import * as pulumi from "@pulumi/pulumi";
/**
 * Container Service provides cluster RBAC authorization, granting RBAC access permissions to IAM users or roles. This includes accessible resources, scope of permissions, and predefined role types, enabling better management of cluster security access control and meeting enterprise users' requirements for fine-grained resource access control.
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as volcenginecc from "@volcengine/pulumi-volcenginecc";
 *
 * const vKEPermissionDemo = new volcenginecc.vke.Permission("VKEPermissionDemo", {
 *     roleDomain: "namespace",
 *     clusterId: "cd48m3cb1b2ba7l6ebgp0xxxxx",
 *     namespace: "kube-public",
 *     roleName: "vke:visitor",
 *     isCustomRole: false,
 *     granteeId: 59433888,
 *     granteeType: "User",
 * });
 * ```
 *
 * ## Import
 *
 * ```sh
 * $ pulumi import volcenginecc:vke/permission:Permission example "permission_id"
 * ```
 */
export declare class Permission extends pulumi.CustomResource {
    /**
     * Get an existing Permission resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PermissionState, opts?: pulumi.CustomResourceOptions): Permission;
    /**
     * Returns true if the given object is an instance of Permission.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is Permission;
    /**
     * Time when the RBAC policy resource was authorized.
     */
    readonly authorizedAt: pulumi.Output<string>;
    /**
     * Grantor ID. Can be an IAM user ID or an IAM role ID.
     */
    readonly authorizerId: pulumi.Output<number>;
    /**
     * Grantor name
     */
    readonly authorizerName: pulumi.Output<string>;
    /**
     * Type of grantor. Possible values: User: IAM user. Role: IAM role. Account: account.
     */
    readonly authorizerType: pulumi.Output<string>;
    /**
     * Cluster ID to be authorized for the IAM user or role. This parameter is required when roleDomain is namespace or cluster.
     */
    readonly clusterId: pulumi.Output<string>;
    /**
     * Time when the RBAC policy resource was created.
     */
    readonly createdTime: pulumi.Output<string>;
    /**
     * Grantee ID. Can be an IAM user ID or an IAM role ID.
     */
    readonly granteeId: pulumi.Output<number>;
    /**
     * Type of grantee. Possible values: User: IAM user. Role: IAM role. Account: account.
     */
    readonly granteeType: pulumi.Output<string>;
    /**
     * Whether the RBAC role granted to the grantee is a custom role. Possible values: true: custom role. false (default): system predefined role.
     */
    readonly isCustomRole: pulumi.Output<boolean>;
    /**
     * The object name of the RBAC policy resource in Kubernetes.
     */
    readonly kubeRoleBindingName: pulumi.Output<string>;
    /**
     * Authorization details message.
     */
    readonly message: pulumi.Output<string>;
    /**
     * Namespace name to be authorized for the IAM user or role. This parameter is required when roleDomain equals namespace. If roleDomain does not equal namespace, this parameter is not effective.
     */
    readonly namespace: pulumi.Output<string>;
    /**
     * RBAC policy resource ID.
     */
    readonly permissionId: pulumi.Output<string>;
    /**
     * Project selector
     */
    readonly projectSelector: pulumi.Output<string>;
    /**
     * Time when authorization is revoked.
     */
    readonly revokedAt: pulumi.Output<string>;
    /**
     * The permission type granted to an IAM user or role. Possible values: namespace: grants permissions at the namespace level. cluster: grants permissions at the cluster level. all_clusters: grants permissions at the cluster level for all clusters under the current account.
     */
    readonly roleDomain: pulumi.Output<string>;
    /**
     * Name of the RBAC role granted to the grantee. This parameter must be specified. When roleDomain is all_clusters, custom role names are not allowed.
     */
    readonly roleName: pulumi.Output<string>;
    /**
     * Status of the RBAC access policy resource. Possible values: Success: authorization succeeded. Failed: authorization failed. Pending: authorization in progress. PartialSuccess: partial authorization succeeded.
     */
    readonly status: pulumi.Output<string>;
    /**
     * Create a Permission resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args?: PermissionArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering Permission resources.
 */
export interface PermissionState {
    /**
     * Time when the RBAC policy resource was authorized.
     */
    authorizedAt?: pulumi.Input<string>;
    /**
     * Grantor ID. Can be an IAM user ID or an IAM role ID.
     */
    authorizerId?: pulumi.Input<number>;
    /**
     * Grantor name
     */
    authorizerName?: pulumi.Input<string>;
    /**
     * Type of grantor. Possible values: User: IAM user. Role: IAM role. Account: account.
     */
    authorizerType?: pulumi.Input<string>;
    /**
     * Cluster ID to be authorized for the IAM user or role. This parameter is required when roleDomain is namespace or cluster.
     */
    clusterId?: pulumi.Input<string>;
    /**
     * Time when the RBAC policy resource was created.
     */
    createdTime?: pulumi.Input<string>;
    /**
     * Grantee ID. Can be an IAM user ID or an IAM role ID.
     */
    granteeId?: pulumi.Input<number>;
    /**
     * Type of grantee. Possible values: User: IAM user. Role: IAM role. Account: account.
     */
    granteeType?: pulumi.Input<string>;
    /**
     * Whether the RBAC role granted to the grantee is a custom role. Possible values: true: custom role. false (default): system predefined role.
     */
    isCustomRole?: pulumi.Input<boolean>;
    /**
     * The object name of the RBAC policy resource in Kubernetes.
     */
    kubeRoleBindingName?: pulumi.Input<string>;
    /**
     * Authorization details message.
     */
    message?: pulumi.Input<string>;
    /**
     * Namespace name to be authorized for the IAM user or role. This parameter is required when roleDomain equals namespace. If roleDomain does not equal namespace, this parameter is not effective.
     */
    namespace?: pulumi.Input<string>;
    /**
     * RBAC policy resource ID.
     */
    permissionId?: pulumi.Input<string>;
    /**
     * Project selector
     */
    projectSelector?: pulumi.Input<string>;
    /**
     * Time when authorization is revoked.
     */
    revokedAt?: pulumi.Input<string>;
    /**
     * The permission type granted to an IAM user or role. Possible values: namespace: grants permissions at the namespace level. cluster: grants permissions at the cluster level. all_clusters: grants permissions at the cluster level for all clusters under the current account.
     */
    roleDomain?: pulumi.Input<string>;
    /**
     * Name of the RBAC role granted to the grantee. This parameter must be specified. When roleDomain is all_clusters, custom role names are not allowed.
     */
    roleName?: pulumi.Input<string>;
    /**
     * Status of the RBAC access policy resource. Possible values: Success: authorization succeeded. Failed: authorization failed. Pending: authorization in progress. PartialSuccess: partial authorization succeeded.
     */
    status?: pulumi.Input<string>;
}
/**
 * The set of arguments for constructing a Permission resource.
 */
export interface PermissionArgs {
    /**
     * Grantor ID. Can be an IAM user ID or an IAM role ID.
     */
    authorizerId?: pulumi.Input<number>;
    /**
     * Type of grantor. Possible values: User: IAM user. Role: IAM role. Account: account.
     */
    authorizerType?: pulumi.Input<string>;
    /**
     * Cluster ID to be authorized for the IAM user or role. This parameter is required when roleDomain is namespace or cluster.
     */
    clusterId?: pulumi.Input<string>;
    /**
     * Grantee ID. Can be an IAM user ID or an IAM role ID.
     */
    granteeId?: pulumi.Input<number>;
    /**
     * Type of grantee. Possible values: User: IAM user. Role: IAM role. Account: account.
     */
    granteeType?: pulumi.Input<string>;
    /**
     * Whether the RBAC role granted to the grantee is a custom role. Possible values: true: custom role. false (default): system predefined role.
     */
    isCustomRole?: pulumi.Input<boolean>;
    /**
     * Namespace name to be authorized for the IAM user or role. This parameter is required when roleDomain equals namespace. If roleDomain does not equal namespace, this parameter is not effective.
     */
    namespace?: pulumi.Input<string>;
    /**
     * The permission type granted to an IAM user or role. Possible values: namespace: grants permissions at the namespace level. cluster: grants permissions at the cluster level. all_clusters: grants permissions at the cluster level for all clusters under the current account.
     */
    roleDomain?: pulumi.Input<string>;
    /**
     * Name of the RBAC role granted to the grantee. This parameter must be specified. When roleDomain is all_clusters, custom role names are not allowed.
     */
    roleName?: pulumi.Input<string>;
}