import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages a Cosmos DB SQL Role Definition. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const current = azure.core.getClientConfig({}); * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleAccount = new azure.cosmosdb.Account("example", { * name: "example-cosmosdb", * location: example.location, * resourceGroupName: example.name, * offerType: "Standard", * kind: "GlobalDocumentDB", * consistencyPolicy: { * consistencyLevel: "Strong", * }, * geoLocations: [{ * location: example.location, * failoverPriority: 0, * }], * }); * const exampleSqlRoleDefinition = new azure.cosmosdb.SqlRoleDefinition("example", { * roleDefinitionId: "84cf3a8b-4122-4448-bce2-fa423cfe0a15", * resourceGroupName: example.name, * accountName: exampleAccount.name, * name: "acctestsqlrole", * assignableScopes: [pulumi.interpolate`${exampleAccount.id}/dbs/sales`], * permissions: [{ * dataActions: ["Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read"], * }], * }); * ``` * * ## Import * * Cosmos DB SQL Role Definitions can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:cosmosdb/sqlRoleDefinition:SqlRoleDefinition example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.DocumentDB/databaseAccounts/account1/sqlRoleDefinitions/28b3c337-f436-482b-a167-c2618dc52033 * ``` */ export declare class SqlRoleDefinition extends pulumi.CustomResource { /** * Get an existing SqlRoleDefinition resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: SqlRoleDefinitionState, opts?: pulumi.CustomResourceOptions): SqlRoleDefinition; /** * Returns true if the given object is an instance of SqlRoleDefinition. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is SqlRoleDefinition; /** * The name of the Cosmos DB Account. Changing this forces a new resource to be created. */ readonly accountName: pulumi.Output; /** * A list of fully qualified scopes at or below which Role Assignments may be created using this Cosmos DB SQL Role Definition. It will allow application of this Cosmos DB SQL Role Definition on the entire Database Account or any underlying Database/Collection. Scopes higher than Database Account are not enforceable as assignable scopes. * * > **Note:** The resources referenced in assignable scopes need not exist. */ readonly assignableScopes: pulumi.Output; /** * An user-friendly name for the Cosmos DB SQL Role Definition which must be unique for the Database Account. */ readonly name: pulumi.Output; /** * A `permissions` block as defined below. */ readonly permissions: pulumi.Output; /** * The name of the Resource Group in which the Cosmos DB SQL Role Definition is created. Changing this forces a new resource to be created. */ readonly resourceGroupName: pulumi.Output; /** * The GUID as the name of the Cosmos DB SQL Role Definition - one will be generated if not specified. Changing this forces a new resource to be created. */ readonly roleDefinitionId: pulumi.Output; /** * The type of the Cosmos DB SQL Role Definition. Possible values are `BuiltInRole` and `CustomRole`. Defaults to `CustomRole`. Changing this forces a new resource to be created. */ readonly type: pulumi.Output; /** * Create a SqlRoleDefinition resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: SqlRoleDefinitionArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering SqlRoleDefinition resources. */ export interface SqlRoleDefinitionState { /** * The name of the Cosmos DB Account. Changing this forces a new resource to be created. */ accountName?: pulumi.Input; /** * A list of fully qualified scopes at or below which Role Assignments may be created using this Cosmos DB SQL Role Definition. It will allow application of this Cosmos DB SQL Role Definition on the entire Database Account or any underlying Database/Collection. Scopes higher than Database Account are not enforceable as assignable scopes. * * > **Note:** The resources referenced in assignable scopes need not exist. */ assignableScopes?: pulumi.Input[]>; /** * An user-friendly name for the Cosmos DB SQL Role Definition which must be unique for the Database Account. */ name?: pulumi.Input; /** * A `permissions` block as defined below. */ permissions?: pulumi.Input[]>; /** * The name of the Resource Group in which the Cosmos DB SQL Role Definition is created. Changing this forces a new resource to be created. */ resourceGroupName?: pulumi.Input; /** * The GUID as the name of the Cosmos DB SQL Role Definition - one will be generated if not specified. Changing this forces a new resource to be created. */ roleDefinitionId?: pulumi.Input; /** * The type of the Cosmos DB SQL Role Definition. Possible values are `BuiltInRole` and `CustomRole`. Defaults to `CustomRole`. Changing this forces a new resource to be created. */ type?: pulumi.Input; } /** * The set of arguments for constructing a SqlRoleDefinition resource. */ export interface SqlRoleDefinitionArgs { /** * The name of the Cosmos DB Account. Changing this forces a new resource to be created. */ accountName: pulumi.Input; /** * A list of fully qualified scopes at or below which Role Assignments may be created using this Cosmos DB SQL Role Definition. It will allow application of this Cosmos DB SQL Role Definition on the entire Database Account or any underlying Database/Collection. Scopes higher than Database Account are not enforceable as assignable scopes. * * > **Note:** The resources referenced in assignable scopes need not exist. */ assignableScopes: pulumi.Input[]>; /** * An user-friendly name for the Cosmos DB SQL Role Definition which must be unique for the Database Account. */ name?: pulumi.Input; /** * A `permissions` block as defined below. */ permissions: pulumi.Input[]>; /** * The name of the Resource Group in which the Cosmos DB SQL Role Definition is created. Changing this forces a new resource to be created. */ resourceGroupName: pulumi.Input; /** * The GUID as the name of the Cosmos DB SQL Role Definition - one will be generated if not specified. Changing this forces a new resource to be created. */ roleDefinitionId?: pulumi.Input; /** * The type of the Cosmos DB SQL Role Definition. Possible values are `BuiltInRole` and `CustomRole`. Defaults to `CustomRole`. Changing this forces a new resource to be created. */ type?: pulumi.Input; }