1. Packages
  2. Hsdp Provider
  3. API Docs
  4. IamGroup
hsdp 0.65.3 published on Tuesday, Apr 15, 2025 by philips-software

hsdp.IamGroup

Explore with Pulumi AI

Provides a resource for managing HSDP IAM groups

Example Usage

The following example creates a group

import * as pulumi from "@pulumi/pulumi";
import * as hsdp from "@pulumi/hsdp";

const tdrUsers = new hsdp.IamGroup("tdrUsers", {
    managingOrganization: hsdp_iam_org.devorg.id,
    description: "Group for TDR Users with Contract and Dataitem roles",
    roles: [hsdp_iam_role.TDRALL.id],
    users: [
        hsdp_iam_user.admin.id,
        hsdp_iam_user.developer.id,
    ],
    services: [hsdp_iam_service.test.id],
    devices: [],
});
Copy
import pulumi
import pulumi_hsdp as hsdp

tdr_users = hsdp.IamGroup("tdrUsers",
    managing_organization=hsdp_iam_org["devorg"]["id"],
    description="Group for TDR Users with Contract and Dataitem roles",
    roles=[hsdp_iam_role["TDRALL"]["id"]],
    users=[
        hsdp_iam_user["admin"]["id"],
        hsdp_iam_user["developer"]["id"],
    ],
    services=[hsdp_iam_service["test"]["id"]],
    devices=[])
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/hsdp/hsdp"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := hsdp.NewIamGroup(ctx, "tdrUsers", &hsdp.IamGroupArgs{
			ManagingOrganization: pulumi.Any(hsdp_iam_org.Devorg.Id),
			Description:          pulumi.String("Group for TDR Users with Contract and Dataitem roles"),
			Roles: pulumi.StringArray{
				hsdp_iam_role.TDRALL.Id,
			},
			Users: pulumi.StringArray{
				hsdp_iam_user.Admin.Id,
				hsdp_iam_user.Developer.Id,
			},
			Services: pulumi.StringArray{
				hsdp_iam_service.Test.Id,
			},
			Devices: pulumi.StringArray{},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Hsdp = Pulumi.Hsdp;

return await Deployment.RunAsync(() => 
{
    var tdrUsers = new Hsdp.IamGroup("tdrUsers", new()
    {
        ManagingOrganization = hsdp_iam_org.Devorg.Id,
        Description = "Group for TDR Users with Contract and Dataitem roles",
        Roles = new[]
        {
            hsdp_iam_role.TDRALL.Id,
        },
        Users = new[]
        {
            hsdp_iam_user.Admin.Id,
            hsdp_iam_user.Developer.Id,
        },
        Services = new[]
        {
            hsdp_iam_service.Test.Id,
        },
        Devices = new[] {},
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.hsdp.IamGroup;
import com.pulumi.hsdp.IamGroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var tdrUsers = new IamGroup("tdrUsers", IamGroupArgs.builder()
            .managingOrganization(hsdp_iam_org.devorg().id())
            .description("Group for TDR Users with Contract and Dataitem roles")
            .roles(hsdp_iam_role.TDRALL().id())
            .users(            
                hsdp_iam_user.admin().id(),
                hsdp_iam_user.developer().id())
            .services(hsdp_iam_service.test().id())
            .devices()
            .build());

    }
}
Copy
resources:
  tdrUsers:
    type: hsdp:IamGroup
    properties:
      managingOrganization: ${hsdp_iam_org.devorg.id}
      description: Group for TDR Users with Contract and Dataitem roles
      roles:
        - ${hsdp_iam_role.TDRALL.id}
      users:
        - ${hsdp_iam_user.admin.id}
        - ${hsdp_iam_user.developer.id}
      services:
        - ${hsdp_iam_service.test.id}
      devices: []
Copy

This assumes a role definition exists:

import * as pulumi from "@pulumi/pulumi";
import * as hsdp from "@pulumi/hsdp";

const tDRALL = new hsdp.IamRole("tDRALL", {
    description: "Role for TDR users with ALL access",
    permissions: [
        "DATAITEM.CREATEONBEHALF",
        "DATAITEM.READ",
        "DATAITEM.DELETEONBEHALF",
        "DATAITEM.DELETE",
        "CONTRACT.CREATE",
        "DATAITEM.READONBEHALF",
        "CONTRACT.READ",
        "DATAITEM.CREATE",
    ],
    managingOrganization: hsdp_iam_org.devorg.id,
});
Copy
import pulumi
import pulumi_hsdp as hsdp

t_drall = hsdp.IamRole("tDRALL",
    description="Role for TDR users with ALL access",
    permissions=[
        "DATAITEM.CREATEONBEHALF",
        "DATAITEM.READ",
        "DATAITEM.DELETEONBEHALF",
        "DATAITEM.DELETE",
        "CONTRACT.CREATE",
        "DATAITEM.READONBEHALF",
        "CONTRACT.READ",
        "DATAITEM.CREATE",
    ],
    managing_organization=hsdp_iam_org["devorg"]["id"])
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/hsdp/hsdp"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := hsdp.NewIamRole(ctx, "tDRALL", &hsdp.IamRoleArgs{
			Description: pulumi.String("Role for TDR users with ALL access"),
			Permissions: pulumi.StringArray{
				pulumi.String("DATAITEM.CREATEONBEHALF"),
				pulumi.String("DATAITEM.READ"),
				pulumi.String("DATAITEM.DELETEONBEHALF"),
				pulumi.String("DATAITEM.DELETE"),
				pulumi.String("CONTRACT.CREATE"),
				pulumi.String("DATAITEM.READONBEHALF"),
				pulumi.String("CONTRACT.READ"),
				pulumi.String("DATAITEM.CREATE"),
			},
			ManagingOrganization: pulumi.Any(hsdp_iam_org.Devorg.Id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Hsdp = Pulumi.Hsdp;

return await Deployment.RunAsync(() => 
{
    var tDRALL = new Hsdp.IamRole("tDRALL", new()
    {
        Description = "Role for TDR users with ALL access",
        Permissions = new[]
        {
            "DATAITEM.CREATEONBEHALF",
            "DATAITEM.READ",
            "DATAITEM.DELETEONBEHALF",
            "DATAITEM.DELETE",
            "CONTRACT.CREATE",
            "DATAITEM.READONBEHALF",
            "CONTRACT.READ",
            "DATAITEM.CREATE",
        },
        ManagingOrganization = hsdp_iam_org.Devorg.Id,
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.hsdp.IamRole;
import com.pulumi.hsdp.IamRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var tDRALL = new IamRole("tDRALL", IamRoleArgs.builder()
            .description("Role for TDR users with ALL access")
            .permissions(            
                "DATAITEM.CREATEONBEHALF",
                "DATAITEM.READ",
                "DATAITEM.DELETEONBEHALF",
                "DATAITEM.DELETE",
                "CONTRACT.CREATE",
                "DATAITEM.READONBEHALF",
                "CONTRACT.READ",
                "DATAITEM.CREATE")
            .managingOrganization(hsdp_iam_org.devorg().id())
            .build());

    }
}
Copy
resources:
  tDRALL:
    type: hsdp:IamRole
    properties:
      description: Role for TDR users with ALL access
      permissions:
        - DATAITEM.CREATEONBEHALF
        - DATAITEM.READ
        - DATAITEM.DELETEONBEHALF
        - DATAITEM.DELETE
        - CONTRACT.CREATE
        - DATAITEM.READONBEHALF
        - CONTRACT.READ
        - DATAITEM.CREATE
      managingOrganization: ${hsdp_iam_org.devorg.id}
Copy

Create IamGroup Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new IamGroup(name: string, args: IamGroupArgs, opts?: CustomResourceOptions);
@overload
def IamGroup(resource_name: str,
             args: IamGroupArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def IamGroup(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             managing_organization: Optional[str] = None,
             description: Optional[str] = None,
             devices: Optional[Sequence[str]] = None,
             drift_detection: Optional[bool] = None,
             iam_group_id: Optional[str] = None,
             name: Optional[str] = None,
             roles: Optional[Sequence[str]] = None,
             services: Optional[Sequence[str]] = None,
             users: Optional[Sequence[str]] = None)
func NewIamGroup(ctx *Context, name string, args IamGroupArgs, opts ...ResourceOption) (*IamGroup, error)
public IamGroup(string name, IamGroupArgs args, CustomResourceOptions? opts = null)
public IamGroup(String name, IamGroupArgs args)
public IamGroup(String name, IamGroupArgs args, CustomResourceOptions options)
type: hsdp:IamGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. IamGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. IamGroupArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. IamGroupArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. IamGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. IamGroupArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var iamGroupResource = new Hsdp.IamGroup("iamGroupResource", new()
{
    ManagingOrganization = "string",
    Description = "string",
    Devices = new[]
    {
        "string",
    },
    DriftDetection = false,
    IamGroupId = "string",
    Name = "string",
    Roles = new[]
    {
        "string",
    },
    Services = new[]
    {
        "string",
    },
    Users = new[]
    {
        "string",
    },
});
Copy
example, err := hsdp.NewIamGroup(ctx, "iamGroupResource", &hsdp.IamGroupArgs{
	ManagingOrganization: pulumi.String("string"),
	Description:          pulumi.String("string"),
	Devices: pulumi.StringArray{
		pulumi.String("string"),
	},
	DriftDetection: pulumi.Bool(false),
	IamGroupId:     pulumi.String("string"),
	Name:           pulumi.String("string"),
	Roles: pulumi.StringArray{
		pulumi.String("string"),
	},
	Services: pulumi.StringArray{
		pulumi.String("string"),
	},
	Users: pulumi.StringArray{
		pulumi.String("string"),
	},
})
Copy
var iamGroupResource = new IamGroup("iamGroupResource", IamGroupArgs.builder()
    .managingOrganization("string")
    .description("string")
    .devices("string")
    .driftDetection(false)
    .iamGroupId("string")
    .name("string")
    .roles("string")
    .services("string")
    .users("string")
    .build());
Copy
iam_group_resource = hsdp.IamGroup("iamGroupResource",
    managing_organization="string",
    description="string",
    devices=["string"],
    drift_detection=False,
    iam_group_id="string",
    name="string",
    roles=["string"],
    services=["string"],
    users=["string"])
Copy
const iamGroupResource = new hsdp.IamGroup("iamGroupResource", {
    managingOrganization: "string",
    description: "string",
    devices: ["string"],
    driftDetection: false,
    iamGroupId: "string",
    name: "string",
    roles: ["string"],
    services: ["string"],
    users: ["string"],
});
Copy
type: hsdp:IamGroup
properties:
    description: string
    devices:
        - string
    driftDetection: false
    iamGroupId: string
    managingOrganization: string
    name: string
    roles:
        - string
    services:
        - string
    users:
        - string
Copy

IamGroup Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The IamGroup resource accepts the following input properties:

ManagingOrganization This property is required. string
The managing organization ID
Description string
The description of the group
Devices List<string>
The list of IAM device identity IDs to include in this group. See hsdp.IamDevice
DriftDetection bool
IamGroupId string
The GUID of the group
Name string
The name of the group
Roles List<string>
The list of role IDS to assign to this group
Services List<string>
The list of service identity IDs to include in this group. See hsdp.IamService
Users List<string>
The list of user IDs to include in this group. The provider only manages this list of users. Existing users added by others means to the group by the provider. It is not practical to manage hundreds or thousands of users this way of course.
ManagingOrganization This property is required. string
The managing organization ID
Description string
The description of the group
Devices []string
The list of IAM device identity IDs to include in this group. See hsdp.IamDevice
DriftDetection bool
IamGroupId string
The GUID of the group
Name string
The name of the group
Roles []string
The list of role IDS to assign to this group
Services []string
The list of service identity IDs to include in this group. See hsdp.IamService
Users []string
The list of user IDs to include in this group. The provider only manages this list of users. Existing users added by others means to the group by the provider. It is not practical to manage hundreds or thousands of users this way of course.
managingOrganization This property is required. String
The managing organization ID
description String
The description of the group
devices List<String>
The list of IAM device identity IDs to include in this group. See hsdp.IamDevice
driftDetection Boolean
iamGroupId String
The GUID of the group
name String
The name of the group
roles List<String>
The list of role IDS to assign to this group
services List<String>
The list of service identity IDs to include in this group. See hsdp.IamService
users List<String>
The list of user IDs to include in this group. The provider only manages this list of users. Existing users added by others means to the group by the provider. It is not practical to manage hundreds or thousands of users this way of course.
managingOrganization This property is required. string
The managing organization ID
description string
The description of the group
devices string[]
The list of IAM device identity IDs to include in this group. See hsdp.IamDevice
driftDetection boolean
iamGroupId string
The GUID of the group
name string
The name of the group
roles string[]
The list of role IDS to assign to this group
services string[]
The list of service identity IDs to include in this group. See hsdp.IamService
users string[]
The list of user IDs to include in this group. The provider only manages this list of users. Existing users added by others means to the group by the provider. It is not practical to manage hundreds or thousands of users this way of course.
managing_organization This property is required. str
The managing organization ID
description str
The description of the group
devices Sequence[str]
The list of IAM device identity IDs to include in this group. See hsdp.IamDevice
drift_detection bool
iam_group_id str
The GUID of the group
name str
The name of the group
roles Sequence[str]
The list of role IDS to assign to this group
services Sequence[str]
The list of service identity IDs to include in this group. See hsdp.IamService
users Sequence[str]
The list of user IDs to include in this group. The provider only manages this list of users. Existing users added by others means to the group by the provider. It is not practical to manage hundreds or thousands of users this way of course.
managingOrganization This property is required. String
The managing organization ID
description String
The description of the group
devices List<String>
The list of IAM device identity IDs to include in this group. See hsdp.IamDevice
driftDetection Boolean
iamGroupId String
The GUID of the group
name String
The name of the group
roles List<String>
The list of role IDS to assign to this group
services List<String>
The list of service identity IDs to include in this group. See hsdp.IamService
users List<String>
The list of user IDs to include in this group. The provider only manages this list of users. Existing users added by others means to the group by the provider. It is not practical to manage hundreds or thousands of users this way of course.

Outputs

All input properties are implicitly available as output properties. Additionally, the IamGroup resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing IamGroup Resource

Get an existing IamGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IamGroupState, opts?: CustomResourceOptions): IamGroup
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description: Optional[str] = None,
        devices: Optional[Sequence[str]] = None,
        drift_detection: Optional[bool] = None,
        iam_group_id: Optional[str] = None,
        managing_organization: Optional[str] = None,
        name: Optional[str] = None,
        roles: Optional[Sequence[str]] = None,
        services: Optional[Sequence[str]] = None,
        users: Optional[Sequence[str]] = None) -> IamGroup
func GetIamGroup(ctx *Context, name string, id IDInput, state *IamGroupState, opts ...ResourceOption) (*IamGroup, error)
public static IamGroup Get(string name, Input<string> id, IamGroupState? state, CustomResourceOptions? opts = null)
public static IamGroup get(String name, Output<String> id, IamGroupState state, CustomResourceOptions options)
resources:  _:    type: hsdp:IamGroup    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Description string
The description of the group
Devices List<string>
The list of IAM device identity IDs to include in this group. See hsdp.IamDevice
DriftDetection bool
IamGroupId string
The GUID of the group
ManagingOrganization string
The managing organization ID
Name string
The name of the group
Roles List<string>
The list of role IDS to assign to this group
Services List<string>
The list of service identity IDs to include in this group. See hsdp.IamService
Users List<string>
The list of user IDs to include in this group. The provider only manages this list of users. Existing users added by others means to the group by the provider. It is not practical to manage hundreds or thousands of users this way of course.
Description string
The description of the group
Devices []string
The list of IAM device identity IDs to include in this group. See hsdp.IamDevice
DriftDetection bool
IamGroupId string
The GUID of the group
ManagingOrganization string
The managing organization ID
Name string
The name of the group
Roles []string
The list of role IDS to assign to this group
Services []string
The list of service identity IDs to include in this group. See hsdp.IamService
Users []string
The list of user IDs to include in this group. The provider only manages this list of users. Existing users added by others means to the group by the provider. It is not practical to manage hundreds or thousands of users this way of course.
description String
The description of the group
devices List<String>
The list of IAM device identity IDs to include in this group. See hsdp.IamDevice
driftDetection Boolean
iamGroupId String
The GUID of the group
managingOrganization String
The managing organization ID
name String
The name of the group
roles List<String>
The list of role IDS to assign to this group
services List<String>
The list of service identity IDs to include in this group. See hsdp.IamService
users List<String>
The list of user IDs to include in this group. The provider only manages this list of users. Existing users added by others means to the group by the provider. It is not practical to manage hundreds or thousands of users this way of course.
description string
The description of the group
devices string[]
The list of IAM device identity IDs to include in this group. See hsdp.IamDevice
driftDetection boolean
iamGroupId string
The GUID of the group
managingOrganization string
The managing organization ID
name string
The name of the group
roles string[]
The list of role IDS to assign to this group
services string[]
The list of service identity IDs to include in this group. See hsdp.IamService
users string[]
The list of user IDs to include in this group. The provider only manages this list of users. Existing users added by others means to the group by the provider. It is not practical to manage hundreds or thousands of users this way of course.
description str
The description of the group
devices Sequence[str]
The list of IAM device identity IDs to include in this group. See hsdp.IamDevice
drift_detection bool
iam_group_id str
The GUID of the group
managing_organization str
The managing organization ID
name str
The name of the group
roles Sequence[str]
The list of role IDS to assign to this group
services Sequence[str]
The list of service identity IDs to include in this group. See hsdp.IamService
users Sequence[str]
The list of user IDs to include in this group. The provider only manages this list of users. Existing users added by others means to the group by the provider. It is not practical to manage hundreds or thousands of users this way of course.
description String
The description of the group
devices List<String>
The list of IAM device identity IDs to include in this group. See hsdp.IamDevice
driftDetection Boolean
iamGroupId String
The GUID of the group
managingOrganization String
The managing organization ID
name String
The name of the group
roles List<String>
The list of role IDS to assign to this group
services List<String>
The list of service identity IDs to include in this group. See hsdp.IamService
users List<String>
The list of user IDs to include in this group. The provider only manages this list of users. Existing users added by others means to the group by the provider. It is not practical to manage hundreds or thousands of users this way of course.

Import

$ pulumi import hsdp:index/iamGroup:IamGroup An existing group can be imported using `hsdp_iam_group`, e.g.
Copy
$ pulumi import hsdp:index/iamGroup:IamGroup mygroup a-guid
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
hsdp philips-software/terraform-provider-hsdp
License
Notes
This Pulumi package is based on the hsdp Terraform Provider.