Docs Home
opentelekomcloud 1.36.35 published on Monday, Apr 14, 2025 by opentelekomcloud
opentelekomcloud.IdentityRoleV3
Explore with Pulumi AI
opentelekomcloud 1.36.35 published on Monday, Apr 14, 2025 by opentelekomcloud
Up-to-date reference of API arguments for IAM role you can get at documentation portal
Custom role management
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as opentelekomcloud from "@pulumi/opentelekomcloud";
const role = new opentelekomcloud.IdentityRoleV3("role", {
description: "role",
displayLayer: "domain",
displayName: "custom_role",
statements: [
{
actions: ["obs:bucket:GetBucketAcl"],
condition: ` {
"StringStartWith": {
"g:ProjectName": [
"eu-de"
]
},
"StringNotEqualsIgnoreCase": {
"g:ServiceName": [
"iam"
]
}
`,
effect: "Allow",
resources: ["OBS:*:*:bucket:test-bucket"],
},
{
actions: [
"obs:bucket:HeadBucket",
"obs:bucket:ListBucketMultipartUploads",
"obs:bucket:ListBucket",
],
effect: "Allow",
},
],
});
import pulumi
import pulumi_opentelekomcloud as opentelekomcloud
role = opentelekomcloud.IdentityRoleV3("role",
description="role",
display_layer="domain",
display_name="custom_role",
statements=[
{
"actions": ["obs:bucket:GetBucketAcl"],
"condition": """ {
"StringStartWith": {
"g:ProjectName": [
"eu-de"
]
},
"StringNotEqualsIgnoreCase": {
"g:ServiceName": [
"iam"
]
}
""",
"effect": "Allow",
"resources": ["OBS:*:*:bucket:test-bucket"],
},
{
"actions": [
"obs:bucket:HeadBucket",
"obs:bucket:ListBucketMultipartUploads",
"obs:bucket:ListBucket",
],
"effect": "Allow",
},
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/opentelekomcloud/opentelekomcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := opentelekomcloud.NewIdentityRoleV3(ctx, "role", &opentelekomcloud.IdentityRoleV3Args{
Description: pulumi.String("role"),
DisplayLayer: pulumi.String("domain"),
DisplayName: pulumi.String("custom_role"),
Statements: opentelekomcloud.IdentityRoleV3StatementArray{
&opentelekomcloud.IdentityRoleV3StatementArgs{
Actions: pulumi.StringArray{
pulumi.String("obs:bucket:GetBucketAcl"),
},
Condition: pulumi.String(` {
"StringStartWith": {
"g:ProjectName": [
"eu-de"
]
},
"StringNotEqualsIgnoreCase": {
"g:ServiceName": [
"iam"
]
}
`),
Effect: pulumi.String("Allow"),
Resources: pulumi.StringArray{
pulumi.String("OBS:*:*:bucket:test-bucket"),
},
},
&opentelekomcloud.IdentityRoleV3StatementArgs{
Actions: pulumi.StringArray{
pulumi.String("obs:bucket:HeadBucket"),
pulumi.String("obs:bucket:ListBucketMultipartUploads"),
pulumi.String("obs:bucket:ListBucket"),
},
Effect: pulumi.String("Allow"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Opentelekomcloud = Pulumi.Opentelekomcloud;
return await Deployment.RunAsync(() =>
{
var role = new Opentelekomcloud.IdentityRoleV3("role", new()
{
Description = "role",
DisplayLayer = "domain",
DisplayName = "custom_role",
Statements = new[]
{
new Opentelekomcloud.Inputs.IdentityRoleV3StatementArgs
{
Actions = new[]
{
"obs:bucket:GetBucketAcl",
},
Condition = @" {
""StringStartWith"": {
""g:ProjectName"": [
""eu-de""
]
},
""StringNotEqualsIgnoreCase"": {
""g:ServiceName"": [
""iam""
]
}
",
Effect = "Allow",
Resources = new[]
{
"OBS:*:*:bucket:test-bucket",
},
},
new Opentelekomcloud.Inputs.IdentityRoleV3StatementArgs
{
Actions = new[]
{
"obs:bucket:HeadBucket",
"obs:bucket:ListBucketMultipartUploads",
"obs:bucket:ListBucket",
},
Effect = "Allow",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.opentelekomcloud.IdentityRoleV3;
import com.pulumi.opentelekomcloud.IdentityRoleV3Args;
import com.pulumi.opentelekomcloud.inputs.IdentityRoleV3StatementArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var role = new IdentityRoleV3("role", IdentityRoleV3Args.builder()
.description("role")
.displayLayer("domain")
.displayName("custom_role")
.statements(
IdentityRoleV3StatementArgs.builder()
.actions("obs:bucket:GetBucketAcl")
.condition("""
{
"StringStartWith": {
"g:ProjectName": [
"eu-de"
]
},
"StringNotEqualsIgnoreCase": {
"g:ServiceName": [
"iam"
]
}
""")
.effect("Allow")
.resources("OBS:*:*:bucket:test-bucket")
.build(),
IdentityRoleV3StatementArgs.builder()
.actions(
"obs:bucket:HeadBucket",
"obs:bucket:ListBucketMultipartUploads",
"obs:bucket:ListBucket")
.effect("Allow")
.build())
.build());
}
}
resources:
role:
type: opentelekomcloud:IdentityRoleV3
properties:
description: role
displayLayer: domain
displayName: custom_role
statements:
- actions:
- obs:bucket:GetBucketAcl
condition: " {\n \"StringStartWith\": {\n \"g:ProjectName\": [\n \"eu-de\"\n ]\n },\n \"StringNotEqualsIgnoreCase\": {\n \"g:ServiceName\": [\n \"iam\"\n ]\n }\n \n"
effect: Allow
resources:
- OBS:*:*:bucket:test-bucket
- actions:
- obs:bucket:HeadBucket
- obs:bucket:ListBucketMultipartUploads
- obs:bucket:ListBucket
effect: Allow
Create IdentityRoleV3 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new IdentityRoleV3(name: string, args: IdentityRoleV3Args, opts?: CustomResourceOptions);@overload
def IdentityRoleV3(resource_name: str,
args: IdentityRoleV3Args,
opts: Optional[ResourceOptions] = None)
@overload
def IdentityRoleV3(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
display_layer: Optional[str] = None,
display_name: Optional[str] = None,
statements: Optional[Sequence[IdentityRoleV3StatementArgs]] = None,
identity_role_v3_id: Optional[str] = None)func NewIdentityRoleV3(ctx *Context, name string, args IdentityRoleV3Args, opts ...ResourceOption) (*IdentityRoleV3, error)public IdentityRoleV3(string name, IdentityRoleV3Args args, CustomResourceOptions? opts = null)public IdentityRoleV3(String name, IdentityRoleV3Args args)
public IdentityRoleV3(String name, IdentityRoleV3Args args, CustomResourceOptions options)
type: opentelekomcloud:IdentityRoleV3
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. IdentityRoleV3Args - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. IdentityRoleV3Args - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. IdentityRoleV3Args - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. IdentityRoleV3Args - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. IdentityRoleV3Args - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var identityRoleV3Resource = new Opentelekomcloud.IdentityRoleV3("identityRoleV3Resource", new()
{
Description = "string",
DisplayLayer = "string",
DisplayName = "string",
Statements = new[]
{
new Opentelekomcloud.Inputs.IdentityRoleV3StatementArgs
{
Actions = new[]
{
"string",
},
Effect = "string",
Condition = "string",
Resources = new[]
{
"string",
},
},
},
IdentityRoleV3Id = "string",
});
example, err := opentelekomcloud.NewIdentityRoleV3(ctx, "identityRoleV3Resource", &opentelekomcloud.IdentityRoleV3Args{
Description: pulumi.String("string"),
DisplayLayer: pulumi.String("string"),
DisplayName: pulumi.String("string"),
Statements: .IdentityRoleV3StatementArray{
&.IdentityRoleV3StatementArgs{
Actions: pulumi.StringArray{
pulumi.String("string"),
},
Effect: pulumi.String("string"),
Condition: pulumi.String("string"),
Resources: pulumi.StringArray{
pulumi.String("string"),
},
},
},
IdentityRoleV3Id: pulumi.String("string"),
})
var identityRoleV3Resource = new IdentityRoleV3("identityRoleV3Resource", IdentityRoleV3Args.builder()
.description("string")
.displayLayer("string")
.displayName("string")
.statements(IdentityRoleV3StatementArgs.builder()
.actions("string")
.effect("string")
.condition("string")
.resources("string")
.build())
.identityRoleV3Id("string")
.build());
identity_role_v3_resource = opentelekomcloud.IdentityRoleV3("identityRoleV3Resource",
description="string",
display_layer="string",
display_name="string",
statements=[{
"actions": ["string"],
"effect": "string",
"condition": "string",
"resources": ["string"],
}],
identity_role_v3_id="string")
const identityRoleV3Resource = new opentelekomcloud.IdentityRoleV3("identityRoleV3Resource", {
description: "string",
displayLayer: "string",
displayName: "string",
statements: [{
actions: ["string"],
effect: "string",
condition: "string",
resources: ["string"],
}],
identityRoleV3Id: "string",
});
type: opentelekomcloud:IdentityRoleV3
properties:
description: string
displayLayer: string
displayName: string
identityRoleV3Id: string
statements:
- actions:
- string
condition: string
effect: string
resources:
- string
IdentityRoleV3 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The IdentityRoleV3 resource accepts the following input properties:
- Description
This property is required. string - Description of a role. The value cannot exceed 256 characters.
- Display
Layer This property is required. string - Display layer of a role.
- Display
Name This property is required. string - Displayed name of a role. The value cannot exceed 64 characters.
- Statements
This property is required. List<IdentityRole V3Statement> - Statement: The Statement field contains the Effect and Action elements. Effect indicates whether the policy allows or denies access. Action indicates authorization items. The number of statements cannot exceed 8. Structure is documented below.
- Identity
Role stringV3Id
- Description
This property is required. string - Description of a role. The value cannot exceed 256 characters.
- Display
Layer This property is required. string - Display layer of a role.
- Display
Name This property is required. string - Displayed name of a role. The value cannot exceed 64 characters.
- Statements
This property is required. []IdentityRole V3Statement Args - Statement: The Statement field contains the Effect and Action elements. Effect indicates whether the policy allows or denies access. Action indicates authorization items. The number of statements cannot exceed 8. Structure is documented below.
- Identity
Role stringV3Id
- description
This property is required. String - Description of a role. The value cannot exceed 256 characters.
- display
Layer This property is required. String - Display layer of a role.
- display
Name This property is required. String - Displayed name of a role. The value cannot exceed 64 characters.
- statements
This property is required. List<IdentityRole V3Statement> - Statement: The Statement field contains the Effect and Action elements. Effect indicates whether the policy allows or denies access. Action indicates authorization items. The number of statements cannot exceed 8. Structure is documented below.
- identity
Role StringV3Id
- description
This property is required. string - Description of a role. The value cannot exceed 256 characters.
- display
Layer This property is required. string - Display layer of a role.
- display
Name This property is required. string - Displayed name of a role. The value cannot exceed 64 characters.
- statements
This property is required. IdentityRole V3Statement[] - Statement: The Statement field contains the Effect and Action elements. Effect indicates whether the policy allows or denies access. Action indicates authorization items. The number of statements cannot exceed 8. Structure is documented below.
- identity
Role stringV3Id
- description
This property is required. str - Description of a role. The value cannot exceed 256 characters.
- display_
layer This property is required. str - Display layer of a role.
- display_
name This property is required. str - Displayed name of a role. The value cannot exceed 64 characters.
- statements
This property is required. Sequence[IdentityRole V3Statement Args] - Statement: The Statement field contains the Effect and Action elements. Effect indicates whether the policy allows or denies access. Action indicates authorization items. The number of statements cannot exceed 8. Structure is documented below.
- identity_
role_ strv3_ id
- description
This property is required. String - Description of a role. The value cannot exceed 256 characters.
- display
Layer This property is required. String - Display layer of a role.
- display
Name This property is required. String - Displayed name of a role. The value cannot exceed 64 characters.
- statements
This property is required. List<Property Map> - Statement: The Statement field contains the Effect and Action elements. Effect indicates whether the policy allows or denies access. Action indicates authorization items. The number of statements cannot exceed 8. Structure is documented below.
- identity
Role StringV3Id
Outputs
All input properties are implicitly available as output properties. Additionally, the IdentityRoleV3 resource produces the following output properties:
Look up Existing IdentityRoleV3 Resource
Get an existing IdentityRoleV3 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IdentityRoleV3State, opts?: CustomResourceOptions): IdentityRoleV3@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
catalog: Optional[str] = None,
description: Optional[str] = None,
display_layer: Optional[str] = None,
display_name: Optional[str] = None,
domain_id: Optional[str] = None,
identity_role_v3_id: Optional[str] = None,
name: Optional[str] = None,
statements: Optional[Sequence[IdentityRoleV3StatementArgs]] = None) -> IdentityRoleV3func GetIdentityRoleV3(ctx *Context, name string, id IDInput, state *IdentityRoleV3State, opts ...ResourceOption) (*IdentityRoleV3, error)public static IdentityRoleV3 Get(string name, Input<string> id, IdentityRoleV3State? state, CustomResourceOptions? opts = null)public static IdentityRoleV3 get(String name, Output<String> id, IdentityRoleV3State state, CustomResourceOptions options)resources: _: type: opentelekomcloud:IdentityRoleV3 get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Catalog string
- Directory where a role locates
- Description string
- Description of a role. The value cannot exceed 256 characters.
- Display
Layer string - Display layer of a role.
- Display
Name string - Displayed name of a role. The value cannot exceed 64 characters.
- Domain
Id string - ID of the domain to which a role belongs
- Identity
Role stringV3Id - Name string
- Name of a role
- Statements
List<Identity
Role V3Statement> - Statement: The Statement field contains the Effect and Action elements. Effect indicates whether the policy allows or denies access. Action indicates authorization items. The number of statements cannot exceed 8. Structure is documented below.
- Catalog string
- Directory where a role locates
- Description string
- Description of a role. The value cannot exceed 256 characters.
- Display
Layer string - Display layer of a role.
- Display
Name string - Displayed name of a role. The value cannot exceed 64 characters.
- Domain
Id string - ID of the domain to which a role belongs
- Identity
Role stringV3Id - Name string
- Name of a role
- Statements
[]Identity
Role V3Statement Args - Statement: The Statement field contains the Effect and Action elements. Effect indicates whether the policy allows or denies access. Action indicates authorization items. The number of statements cannot exceed 8. Structure is documented below.
- catalog String
- Directory where a role locates
- description String
- Description of a role. The value cannot exceed 256 characters.
- display
Layer String - Display layer of a role.
- display
Name String - Displayed name of a role. The value cannot exceed 64 characters.
- domain
Id String - ID of the domain to which a role belongs
- identity
Role StringV3Id - name String
- Name of a role
- statements
List<Identity
Role V3Statement> - Statement: The Statement field contains the Effect and Action elements. Effect indicates whether the policy allows or denies access. Action indicates authorization items. The number of statements cannot exceed 8. Structure is documented below.
- catalog string
- Directory where a role locates
- description string
- Description of a role. The value cannot exceed 256 characters.
- display
Layer string - Display layer of a role.
- display
Name string - Displayed name of a role. The value cannot exceed 64 characters.
- domain
Id string - ID of the domain to which a role belongs
- identity
Role stringV3Id - name string
- Name of a role
- statements
Identity
Role V3Statement[] - Statement: The Statement field contains the Effect and Action elements. Effect indicates whether the policy allows or denies access. Action indicates authorization items. The number of statements cannot exceed 8. Structure is documented below.
- catalog str
- Directory where a role locates
- description str
- Description of a role. The value cannot exceed 256 characters.
- display_
layer str - Display layer of a role.
- display_
name str - Displayed name of a role. The value cannot exceed 64 characters.
- domain_
id str - ID of the domain to which a role belongs
- identity_
role_ strv3_ id - name str
- Name of a role
- statements
Sequence[Identity
Role V3Statement Args] - Statement: The Statement field contains the Effect and Action elements. Effect indicates whether the policy allows or denies access. Action indicates authorization items. The number of statements cannot exceed 8. Structure is documented below.
- catalog String
- Directory where a role locates
- description String
- Description of a role. The value cannot exceed 256 characters.
- display
Layer String - Display layer of a role.
- display
Name String - Displayed name of a role. The value cannot exceed 64 characters.
- domain
Id String - ID of the domain to which a role belongs
- identity
Role StringV3Id - name String
- Name of a role
- statements List<Property Map>
- Statement: The Statement field contains the Effect and Action elements. Effect indicates whether the policy allows or denies access. Action indicates authorization items. The number of statements cannot exceed 8. Structure is documented below.
Supporting Types
IdentityRoleV3Statement, IdentityRoleV3StatementArgs
, IdentityRoleV3StatementArgs
- Actions
This property is required. List<string> - Permission set, which specifies the operation permissions on resources. The number of permission sets cannot exceed 100. Format: The value format is Service name:Resource type:Action, for example, vpc:ports:create. Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource type and Action: The values are case-insensitive, and the wildcard () are allowed. A wildcard () can represent all or part of information about resource types and actions for the specific service.
- Effect
This property is required. string - The value can be Allow and Deny. If both Allow and Deny are found in statements, the policy evaluation starts with Deny.
- Condition string
The conditions for the permission to take effect. A maximum of 10 conditions are allowed. Conditions should be provided as string as in example above.
For the full reference checkout Policy Syntax.
- Resources List<string>
- The resources which will be granted/denied accesses.
Format:
Service:*:*:resource:resource_path. Examples:KMS:*:*:KeyId:your_key,OBS:*:*:bucket:your_bucket,OBS:*:*:object:your_object.
- Actions
This property is required. []string - Permission set, which specifies the operation permissions on resources. The number of permission sets cannot exceed 100. Format: The value format is Service name:Resource type:Action, for example, vpc:ports:create. Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource type and Action: The values are case-insensitive, and the wildcard () are allowed. A wildcard () can represent all or part of information about resource types and actions for the specific service.
- Effect
This property is required. string - The value can be Allow and Deny. If both Allow and Deny are found in statements, the policy evaluation starts with Deny.
- Condition string
The conditions for the permission to take effect. A maximum of 10 conditions are allowed. Conditions should be provided as string as in example above.
For the full reference checkout Policy Syntax.
- Resources []string
- The resources which will be granted/denied accesses.
Format:
Service:*:*:resource:resource_path. Examples:KMS:*:*:KeyId:your_key,OBS:*:*:bucket:your_bucket,OBS:*:*:object:your_object.
- actions
This property is required. List<String> - Permission set, which specifies the operation permissions on resources. The number of permission sets cannot exceed 100. Format: The value format is Service name:Resource type:Action, for example, vpc:ports:create. Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource type and Action: The values are case-insensitive, and the wildcard () are allowed. A wildcard () can represent all or part of information about resource types and actions for the specific service.
- effect
This property is required. String - The value can be Allow and Deny. If both Allow and Deny are found in statements, the policy evaluation starts with Deny.
- condition String
The conditions for the permission to take effect. A maximum of 10 conditions are allowed. Conditions should be provided as string as in example above.
For the full reference checkout Policy Syntax.
- resources List<String>
- The resources which will be granted/denied accesses.
Format:
Service:*:*:resource:resource_path. Examples:KMS:*:*:KeyId:your_key,OBS:*:*:bucket:your_bucket,OBS:*:*:object:your_object.
- actions
This property is required. string[] - Permission set, which specifies the operation permissions on resources. The number of permission sets cannot exceed 100. Format: The value format is Service name:Resource type:Action, for example, vpc:ports:create. Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource type and Action: The values are case-insensitive, and the wildcard () are allowed. A wildcard () can represent all or part of information about resource types and actions for the specific service.
- effect
This property is required. string - The value can be Allow and Deny. If both Allow and Deny are found in statements, the policy evaluation starts with Deny.
- condition string
The conditions for the permission to take effect. A maximum of 10 conditions are allowed. Conditions should be provided as string as in example above.
For the full reference checkout Policy Syntax.
- resources string[]
- The resources which will be granted/denied accesses.
Format:
Service:*:*:resource:resource_path. Examples:KMS:*:*:KeyId:your_key,OBS:*:*:bucket:your_bucket,OBS:*:*:object:your_object.
- actions
This property is required. Sequence[str] - Permission set, which specifies the operation permissions on resources. The number of permission sets cannot exceed 100. Format: The value format is Service name:Resource type:Action, for example, vpc:ports:create. Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource type and Action: The values are case-insensitive, and the wildcard () are allowed. A wildcard () can represent all or part of information about resource types and actions for the specific service.
- effect
This property is required. str - The value can be Allow and Deny. If both Allow and Deny are found in statements, the policy evaluation starts with Deny.
- condition str
The conditions for the permission to take effect. A maximum of 10 conditions are allowed. Conditions should be provided as string as in example above.
For the full reference checkout Policy Syntax.
- resources Sequence[str]
- The resources which will be granted/denied accesses.
Format:
Service:*:*:resource:resource_path. Examples:KMS:*:*:KeyId:your_key,OBS:*:*:bucket:your_bucket,OBS:*:*:object:your_object.
- actions
This property is required. List<String> - Permission set, which specifies the operation permissions on resources. The number of permission sets cannot exceed 100. Format: The value format is Service name:Resource type:Action, for example, vpc:ports:create. Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource type and Action: The values are case-insensitive, and the wildcard () are allowed. A wildcard () can represent all or part of information about resource types and actions for the specific service.
- effect
This property is required. String - The value can be Allow and Deny. If both Allow and Deny are found in statements, the policy evaluation starts with Deny.
- condition String
The conditions for the permission to take effect. A maximum of 10 conditions are allowed. Conditions should be provided as string as in example above.
For the full reference checkout Policy Syntax.
- resources List<String>
- The resources which will be granted/denied accesses.
Format:
Service:*:*:resource:resource_path. Examples:KMS:*:*:KeyId:your_key,OBS:*:*:bucket:your_bucket,OBS:*:*:object:your_object.
Import
Role can be imported using the following format:
$ pulumi import opentelekomcloud:index/identityRoleV3:IdentityRoleV3 default {{ resource id}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- opentelekomcloud opentelekomcloud/terraform-provider-opentelekomcloud
- License
- Notes
- This Pulumi package is based on the
opentelekomcloudTerraform Provider.
opentelekomcloud 1.36.35 published on Monday, Apr 14, 2025 by opentelekomcloud