts the following input properties:

AuthorizerId int: Grantor ID. Can be an IAM user ID or an IAM role ID.
AuthorizerType string: Type of grantor. Possible values: User: IAM user. Role: IAM role. Account: account.
ClusterId string: Cluster ID to be authorized for the IAM user or role. This parameter is required when roleDomain is namespace or cluster.
GranteeId int: Grantee ID. Can be an IAM user ID or an IAM role ID.
GranteeType string: Type of grantee. Possible values: User: IAM user. Role: IAM role. Account: account.
IsCustomRole bool: Whether the RBAC role granted to the grantee is a custom role. Possible values: true: custom role. false (default): system predefined role.
Namespace string: Namespace name to be authorized for the IAM user or role. This parameter is required when roleDomain equals namespace. If roleDomain does not equal namespace, this parameter is not effective.
RoleDomain string: The permission type granted to an IAM user or role. Possible values: namespace: grants permissions at the namespace level. cluster: grants permissions at the cluster level. all_clusters: grants permissions at the cluster level for all clusters under the current account.
RoleName string: Name of the RBAC role granted to the grantee. This parameter must be specified. When roleDomain is all_clusters, custom role names are not allowed.

AuthorizerId int: Grantor ID. Can be an IAM user ID or an IAM role ID.
AuthorizerType string: Type of grantor. Possible values: User: IAM user. Role: IAM role. Account: account.
ClusterId string: Cluster ID to be authorized for the IAM user or role. This parameter is required when roleDomain is namespace or cluster.
GranteeId int: Grantee ID. Can be an IAM user ID or an IAM role ID.
GranteeType string: Type of grantee. Possible values: User: IAM user. Role: IAM role. Account: account.
IsCustomRole bool: Whether the RBAC role granted to the grantee is a custom role. Possible values: true: custom role. false (default): system predefined role.
Namespace string: Namespace name to be authorized for the IAM user or role. This parameter is required when roleDomain equals namespace. If roleDomain does not equal namespace, this parameter is not effective.
RoleDomain string: The permission type granted to an IAM user or role. Possible values: namespace: grants permissions at the namespace level. cluster: grants permissions at the cluster level. all_clusters: grants permissions at the cluster level for all clusters under the current account.
RoleName string: Name of the RBAC role granted to the grantee. This parameter must be specified. When roleDomain is all_clusters, custom role names are not allowed.

authorizerId Integer: Grantor ID. Can be an IAM user ID or an IAM role ID.
authorizerType String: Type of grantor. Possible values: User: IAM user. Role: IAM role. Account: account.
clusterId String: Cluster ID to be authorized for the IAM user or role. This parameter is required when roleDomain is namespace or cluster.
granteeId Integer: Grantee ID. Can be an IAM user ID or an IAM role ID.
granteeType String: Type of grantee. Possible values: User: IAM user. Role: IAM role. Account: account.
isCustomRole Boolean: Whether the RBAC role granted to the grantee is a custom role. Possible values: true: custom role. false (default): system predefined role.
namespace String: Namespace name to be authorized for the IAM user or role. This parameter is required when roleDomain equals namespace. If roleDomain does not equal namespace, this parameter is not effective.
roleDomain String: The permission type granted to an IAM user or role. Possible values: namespace: grants permissions at the namespace level. cluster: grants permissions at the cluster level. all_clusters: grants permissions at the cluster level for all clusters under the current account.
roleName String: Name of the RBAC role granted to the grantee. This parameter must be specified. When roleDomain is all_clusters, custom role names are not allowed.

authorizerId number: Grantor ID. Can be an IAM user ID or an IAM role ID.
authorizerType string: Type of grantor. Possible values: User: IAM user. Role: IAM role. Account: account.
clusterId string: Cluster ID to be authorized for the IAM user or role. This parameter is required when roleDomain is namespace or cluster.
granteeId number: Grantee ID. Can be an IAM user ID or an IAM role ID.
granteeType string: Type of grantee. Possible values: User: IAM user. Role: IAM role. Account: account.
isCustomRole boolean: Whether the RBAC role granted to the grantee is a custom role. Possible values: true: custom role. false (default): system predefined role.
namespace string: Namespace name to be authorized for the IAM user or role. This parameter is required when roleDomain equals namespace. If roleDomain does not equal namespace, this parameter is not effective.
roleDomain string: The permission type granted to an IAM user or role. Possible values: namespace: grants permissions at the namespace level. cluster: grants permissions at the cluster level. all_clusters: grants permissions at the cluster level for all clusters under the current account.
roleName string: Name of the RBAC role granted to the grantee. This parameter must be specified. When roleDomain is all_clusters, custom role names are not allowed.

authorizer_id int: Grantor ID. Can be an IAM user ID or an IAM role ID.
authorizer_type str: Type of grantor. Possible values: User: IAM user. Role: IAM role. Account: account.
cluster_id str: Cluster ID to be authorized for the IAM user or role. This parameter is required when roleDomain is namespace or cluster.
grantee_id int: Grantee ID. Can be an IAM user ID or an IAM role ID.
grantee_type str: Type of grantee. Possible values: User: IAM user. Role: IAM role. Account: account.
is_custom_role bool: Whether the RBAC role granted to the grantee is a custom role. Possible values: true: custom role. false (default): system predefined role.
namespace str: Namespace name to be authorized for the IAM user or role. This parameter is required when roleDomain equals namespace. If roleDomain does not equal namespace, this parameter is not effective.
role_domain str: The permission type granted to an IAM user or role. Possible values: namespace: grants permissions at the namespace level. cluster: grants permissions at the cluster level. all_clusters: grants permissions at the cluster level for all clusters under the current account.
role_name str: Name of the RBAC role granted to the grantee. This parameter must be specified. When roleDomain is all_clusters, custom role names are not allowed.

authorizerId Number: Grantor ID. Can be an IAM user ID or an IAM role ID.
authorizerType String: Type of grantor. Possible values: User: IAM user. Role: IAM role. Account: account.
clusterId String: Cluster ID to be authorized for the IAM user or role. This parameter is required when roleDomain is namespace or cluster.
granteeId Number: Grantee ID. Can be an IAM user ID or an IAM role ID.
granteeType String: Type of grantee. Possible values: User: IAM user. Role: IAM role. Account: account.
isCustomRole Boolean: Whether the RBAC role granted to the grantee is a custom role. Possible values: true: custom role. false (default): system predefined role.
namespace String: Namespace name to be authorized for the IAM user or role. This parameter is required when roleDomain equals namespace. If roleDomain does not equal namespace, this parameter is not effective.
roleDomain String: The permission type granted to an IAM user or role. Possible values: namespace: grants permissions at the namespace level. cluster: grants permissions at the cluster level. all_clusters: grants permissions at the cluster level for all clusters under the current account.
roleName String: Name of the RBAC role granted to the grantee. This parameter must be specified. When roleDomain is all_clusters, custom role names are not allowed.

Outputs

All input properties are implicitly available as output properties. Additionally, the Permission resource produces the following output properties:

AuthorizedAt string: Time when the RBAC policy resource was authorized.
AuthorizerName string: Grantor name
CreatedTime string: Time when the RBAC policy resource was created.
Id string: The provider-assigned unique ID for this managed resource.
KubeRoleBindingName string: The object name of the RBAC policy resource in Kubernetes.
Message string: Authorization details message.
PermissionId string: RBAC policy resource ID.
ProjectSelector string: Project selector
RevokedAt string: Time when authorization is revoked.
Status string: Status of the RBAC access policy resource. Possible values: Success: authorization succeeded. Failed: authorization failed. Pending: authorization in progress. PartialSuccess: partial authorization succeeded.

AuthorizedAt string: Time when the RBAC policy resource was authorized.
AuthorizerName string: Grantor name
CreatedTime string: Time when the RBAC policy resource was created.
Id string: The provider-assigned unique ID for this managed resource.
KubeRoleBindingName string: The object name of the RBAC policy resource in Kubernetes.
Message string: Authorization details message.
PermissionId string: RBAC policy resource ID.
ProjectSelector string: Project selector
RevokedAt string: Time when authorization is revoked.
Status string: Status of the RBAC access policy resource. Possible values: Success: authorization succeeded. Failed: authorization failed. Pending: authorization in progress. PartialSuccess: partial authorization succeeded.

authorizedAt String: Time when the RBAC policy resource was authorized.
authorizerName String: Grantor name
createdTime String: Time when the RBAC policy resource was created.
id String: The provider-assigned unique ID for this managed resource.
kubeRoleBindingName String: The object name of the RBAC policy resource in Kubernetes.
message String: Authorization details message.
permissionId String: RBAC policy resource ID.
projectSelector String: Project selector
revokedAt String: Time when authorization is revoked.
status String: Status of the RBAC access policy resource. Possible values: Success: authorization succeeded. Failed: authorization failed. Pending: authorization in progress. PartialSuccess: partial authorization succeeded.

authorizedAt string: Time when the RBAC policy resource was authorized.
authorizerName string: Grantor name
createdTime string: Time when the RBAC policy resource was created.
id string: The provider-assigned unique ID for this managed resource.
kubeRoleBindingName string: The object name of the RBAC policy resource in Kubernetes.
message string: Authorization details message.
permissionId string: RBAC policy resource ID.
projectSelector string: Project selector
revokedAt string: Time when authorization is revoked.
status string: Status of the RBAC access policy resource. Possible values: Success: authorization succeeded. Failed: authorization failed. Pending: authorization in progress. PartialSuccess: partial authorization succeeded.

authorized_at str: Time when the RBAC policy resource was authorized.
authorizer_name str: Grantor name
created_time str: Time when the RBAC policy resource was created.
id str: The provider-assigned unique ID for this managed resource.
kube_role_binding_name str: The object name of the RBAC policy resource in Kubernetes.
message str: Authorization details message.
permission_id str: RBAC policy resource ID.
project_selector str: Project selector
revoked_at str: Time when authorization is revoked.
status str: Status of the RBAC access policy resource. Possible values: Success: authorization succeeded. Failed: authorization failed. Pending: authorization in progress. PartialSuccess: partial authorization succeeded.

authorizedAt String: Time when the RBAC policy resource was authorized.
authorizerName String: Grantor name
createdTime String: Time when the RBAC policy resource was created.
id String: The provider-assigned unique ID for this managed resource.
kubeRoleBindingName String: The object name of the RBAC policy resource in Kubernetes.
message String: Authorization details message.
permissionId String: RBAC policy resource ID.
projectSelector String: Project selector
revokedAt String: Time when authorization is revoked.
status String: Status of the RBAC access policy resource. Possible values: Success: authorization succeeded. Failed: authorization failed. Pending: authorization in progress. PartialSuccess: partial authorization succeeded.

Look up Existing Permission Resource

Get an existing Permission resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PermissionState, opts?: CustomResourceOptions): Permission

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        authorized_at: Optional[str] = None,
        authorizer_id: Optional[int] = None,
        authorizer_name: Optional[str] = None,
        authorizer_type: Optional[str] = None,
        cluster_id: Optional[str] = None,
        created_time: Optional[str] = None,
        grantee_id: Optional[int] = None,
        grantee_type: Optional[str] = None,
        is_custom_role: Optional[bool] = None,
        kube_role_binding_name: Optional[str] = None,
        message: Optional[str] = None,
        namespace: Optional[str] = None,
        permission_id: Optional[str] = None,
        project_selector: Optional[str] = None,
        revoked_at: Optional[str] = None,
        role_domain: Optional[str] = None,
        role_name: Optional[str] = None,
        status: Optional[str] = None) -> Permission

func GetPermission(ctx *Context, name string, id IDInput, state *PermissionState, opts ...ResourceOption) (*Permission, error)

public static Permission Get(string name, Input<string> id, PermissionState? state, CustomResourceOptions? opts = null)

public static Permission get(String name, Output<String> id, PermissionState state, CustomResourceOptions options)

resources:  _:    type: volcenginecc:vke:Permission    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AuthorizedAt string: Time when the RBAC policy resource was authorized.
AuthorizerId int: Grantor ID. Can be an IAM user ID or an IAM role ID.
AuthorizerName string: Grantor name
AuthorizerType string: Type of grantor. Possible values: User: IAM user. Role: IAM role. Account: account.
ClusterId string: Cluster ID to be authorized for the IAM user or role. This parameter is required when roleDomain is namespace or cluster.
CreatedTime string: Time when the RBAC policy resource was created.
GranteeId int: Grantee ID. Can be an IAM user ID or an IAM role ID.
GranteeType string: Type of grantee. Possible values: User: IAM user. Role: IAM role. Account: account.
IsCustomRole bool: Whether the RBAC role granted to the grantee is a custom role. Possible values: true: custom role. false (default): system predefined role.
KubeRoleBindingName string: The object name of the RBAC policy resource in Kubernetes.
Message string: Authorization details message.
Namespace string: Namespace name to be authorized for the IAM user or role. This parameter is required when roleDomain equals namespace. If roleDomain does not equal namespace, this parameter is not effective.
PermissionId string: RBAC policy resource ID.
ProjectSelector string: Project selector
RevokedAt string: Time when authorization is revoked.
RoleDomain string: The permission type granted to an IAM user or role. Possible values: namespace: grants permissions at the namespace level. cluster: grants permissions at the cluster level. all_clusters: grants permissions at the cluster level for all clusters under the current account.
RoleName string: Name of the RBAC role granted to the grantee. This parameter must be specified. When roleDomain is all_clusters, custom role names are not allowed.
Status string: Status of the RBAC access policy resource. Possible values: Success: authorization succeeded. Failed: authorization failed. Pending: authorization in progress. PartialSuccess: partial authorization succeeded.

AuthorizedAt string: Time when the RBAC policy resource was authorized.
AuthorizerId int: Grantor ID. Can be an IAM user ID or an IAM role ID.
AuthorizerName string: Grantor name
AuthorizerType string: Type of grantor. Possible values: User: IAM user. Role: IAM role. Account: account.
ClusterId string: Cluster ID to be authorized for the IAM user or role. This parameter is required when roleDomain is namespace or cluster.
CreatedTime string: Time when the RBAC policy resource was created.
GranteeId int: Grantee ID. Can be an IAM user ID or an IAM role ID.
GranteeType string: Type of grantee. Possible values: User: IAM user. Role: IAM role. Account: account.
IsCustomRole bool: Whether the RBAC role granted to the grantee is a custom role. Possible values: true: custom role. false (default): system predefined role.
KubeRoleBindingName string: The object name of the RBAC policy resource in Kubernetes.
Message string: Authorization details message.
Namespace string: Namespace name to be authorized for the IAM user or role. This parameter is required when roleDomain equals namespace. If roleDomain does not equal namespace, this parameter is not effective.
PermissionId string: RBAC policy resource ID.
ProjectSelector string: Project selector
RevokedAt string: Time when authorization is revoked.
RoleDomain string: The permission type granted to an IAM user or role. Possible values: namespace: grants permissions at the namespace level. cluster: grants permissions at the cluster level. all_clusters: grants permissions at the cluster level for all clusters under the current account.
RoleName string: Name of the RBAC role granted to the grantee. This parameter must be specified. When roleDomain is all_clusters, custom role names are not allowed.
Status string: Status of the RBAC access policy resource. Possible values: Success: authorization succeeded. Failed: authorization failed. Pending: authorization in progress. PartialSuccess: partial authorization succeeded.

authorizedAt String: Time when the RBAC policy resource was authorized.
authorizerId Integer: Grantor ID. Can be an IAM user ID or an IAM role ID.
authorizerName String: Grantor name
authorizerType String: Type of grantor. Possible values: User: IAM user. Role: IAM role. Account: account.
clusterId String: Cluster ID to be authorized for the IAM user or role. This parameter is required when roleDomain is namespace or cluster.
createdTime String: Time when the RBAC policy resource was created.
granteeId Integer: Grantee ID. Can be an IAM user ID or an IAM role ID.
granteeType String: Type of grantee. Possible values: User: IAM user. Role: IAM role. Account: account.
isCustomRole Boolean: Whether the RBAC role granted to the grantee is a custom role. Possible values: true: custom role. false (default): system predefined role.
kubeRoleBindingName String: The object name of the RBAC policy resource in Kubernetes.
message String: Authorization details message.
namespace String: Namespace name to be authorized for the IAM user or role. This parameter is required when roleDomain equals namespace. If roleDomain does not equal namespace, this parameter is not effective.
permissionId String: RBAC policy resource ID.
projectSelector String: Project selector
revokedAt String: Time when authorization is revoked.
roleDomain String: The permission type granted to an IAM user or role. Possible values: namespace: grants permissions at the namespace level. cluster: grants permissions at the cluster level. all_clusters: grants permissions at the cluster level for all clusters under the current account.
roleName String: Name of the RBAC role granted to the grantee. This parameter must be specified. When roleDomain is all_clusters, custom role names are not allowed.
status String: Status of the RBAC access policy resource. Possible values: Success: authorization succeeded. Failed: authorization failed. Pending: authorization in progress. PartialSuccess: partial authorization succeeded.

authorizedAt string: Time when the RBAC policy resource was authorized.
authorizerId number: Grantor ID. Can be an IAM user ID or an IAM role ID.
authorizerName string: Grantor name
authorizerType string: Type of grantor. Possible values: User: IAM user. Role: IAM role. Account: account.
clusterId string: Cluster ID to be authorized for the IAM user or role. This parameter is required when roleDomain is namespace or cluster.
createdTime string: Time when the RBAC policy resource was created.
granteeId number: Grantee ID. Can be an IAM user ID or an IAM role ID.
granteeType string: Type of grantee. Possible values: User: IAM user. Role: IAM role. Account: account.
isCustomRole boolean: Whether the RBAC role granted to the grantee is a custom role. Possible values: true: custom role. false (default): system predefined role.
kubeRoleBindingName string: The object name of the RBAC policy resource in Kubernetes.
message string: Authorization details message.
namespace string: Namespace name to be authorized for the IAM user or role. This parameter is required when roleDomain equals namespace. If roleDomain does not equal namespace, this parameter is not effective.
permissionId string: RBAC policy resource ID.
projectSelector string: Project selector
revokedAt string: Time when authorization is revoked.
roleDomain string: The permission type granted to an IAM user or role. Possible values: namespace: grants permissions at the namespace level. cluster: grants permissions at the cluster level. all_clusters: grants permissions at the cluster level for all clusters under the current account.
roleName string: Name of the RBAC role granted to the grantee. This parameter must be specified. When roleDomain is all_clusters, custom role names are not allowed.
status string: Status of the RBAC access policy resource. Possible values: Success: authorization succeeded. Failed: authorization failed. Pending: authorization in progress. PartialSuccess: partial authorization succeeded.

authorized_at str: Time when the RBAC policy resource was authorized.
authorizer_id int: Grantor ID. Can be an IAM user ID or an IAM role ID.
authorizer_name str: Grantor name
authorizer_type str: Type of grantor. Possible values: User: IAM user. Role: IAM role. Account: account.
cluster_id str: Cluster ID to be authorized for the IAM user or role. This parameter is required when roleDomain is namespace or cluster.
created_time str: Time when the RBAC policy resource was created.
grantee_id int: Grantee ID. Can be an IAM user ID or an IAM role ID.
grantee_type str: Type of grantee. Possible values: User: IAM user. Role: IAM role. Account: account.
is_custom_role bool: Whether the RBAC role granted to the grantee is a custom role. Possible values: true: custom role. false (default): system predefined role.
kube_role_binding_name str: The object name of the RBAC policy resource in Kubernetes.
message str: Authorization details message.
namespace str: Namespace name to be authorized for the IAM user or role. This parameter is required when roleDomain equals namespace. If roleDomain does not equal namespace, this parameter is not effective.
permission_id str: RBAC policy resource ID.
project_selector str: Project selector
revoked_at str: Time when authorization is revoked.
role_domain str: The permission type granted to an IAM user or role. Possible values: namespace: grants permissions at the namespace level. cluster: grants permissions at the cluster level. all_clusters: grants permissions at the cluster level for all clusters under the current account.
role_name str: Name of the RBAC role granted to the grantee. This parameter must be specified. When roleDomain is all_clusters, custom role names are not allowed.
status str: Status of the RBAC access policy resource. Possible values: Success: authorization succeeded. Failed: authorization failed. Pending: authorization in progress. PartialSuccess: partial authorization succeeded.

authorizedAt String: Time when the RBAC policy resource was authorized.
authorizerId Number: Grantor ID. Can be an IAM user ID or an IAM role ID.
authorizerName String: Grantor name
authorizerType String: Type of grantor. Possible values: User: IAM user. Role: IAM role. Account: account.
clusterId String: Cluster ID to be authorized for the IAM user or role. This parameter is required when roleDomain is namespace or cluster.
createdTime String: Time when the RBAC policy resource was created.
granteeId Number: Grantee ID. Can be an IAM user ID or an IAM role ID.
granteeType String: Type of grantee. Possible values: User: IAM user. Role: IAM role. Account: account.
isCustomRole Boolean: Whether the RBAC role granted to the grantee is a custom role. Possible values: true: custom role. false (default): system predefined role.
kubeRoleBindingName String: The object name of the RBAC policy resource in Kubernetes.
message String: Authorization details message.
namespace String: Namespace name to be authorized for the IAM user or role. This parameter is required when roleDomain equals namespace. If roleDomain does not equal namespace, this parameter is not effective.
permissionId String: RBAC policy resource ID.
projectSelector String: Project selector
revokedAt String: Time when authorization is revoked.
roleDomain String: The permission type granted to an IAM user or role. Possible values: namespace: grants permissions at the namespace level. cluster: grants permissions at the cluster level. all_clusters: grants permissions at the cluster level for all clusters under the current account.
roleName String: Name of the RBAC role granted to the grantee. This parameter must be specified. When roleDomain is all_clusters, custom role names are not allowed.
status String: Status of the RBAC access policy resource. Possible values: Success: authorization succeeded. Failed: authorization failed. Pending: authorization in progress. PartialSuccess: partial authorization succeeded.

Import

$ pulumi import volcenginecc:vke/permission:Permission example "permission_id"

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: volcenginecc volcengine/pulumi-volcenginecc
License: MPL-2.0
Notes: This Pulumi package is based on the volcenginecc Terraform Provider.

Viewing docs for volcenginecc v0.0.32
published on Thursday, Apr 23, 2026 by Volcengine

Schema (JSON)

volcengine/pulumi-volcenginecc

volcenginecc.vke.Permission

On this page

On this page

Example Usage

Create Permission Resource

Constructor syntax

Parameters

Permission Resource Properties

Inputs

Outputs

Look up Existing Permission Resource

Import

Package Details

On this page

On this page