athenz 1.0.45, Apr 15 25

athenz 1.0.45 published on Tuesday, Apr 15, 2025 by athenz

athenz.RoleMeta

Explore with Pulumi AI

athenz 1.0.45 published on Tuesday, Apr 15, 2025 by athenz

Example Usage

IMPORTANT NOTE: please do NOT use json syntax but only hcl syntax

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as athenz from "@pulumi/athenz";

const roleMeta = new athenz.RoleMeta("roleMeta", {
    auditRef: "update role meta",
    certExpiryMins: 720,
    deleteProtection: false,
    description: "meta role test description",
    domain: "some_domain",
    groupExpiryDays: 90,
    groupReviewDays: 60,
    maxMembers: 250,
    notifyDetails: "notify details",
    notifyRoles: "role1,role2",
    principalDomainFilter: "user,home,+sports,-sports.dev",
    reviewEnabled: false,
    selfRenew: false,
    selfRenewMins: 90,
    selfServe: true,
    serviceExpiryDays: 90,
    serviceReviewDays: 120,
    signAlgorithm: "ec",
    tags: {
        key1: "val1,val2",
        key2: "val3,val4",
    },
    tokenExpiryMins: 360,
    userAuthorityExpiration: "ElevatedClearance",
    userAuthorityFilter: "OnShore-US",
    userExpiryDays: 90,
    userReviewDays: 60,
});

import pulumi
import pulumi_athenz as athenz

role_meta = athenz.RoleMeta("roleMeta",
    audit_ref="update role meta",
    cert_expiry_mins=720,
    delete_protection=False,
    description="meta role test description",
    domain="some_domain",
    group_expiry_days=90,
    group_review_days=60,
    max_members=250,
    notify_details="notify details",
    notify_roles="role1,role2",
    principal_domain_filter="user,home,+sports,-sports.dev",
    review_enabled=False,
    self_renew=False,
    self_renew_mins=90,
    self_serve=True,
    service_expiry_days=90,
    service_review_days=120,
    sign_algorithm="ec",
    tags={
        "key1": "val1,val2",
        "key2": "val3,val4",
    },
    token_expiry_mins=360,
    user_authority_expiration="ElevatedClearance",
    user_authority_filter="OnShore-US",
    user_expiry_days=90,
    user_review_days=60)

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := athenz.NewRoleMeta(ctx, "roleMeta", &athenz.RoleMetaArgs{
			AuditRef:              pulumi.String("update role meta"),
			CertExpiryMins:        pulumi.Float64(720),
			DeleteProtection:      pulumi.Bool(false),
			Description:           pulumi.String("meta role test description"),
			Domain:                pulumi.String("some_domain"),
			GroupExpiryDays:       pulumi.Float64(90),
			GroupReviewDays:       pulumi.Float64(60),
			MaxMembers:            pulumi.Float64(250),
			NotifyDetails:         pulumi.String("notify details"),
			NotifyRoles:           pulumi.String("role1,role2"),
			PrincipalDomainFilter: pulumi.String("user,home,+sports,-sports.dev"),
			ReviewEnabled:         pulumi.Bool(false),
			SelfRenew:             pulumi.Bool(false),
			SelfRenewMins:         pulumi.Float64(90),
			SelfServe:             pulumi.Bool(true),
			ServiceExpiryDays:     pulumi.Float64(90),
			ServiceReviewDays:     pulumi.Float64(120),
			SignAlgorithm:         pulumi.String("ec"),
			Tags: pulumi.StringMap{
				"key1": pulumi.String("val1,val2"),
				"key2": pulumi.String("val3,val4"),
			},
			TokenExpiryMins:         pulumi.Float64(360),
			UserAuthorityExpiration: pulumi.String("ElevatedClearance"),
			UserAuthorityFilter:     pulumi.String("OnShore-US"),
			UserExpiryDays:          pulumi.Float64(90),
			UserReviewDays:          pulumi.Float64(60),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Athenz = Pulumi.Athenz;

return await Deployment.RunAsync(() => 
{
    var roleMeta = new Athenz.RoleMeta("roleMeta", new()
    {
        AuditRef = "update role meta",
        CertExpiryMins = 720,
        DeleteProtection = false,
        Description = "meta role test description",
        Domain = "some_domain",
        GroupExpiryDays = 90,
        GroupReviewDays = 60,
        MaxMembers = 250,
        NotifyDetails = "notify details",
        NotifyRoles = "role1,role2",
        PrincipalDomainFilter = "user,home,+sports,-sports.dev",
        ReviewEnabled = false,
        SelfRenew = false,
        SelfRenewMins = 90,
        SelfServe = true,
        ServiceExpiryDays = 90,
        ServiceReviewDays = 120,
        SignAlgorithm = "ec",
        Tags = 
        {
            { "key1", "val1,val2" },
            { "key2", "val3,val4" },
        },
        TokenExpiryMins = 360,
        UserAuthorityExpiration = "ElevatedClearance",
        UserAuthorityFilter = "OnShore-US",
        UserExpiryDays = 90,
        UserReviewDays = 60,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.athenz.RoleMeta;
import com.pulumi.athenz.RoleMetaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var roleMeta = new RoleMeta("roleMeta", RoleMetaArgs.builder()
            .auditRef("update role meta")
            .certExpiryMins(720)
            .deleteProtection(false)
            .description("meta role test description")
            .domain("some_domain")
            .groupExpiryDays(90)
            .groupReviewDays(60)
            .maxMembers(250)
            .notifyDetails("notify details")
            .notifyRoles("role1,role2")
            .principalDomainFilter("user,home,+sports,-sports.dev")
            .reviewEnabled(false)
            .selfRenew(false)
            .selfRenewMins(90)
            .selfServe(true)
            .serviceExpiryDays(90)
            .serviceReviewDays(120)
            .signAlgorithm("ec")
            .tags(Map.ofEntries(
                Map.entry("key1", "val1,val2"),
                Map.entry("key2", "val3,val4")
            ))
            .tokenExpiryMins(360)
            .userAuthorityExpiration("ElevatedClearance")
            .userAuthorityFilter("OnShore-US")
            .userExpiryDays(90)
            .userReviewDays(60)
            .build());

    }
}

resources:
  roleMeta:
    type: athenz:RoleMeta
    properties:
      auditRef: update role meta
      certExpiryMins: 720
      deleteProtection: false
      description: meta role test description
      domain: some_domain
      groupExpiryDays: 90
      groupReviewDays: 60
      maxMembers: 250
      notifyDetails: notify details
      notifyRoles: role1,role2
      principalDomainFilter: user,home,+sports,-sports.dev
      reviewEnabled: false
      selfRenew: false
      selfRenewMins: 90
      selfServe: true
      serviceExpiryDays: 90
      serviceReviewDays: 120
      signAlgorithm: ec
      tags:
        key1: val1,val2
        key2: val3,val4
      tokenExpiryMins: 360
      userAuthorityExpiration: ElevatedClearance
      userAuthorityFilter: OnShore-US
      userExpiryDays: 90
      userReviewDays: 60

athenz.RoleMeta (Resource)

athenz.RoleMeta provides an Athenz role meta resource.

Create RoleMeta Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new RoleMeta(name: string, args: RoleMetaArgs, opts?: CustomResourceOptions);

@overload
def RoleMeta(resource_name: str,
             args: RoleMetaArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def RoleMeta(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             domain: Optional[str] = None,
             review_enabled: Optional[bool] = None,
             user_authority_filter: Optional[str] = None,
             delete_protection: Optional[bool] = None,
             description: Optional[str] = None,
             audit_ref: Optional[str] = None,
             group_expiry_days: Optional[float] = None,
             group_review_days: Optional[float] = None,
             max_members: Optional[float] = None,
             name: Optional[str] = None,
             notify_details: Optional[str] = None,
             notify_roles: Optional[str] = None,
             role_meta_id: Optional[str] = None,
             cert_expiry_mins: Optional[float] = None,
             resource_state: Optional[float] = None,
             principal_domain_filter: Optional[str] = None,
             self_renew: Optional[bool] = None,
             self_renew_mins: Optional[float] = None,
             self_serve: Optional[bool] = None,
             service_expiry_days: Optional[float] = None,
             service_review_days: Optional[float] = None,
             sign_algorithm: Optional[str] = None,
             tags: Optional[Mapping[str, str]] = None,
             token_expiry_mins: Optional[float] = None,
             user_authority_expiration: Optional[str] = None,
             audit_enabled: Optional[bool] = None,
             user_expiry_days: Optional[float] = None,
             user_review_days: Optional[float] = None)

func NewRoleMeta(ctx *Context, name string, args RoleMetaArgs, opts ...ResourceOption) (*RoleMeta, error)

public RoleMeta(string name, RoleMetaArgs args, CustomResourceOptions? opts = null)

public RoleMeta(String name, RoleMetaArgs args)
public RoleMeta(String name, RoleMetaArgs args, CustomResourceOptions options)

type: athenz:RoleMeta
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args RoleMetaArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args RoleMetaArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args RoleMetaArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args RoleMetaArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args RoleMetaArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var roleMetaResource = new Athenz.RoleMeta("roleMetaResource", new()
{
    Domain = "string",
    ReviewEnabled = false,
    UserAuthorityFilter = "string",
    DeleteProtection = false,
    Description = "string",
    AuditRef = "string",
    GroupExpiryDays = 0,
    GroupReviewDays = 0,
    MaxMembers = 0,
    Name = "string",
    NotifyDetails = "string",
    NotifyRoles = "string",
    RoleMetaId = "string",
    CertExpiryMins = 0,
    ResourceState = 0,
    PrincipalDomainFilter = "string",
    SelfRenew = false,
    SelfRenewMins = 0,
    SelfServe = false,
    ServiceExpiryDays = 0,
    ServiceReviewDays = 0,
    SignAlgorithm = "string",
    Tags = 
    {
        { "string", "string" },
    },
    TokenExpiryMins = 0,
    UserAuthorityExpiration = "string",
    AuditEnabled = false,
    UserExpiryDays = 0,
    UserReviewDays = 0,
});

example, err := athenz.NewRoleMeta(ctx, "roleMetaResource", &athenz.RoleMetaArgs{
	Domain:                pulumi.String("string"),
	ReviewEnabled:         pulumi.Bool(false),
	UserAuthorityFilter:   pulumi.String("string"),
	DeleteProtection:      pulumi.Bool(false),
	Description:           pulumi.String("string"),
	AuditRef:              pulumi.String("string"),
	GroupExpiryDays:       pulumi.Float64(0),
	GroupReviewDays:       pulumi.Float64(0),
	MaxMembers:            pulumi.Float64(0),
	Name:                  pulumi.String("string"),
	NotifyDetails:         pulumi.String("string"),
	NotifyRoles:           pulumi.String("string"),
	RoleMetaId:            pulumi.String("string"),
	CertExpiryMins:        pulumi.Float64(0),
	ResourceState:         pulumi.Float64(0),
	PrincipalDomainFilter: pulumi.String("string"),
	SelfRenew:             pulumi.Bool(false),
	SelfRenewMins:         pulumi.Float64(0),
	SelfServe:             pulumi.Bool(false),
	ServiceExpiryDays:     pulumi.Float64(0),
	ServiceReviewDays:     pulumi.Float64(0),
	SignAlgorithm:         pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	TokenExpiryMins:         pulumi.Float64(0),
	UserAuthorityExpiration: pulumi.String("string"),
	AuditEnabled:            pulumi.Bool(false),
	UserExpiryDays:          pulumi.Float64(0),
	UserReviewDays:          pulumi.Float64(0),
})

var roleMetaResource = new RoleMeta("roleMetaResource", RoleMetaArgs.builder()
    .domain("string")
    .reviewEnabled(false)
    .userAuthorityFilter("string")
    .deleteProtection(false)
    .description("string")
    .auditRef("string")
    .groupExpiryDays(0)
    .groupReviewDays(0)
    .maxMembers(0)
    .name("string")
    .notifyDetails("string")
    .notifyRoles("string")
    .roleMetaId("string")
    .certExpiryMins(0)
    .resourceState(0)
    .principalDomainFilter("string")
    .selfRenew(false)
    .selfRenewMins(0)
    .selfServe(false)
    .serviceExpiryDays(0)
    .serviceReviewDays(0)
    .signAlgorithm("string")
    .tags(Map.of("string", "string"))
    .tokenExpiryMins(0)
    .userAuthorityExpiration("string")
    .auditEnabled(false)
    .userExpiryDays(0)
    .userReviewDays(0)
    .build());

role_meta_resource = athenz.RoleMeta("roleMetaResource",
    domain="string",
    review_enabled=False,
    user_authority_filter="string",
    delete_protection=False,
    description="string",
    audit_ref="string",
    group_expiry_days=0,
    group_review_days=0,
    max_members=0,
    name="string",
    notify_details="string",
    notify_roles="string",
    role_meta_id="string",
    cert_expiry_mins=0,
    resource_state=0,
    principal_domain_filter="string",
    self_renew=False,
    self_renew_mins=0,
    self_serve=False,
    service_expiry_days=0,
    service_review_days=0,
    sign_algorithm="string",
    tags={
        "string": "string",
    },
    token_expiry_mins=0,
    user_authority_expiration="string",
    audit_enabled=False,
    user_expiry_days=0,
    user_review_days=0)

const roleMetaResource = new athenz.RoleMeta("roleMetaResource", {
    domain: "string",
    reviewEnabled: false,
    userAuthorityFilter: "string",
    deleteProtection: false,
    description: "string",
    auditRef: "string",
    groupExpiryDays: 0,
    groupReviewDays: 0,
    maxMembers: 0,
    name: "string",
    notifyDetails: "string",
    notifyRoles: "string",
    roleMetaId: "string",
    certExpiryMins: 0,
    resourceState: 0,
    principalDomainFilter: "string",
    selfRenew: false,
    selfRenewMins: 0,
    selfServe: false,
    serviceExpiryDays: 0,
    serviceReviewDays: 0,
    signAlgorithm: "string",
    tags: {
        string: "string",
    },
    tokenExpiryMins: 0,
    userAuthorityExpiration: "string",
    auditEnabled: false,
    userExpiryDays: 0,
    userReviewDays: 0,
});

type: athenz:RoleMeta
properties:
    auditEnabled: false
    auditRef: string
    certExpiryMins: 0
    deleteProtection: false
    description: string
    domain: string
    groupExpiryDays: 0
    groupReviewDays: 0
    maxMembers: 0
    name: string
    notifyDetails: string
    notifyRoles: string
    principalDomainFilter: string
    resourceState: 0
    reviewEnabled: false
    roleMetaId: string
    selfRenew: false
    selfRenewMins: 0
    selfServe: false
    serviceExpiryDays: 0
    serviceReviewDays: 0
    signAlgorithm: string
    tags:
        string: string
    tokenExpiryMins: 0
    userAuthorityExpiration: string
    userAuthorityFilter: string
    userExpiryDays: 0
    userReviewDays: 0

RoleMeta Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The RoleMeta resource accepts the following input properties:

Domain string: name of the domain
AuditEnabled bool: audit enabled flag for the role
AuditRef string: string containing audit specification or ticket number.
CertExpiryMins double: role certs issued for this role will have specified max timeout in minutes
DeleteProtection bool: If true, ask for delete confirmation in audit and review enabled roles
Description string: description for the role
GroupExpiryDays double: all groups in the role will have specified max expiry days
GroupReviewDays double: all groups in the role will have specified review reminder days
MaxMembers double: maximum number of members allowed in the role
Name string: Name of the role
NotifyDetails string: Set of instructions included in notifications for review and audit enabled roles
NotifyRoles string: comma seperated list of roles whose members should be notified for member review/approval
PrincipalDomainFilter string: comma seperated list of domains to enforce principal membership
ResourceState double: Bitmask of resource state flags controlling role behavior when creating or destroying the resource. 0x01: create the role if not already present, 0x02: always delete the role when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level
ReviewEnabled bool: Flag indicates whether role updates require another review and approval
RoleMetaId string: The ID of this resource.
SelfRenew bool: Flag indicates whether to allow expired members to renew their membership
SelfRenewMins double: Number of minutes members can renew their membership if self review option is enabled
SelfServe bool: Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.
ServiceExpiryDays double: all services in the role will have specified max expiry days
ServiceReviewDays double: all services in the role will have specified review reminder days
SignAlgorithm string: sign algorithm to be used for tokens issued for this role: rsa or ec
Tags Dictionary<string, string>: map of role tags
TokenExpiryMins double: tokens issued for this role will have specified max timeout in minutes
UserAuthorityExpiration string: expiration enforced by a user authority configured attribute
UserAuthorityFilter string: membership filtered based on user authority configured attributes
UserExpiryDays double: all user members in the role will have specified max expiry days
UserReviewDays double: all user members in the role will have specified review reminder days

Domain string: name of the domain
AuditEnabled bool: audit enabled flag for the role
AuditRef string: string containing audit specification or ticket number.
CertExpiryMins float64: role certs issued for this role will have specified max timeout in minutes
DeleteProtection bool: If true, ask for delete confirmation in audit and review enabled roles
Description string: description for the role
GroupExpiryDays float64: all groups in the role will have specified max expiry days
GroupReviewDays float64: all groups in the role will have specified review reminder days
MaxMembers float64: maximum number of members allowed in the role
Name string: Name of the role
NotifyDetails string: Set of instructions included in notifications for review and audit enabled roles
NotifyRoles string: comma seperated list of roles whose members should be notified for member review/approval
PrincipalDomainFilter string: comma seperated list of domains to enforce principal membership
ResourceState float64: Bitmask of resource state flags controlling role behavior when creating or destroying the resource. 0x01: create the role if not already present, 0x02: always delete the role when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level
ReviewEnabled bool: Flag indicates whether role updates require another review and approval
RoleMetaId string: The ID of this resource.
SelfRenew bool: Flag indicates whether to allow expired members to renew their membership
SelfRenewMins float64: Number of minutes members can renew their membership if self review option is enabled
SelfServe bool: Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.
ServiceExpiryDays float64: all services in the role will have specified max expiry days
ServiceReviewDays float64: all services in the role will have specified review reminder days
SignAlgorithm string: sign algorithm to be used for tokens issued for this role: rsa or ec
Tags map[string]string: map of role tags
TokenExpiryMins float64: tokens issued for this role will have specified max timeout in minutes
UserAuthorityExpiration string: expiration enforced by a user authority configured attribute
UserAuthorityFilter string: membership filtered based on user authority configured attributes
UserExpiryDays float64: all user members in the role will have specified max expiry days
UserReviewDays float64: all user members in the role will have specified review reminder days

domain String: name of the domain
auditEnabled Boolean: audit enabled flag for the role
auditRef String: string containing audit specification or ticket number.
certExpiryMins Double: role certs issued for this role will have specified max timeout in minutes
deleteProtection Boolean: If true, ask for delete confirmation in audit and review enabled roles
description String: description for the role
groupExpiryDays Double: all groups in the role will have specified max expiry days
groupReviewDays Double: all groups in the role will have specified review reminder days
maxMembers Double: maximum number of members allowed in the role
name String: Name of the role
notifyDetails String: Set of instructions included in notifications for review and audit enabled roles
notifyRoles String: comma seperated list of roles whose members should be notified for member review/approval
principalDomainFilter String: comma seperated list of domains to enforce principal membership
resourceState Double: Bitmask of resource state flags controlling role behavior when creating or destroying the resource. 0x01: create the role if not already present, 0x02: always delete the role when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level
reviewEnabled Boolean: Flag indicates whether role updates require another review and approval
roleMetaId String: The ID of this resource.
selfRenew Boolean: Flag indicates whether to allow expired members to renew their membership
selfRenewMins Double: Number of minutes members can renew their membership if self review option is enabled
selfServe Boolean: Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.
serviceExpiryDays Double: all services in the role will have specified max expiry days
serviceReviewDays Double: all services in the role will have specified review reminder days
signAlgorithm String: sign algorithm to be used for tokens issued for this role: rsa or ec
tags Map<String,String>: map of role tags
tokenExpiryMins Double: tokens issued for this role will have specified max timeout in minutes
userAuthorityExpiration String: expiration enforced by a user authority configured attribute
userAuthorityFilter String: membership filtered based on user authority configured attributes
userExpiryDays Double: all user members in the role will have specified max expiry days
userReviewDays Double: all user members in the role will have specified review reminder days

domain string: name of the domain
auditEnabled boolean: audit enabled flag for the role
auditRef string: string containing audit specification or ticket number.
certExpiryMins number: role certs issued for this role will have specified max timeout in minutes
deleteProtection boolean: If true, ask for delete confirmation in audit and review enabled roles
description string: description for the role
groupExpiryDays number: all groups in the role will have specified max expiry days
groupReviewDays number: all groups in the role will have specified review reminder days
maxMembers number: maximum number of members allowed in the role
name string: Name of the role
notifyDetails string: Set of instructions included in notifications for review and audit enabled roles
notifyRoles string: comma seperated list of roles whose members should be notified for member review/approval
principalDomainFilter string: comma seperated list of domains to enforce principal membership
resourceState number: Bitmask of resource state flags controlling role behavior when creating or destroying the resource. 0x01: create the role if not already present, 0x02: always delete the role when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level
reviewEnabled boolean: Flag indicates whether role updates require another review and approval
roleMetaId string: The ID of this resource.
selfRenew boolean: Flag indicates whether to allow expired members to renew their membership
selfRenewMins number: Number of minutes members can renew their membership if self review option is enabled
selfServe boolean: Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.
serviceExpiryDays number: all services in the role will have specified max expiry days
serviceReviewDays number: all services in the role will have specified review reminder days
signAlgorithm string: sign algorithm to be used for tokens issued for this role: rsa or ec
tags {[key: string]: string}: map of role tags
tokenExpiryMins number: tokens issued for this role will have specified max timeout in minutes
userAuthorityExpiration string: expiration enforced by a user authority configured attribute
userAuthorityFilter string: membership filtered based on user authority configured attributes
userExpiryDays number: all user members in the role will have specified max expiry days
userReviewDays number: all user members in the role will have specified review reminder days

domain str: name of the domain
audit_enabled bool: audit enabled flag for the role
audit_ref str: string containing audit specification or ticket number.
cert_expiry_mins float: role certs issued for this role will have specified max timeout in minutes
delete_protection bool: If true, ask for delete confirmation in audit and review enabled roles
description str: description for the role
group_expiry_days float: all groups in the role will have specified max expiry days
group_review_days float: all groups in the role will have specified review reminder days
max_members float: maximum number of members allowed in the role
name str: Name of the role
notify_details str: Set of instructions included in notifications for review and audit enabled roles
notify_roles str: comma seperated list of roles whose members should be notified for member review/approval
principal_domain_filter str: comma seperated list of domains to enforce principal membership
resource_state float: Bitmask of resource state flags controlling role behavior when creating or destroying the resource. 0x01: create the role if not already present, 0x02: always delete the role when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level
review_enabled bool: Flag indicates whether role updates require another review and approval
role_meta_id str: The ID of this resource.
self_renew bool: Flag indicates whether to allow expired members to renew their membership
self_renew_mins float: Number of minutes members can renew their membership if self review option is enabled
self_serve bool: Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.
service_expiry_days float: all services in the role will have specified max expiry days
service_review_days float: all services in the role will have specified review reminder days
sign_algorithm str: sign algorithm to be used for tokens issued for this role: rsa or ec
tags Mapping[str, str]: map of role tags
token_expiry_mins float: tokens issued for this role will have specified max timeout in minutes
user_authority_expiration str: expiration enforced by a user authority configured attribute
user_authority_filter str: membership filtered based on user authority configured attributes
user_expiry_days float: all user members in the role will have specified max expiry days
user_review_days float: all user members in the role will have specified review reminder days

domain String: name of the domain
auditEnabled Boolean: audit enabled flag for the role
auditRef String: string containing audit specification or ticket number.
certExpiryMins Number: role certs issued for this role will have specified max timeout in minutes
deleteProtection Boolean: If true, ask for delete confirmation in audit and review enabled roles
description String: description for the role
groupExpiryDays Number: all groups in the role will have specified max expiry days
groupReviewDays Number: all groups in the role will have specified review reminder days
maxMembers Number: maximum number of members allowed in the role
name String: Name of the role
notifyDetails String: Set of instructions included in notifications for review and audit enabled roles
notifyRoles String: comma seperated list of roles whose members should be notified for member review/approval
principalDomainFilter String: comma seperated list of domains to enforce principal membership
resourceState Number: Bitmask of resource state flags controlling role behavior when creating or destroying the resource. 0x01: create the role if not already present, 0x02: always delete the role when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level
reviewEnabled Boolean: Flag indicates whether role updates require another review and approval
roleMetaId String: The ID of this resource.
selfRenew Boolean: Flag indicates whether to allow expired members to renew their membership
selfRenewMins Number: Number of minutes members can renew their membership if self review option is enabled
selfServe Boolean: Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.
serviceExpiryDays Number: all services in the role will have specified max expiry days
serviceReviewDays Number: all services in the role will have specified review reminder days
signAlgorithm String: sign algorithm to be used for tokens issued for this role: rsa or ec
tags Map<String>: map of role tags
tokenExpiryMins Number: tokens issued for this role will have specified max timeout in minutes
userAuthorityExpiration String: expiration enforced by a user authority configured attribute
userAuthorityFilter String: membership filtered based on user authority configured attributes
userExpiryDays Number: all user members in the role will have specified max expiry days
userReviewDays Number: all user members in the role will have specified review reminder days

Outputs

All input properties are implicitly available as output properties. Additionally, the RoleMeta resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing RoleMeta Resource

Get an existing RoleMeta resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: RoleMetaState, opts?: CustomResourceOptions): RoleMeta

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        audit_enabled: Optional[bool] = None,
        audit_ref: Optional[str] = None,
        cert_expiry_mins: Optional[float] = None,
        delete_protection: Optional[bool] = None,
        description: Optional[str] = None,
        domain: Optional[str] = None,
        group_expiry_days: Optional[float] = None,
        group_review_days: Optional[float] = None,
        max_members: Optional[float] = None,
        name: Optional[str] = None,
        notify_details: Optional[str] = None,
        notify_roles: Optional[str] = None,
        principal_domain_filter: Optional[str] = None,
        resource_state: Optional[float] = None,
        review_enabled: Optional[bool] = None,
        role_meta_id: Optional[str] = None,
        self_renew: Optional[bool] = None,
        self_renew_mins: Optional[float] = None,
        self_serve: Optional[bool] = None,
        service_expiry_days: Optional[float] = None,
        service_review_days: Optional[float] = None,
        sign_algorithm: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        token_expiry_mins: Optional[float] = None,
        user_authority_expiration: Optional[str] = None,
        user_authority_filter: Optional[str] = None,
        user_expiry_days: Optional[float] = None,
        user_review_days: Optional[float] = None) -> RoleMeta

func GetRoleMeta(ctx *Context, name string, id IDInput, state *RoleMetaState, opts ...ResourceOption) (*RoleMeta, error)

public static RoleMeta Get(string name, Input<string> id, RoleMetaState? state, CustomResourceOptions? opts = null)

public static RoleMeta get(String name, Output<String> id, RoleMetaState state, CustomResourceOptions options)

resources:  _:    type: athenz:RoleMeta    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AuditEnabled bool: audit enabled flag for the role
AuditRef string: string containing audit specification or ticket number.
CertExpiryMins double: role certs issued for this role will have specified max timeout in minutes
DeleteProtection bool: If true, ask for delete confirmation in audit and review enabled roles
Description string: description for the role
Domain string: name of the domain
GroupExpiryDays double: all groups in the role will have specified max expiry days
GroupReviewDays double: all groups in the role will have specified review reminder days
MaxMembers double: maximum number of members allowed in the role
Name string: Name of the role
NotifyDetails string: Set of instructions included in notifications for review and audit enabled roles
NotifyRoles string: comma seperated list of roles whose members should be notified for member review/approval
PrincipalDomainFilter string: comma seperated list of domains to enforce principal membership
ResourceState double: Bitmask of resource state flags controlling role behavior when creating or destroying the resource. 0x01: create the role if not already present, 0x02: always delete the role when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level
ReviewEnabled bool: Flag indicates whether role updates require another review and approval
RoleMetaId string: The ID of this resource.
SelfRenew bool: Flag indicates whether to allow expired members to renew their membership
SelfRenewMins double: Number of minutes members can renew their membership if self review option is enabled
SelfServe bool: Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.
ServiceExpiryDays double: all services in the role will have specified max expiry days
ServiceReviewDays double: all services in the role will have specified review reminder days
SignAlgorithm string: sign algorithm to be used for tokens issued for this role: rsa or ec
Tags Dictionary<string, string>: map of role tags
TokenExpiryMins double: tokens issued for this role will have specified max timeout in minutes
UserAuthorityExpiration string: expiration enforced by a user authority configured attribute
UserAuthorityFilter string: membership filtered based on user authority configured attributes
UserExpiryDays double: all user members in the role will have specified max expiry days
UserReviewDays double: all user members in the role will have specified review reminder days

AuditEnabled bool: audit enabled flag for the role
AuditRef string: string containing audit specification or ticket number.
CertExpiryMins float64: role certs issued for this role will have specified max timeout in minutes
DeleteProtection bool: If true, ask for delete confirmation in audit and review enabled roles
Description string: description for the role
Domain string: name of the domain
GroupExpiryDays float64: all groups in the role will have specified max expiry days
GroupReviewDays float64: all groups in the role will have specified review reminder days
MaxMembers float64: maximum number of members allowed in the role
Name string: Name of the role
NotifyDetails string: Set of instructions included in notifications for review and audit enabled roles
NotifyRoles string: comma seperated list of roles whose members should be notified for member review/approval
PrincipalDomainFilter string: comma seperated list of domains to enforce principal membership
ResourceState float64: Bitmask of resource state flags controlling role behavior when creating or destroying the resource. 0x01: create the role if not already present, 0x02: always delete the role when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level
ReviewEnabled bool: Flag indicates whether role updates require another review and approval
RoleMetaId string: The ID of this resource.
SelfRenew bool: Flag indicates whether to allow expired members to renew their membership
SelfRenewMins float64: Number of minutes members can renew their membership if self review option is enabled
SelfServe bool: Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.
ServiceExpiryDays float64: all services in the role will have specified max expiry days
ServiceReviewDays float64: all services in the role will have specified review reminder days
SignAlgorithm string: sign algorithm to be used for tokens issued for this role: rsa or ec
Tags map[string]string: map of role tags
TokenExpiryMins float64: tokens issued for this role will have specified max timeout in minutes
UserAuthorityExpiration string: expiration enforced by a user authority configured attribute
UserAuthorityFilter string: membership filtered based on user authority configured attributes
UserExpiryDays float64: all user members in the role will have specified max expiry days
UserReviewDays float64: all user members in the role will have specified review reminder days

auditEnabled Boolean: audit enabled flag for the role
auditRef String: string containing audit specification or ticket number.
certExpiryMins Double: role certs issued for this role will have specified max timeout in minutes
deleteProtection Boolean: If true, ask for delete confirmation in audit and review enabled roles
description String: description for the role
domain String: name of the domain
groupExpiryDays Double: all groups in the role will have specified max expiry days
groupReviewDays Double: all groups in the role will have specified review reminder days
maxMembers Double: maximum number of members allowed in the role
name String: Name of the role
notifyDetails String: Set of instructions included in notifications for review and audit enabled roles
notifyRoles String: comma seperated list of roles whose members should be notified for member review/approval
principalDomainFilter String: comma seperated list of domains to enforce principal membership
resourceState Double: Bitmask of resource state flags controlling role behavior when creating or destroying the resource. 0x01: create the role if not already present, 0x02: always delete the role when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level
reviewEnabled Boolean: Flag indicates whether role updates require another review and approval
roleMetaId String: The ID of this resource.
selfRenew Boolean: Flag indicates whether to allow expired members to renew their membership
selfRenewMins Double: Number of minutes members can renew their membership if self review option is enabled
selfServe Boolean: Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.
serviceExpiryDays Double: all services in the role will have specified max expiry days
serviceReviewDays Double: all services in the role will have specified review reminder days
signAlgorithm String: sign algorithm to be used for tokens issued for this role: rsa or ec
tags Map<String,String>: map of role tags
tokenExpiryMins Double: tokens issued for this role will have specified max timeout in minutes
userAuthorityExpiration String: expiration enforced by a user authority configured attribute
userAuthorityFilter String: membership filtered based on user authority configured attributes
userExpiryDays Double: all user members in the role will have specified max expiry days
userReviewDays Double: all user members in the role will have specified review reminder days

auditEnabled boolean: audit enabled flag for the role
auditRef string: string containing audit specification or ticket number.
certExpiryMins number: role certs issued for this role will have specified max timeout in minutes
deleteProtection boolean: If true, ask for delete confirmation in audit and review enabled roles
description string: description for the role
domain string: name of the domain
groupExpiryDays number: all groups in the role will have specified max expiry days
groupReviewDays number: all groups in the role will have specified review reminder days
maxMembers number: maximum number of members allowed in the role
name string: Name of the role
notifyDetails string: Set of instructions included in notifications for review and audit enabled roles
notifyRoles string: comma seperated list of roles whose members should be notified for member review/approval
principalDomainFilter string: comma seperated list of domains to enforce principal membership
resourceState number: Bitmask of resource state flags controlling role behavior when creating or destroying the resource. 0x01: create the role if not already present, 0x02: always delete the role when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level
reviewEnabled boolean: Flag indicates whether role updates require another review and approval
roleMetaId string: The ID of this resource.
selfRenew boolean: Flag indicates whether to allow expired members to renew their membership
selfRenewMins number: Number of minutes members can renew their membership if self review option is enabled
selfServe boolean: Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.
serviceExpiryDays number: all services in the role will have specified max expiry days
serviceReviewDays number: all services in the role will have specified review reminder days
signAlgorithm string: sign algorithm to be used for tokens issued for this role: rsa or ec
tags {[key: string]: string}: map of role tags
tokenExpiryMins number: tokens issued for this role will have specified max timeout in minutes
userAuthorityExpiration string: expiration enforced by a user authority configured attribute
userAuthorityFilter string: membership filtered based on user authority configured attributes
userExpiryDays number: all user members in the role will have specified max expiry days
userReviewDays number: all user members in the role will have specified review reminder days

audit_enabled bool: audit enabled flag for the role
audit_ref str: string containing audit specification or ticket number.
cert_expiry_mins float: role certs issued for this role will have specified max timeout in minutes
delete_protection bool: If true, ask for delete confirmation in audit and review enabled roles
description str: description for the role
domain str: name of the domain
group_expiry_days float: all groups in the role will have specified max expiry days
group_review_days float: all groups in the role will have specified review reminder days
max_members float: maximum number of members allowed in the role
name str: Name of the role
notify_details str: Set of instructions included in notifications for review and audit enabled roles
notify_roles str: comma seperated list of roles whose members should be notified for member review/approval
principal_domain_filter str: comma seperated list of domains to enforce principal membership
resource_state float: Bitmask of resource state flags controlling role behavior when creating or destroying the resource. 0x01: create the role if not already present, 0x02: always delete the role when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level
review_enabled bool: Flag indicates whether role updates require another review and approval
role_meta_id str: The ID of this resource.
self_renew bool: Flag indicates whether to allow expired members to renew their membership
self_renew_mins float: Number of minutes members can renew their membership if self review option is enabled
self_serve bool: Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.
service_expiry_days float: all services in the role will have specified max expiry days
service_review_days float: all services in the role will have specified review reminder days
sign_algorithm str: sign algorithm to be used for tokens issued for this role: rsa or ec
tags Mapping[str, str]: map of role tags
token_expiry_mins float: tokens issued for this role will have specified max timeout in minutes
user_authority_expiration str: expiration enforced by a user authority configured attribute
user_authority_filter str: membership filtered based on user authority configured attributes
user_expiry_days float: all user members in the role will have specified max expiry days
user_review_days float: all user members in the role will have specified review reminder days

auditEnabled Boolean: audit enabled flag for the role
auditRef String: string containing audit specification or ticket number.
certExpiryMins Number: role certs issued for this role will have specified max timeout in minutes
deleteProtection Boolean: If true, ask for delete confirmation in audit and review enabled roles
description String: description for the role
domain String: name of the domain
groupExpiryDays Number: all groups in the role will have specified max expiry days
groupReviewDays Number: all groups in the role will have specified review reminder days
maxMembers Number: maximum number of members allowed in the role
name String: Name of the role
notifyDetails String: Set of instructions included in notifications for review and audit enabled roles
notifyRoles String: comma seperated list of roles whose members should be notified for member review/approval
principalDomainFilter String: comma seperated list of domains to enforce principal membership
resourceState Number: Bitmask of resource state flags controlling role behavior when creating or destroying the resource. 0x01: create the role if not already present, 0x02: always delete the role when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level
reviewEnabled Boolean: Flag indicates whether role updates require another review and approval
roleMetaId String: The ID of this resource.
selfRenew Boolean: Flag indicates whether to allow expired members to renew their membership
selfRenewMins Number: Number of minutes members can renew their membership if self review option is enabled
selfServe Boolean: Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.
serviceExpiryDays Number: all services in the role will have specified max expiry days
serviceReviewDays Number: all services in the role will have specified review reminder days
signAlgorithm String: sign algorithm to be used for tokens issued for this role: rsa or ec
tags Map<String>: map of role tags
tokenExpiryMins Number: tokens issued for this role will have specified max timeout in minutes
userAuthorityExpiration String: expiration enforced by a user authority configured attribute
userAuthorityFilter String: membership filtered based on user authority configured attributes
userExpiryDays Number: all user members in the role will have specified max expiry days
userReviewDays Number: all user members in the role will have specified review reminder days

Package Details

Repository: athenz athenz/terraform-provider-athenz
License
Notes: This Pulumi package is based on the athenz Terraform Provider.

athenz 1.0.45 published on Tuesday, Apr 15, 2025 by athenz

athenz/terraform-provider-athenz

athenz.RoleMeta

On this page

On this page

Example Usage

athenz.RoleMeta (Resource)

Create RoleMeta Resource

Constructor syntax

Parameters

Constructor example

RoleMeta Resource Properties

Inputs

Outputs

Look up Existing RoleMeta Resource

Package Details

On this page

On this page