azurermCosmosdbSqlRoleDefinition
Manages a Cosmos DB SQL Role Definition.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
new azurerm.dataAzurermClientConfig.DataAzurermClientConfig(
this,
"current",
{}
);
const azurermCosmosdbAccountExample =
new azurerm.cosmosdbAccount.CosmosdbAccount(this, "example_2", {
consistency_policy: [
{
consistency_level: "Strong",
},
],
geo_location: [
{
failover_priority: 0,
location: azurermResourceGroupExample.location,
},
],
kind: "GlobalDocumentDB",
location: azurermResourceGroupExample.location,
name: "example-cosmosdb",
offer_type: "Standard",
resource_group_name: azurermResourceGroupExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCosmosdbAccountExample.overrideLogicalId("example");
const azurermCosmosdbSqlRoleDefinitionExample =
new azurerm.cosmosdbSqlRoleDefinition.CosmosdbSqlRoleDefinition(
this,
"example_3",
{
account_name: azurermCosmosdbAccountExample.name,
assignable_scopes: [`\${${azurermCosmosdbAccountExample.id}}/dbs/sales`],
name: "acctestsqlrole",
permissions: [
{
data_actions: [
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read",
],
},
],
resource_group_name: azurermResourceGroupExample.name,
role_definition_id: "84cf3a8b-4122-4448-bce2-fa423cfe0a15",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermCosmosdbSqlRoleDefinitionExample.overrideLogicalId("example");
Arguments Reference
The following arguments are supported:
-
resourceGroupName- (Required) The name of the Resource Group in which the Cosmos DB SQL Role Definition is created. Changing this forces a new resource to be created. -
accountName- (Required) The name of the Cosmos DB Account. Changing this forces a new resource to be created. -
assignableScopes- (Required) A list of fully qualified scopes at or below which Role Assignments may be created using this Cosmos DB SQL Role Definition. It will allow application of this Cosmos DB SQL Role Definition on the entire Database Account or any underlying Database/Collection. Scopes higher than Database Account are not enforceable as assignable scopes.
\~> NOTE: The resources referenced in assignable scopes need not exist.
-
name- (Required) An user-friendly name for the Cosmos DB SQL Role Definition which must be unique for the Database Account. -
permissions- (Required) Apermissionsblock as defined below. -
roleDefinitionId- (Optional) The GUID as the name of the Cosmos DB SQL Role Definition - one will be generated if not specified. Changing this forces a new resource to be created. -
type- (Optional) The type of the Cosmos DB SQL Role Definition. Possible values arebuiltInRoleandcustomRole. Defaults tocustomRole. Changing this forces a new resource to be created.
A permissions block supports the following:
dataActions- (Required) A list of data actions that are allowed for the Cosmos DB SQL Role Definition.
Attributes Reference
In addition to the Arguments listed above - the following Attributes are exported:
id- The ID of the Cosmos DB SQL Role Definition.
Timeouts
The timeouts block allows you to specify timeouts for certain actions:
create- (Defaults to 30 minutes) Used when creating the Cosmos DB SQL Role Definition.read- (Defaults to 5 minutes) Used when retrieving the Cosmos DB SQL Role Definition.update- (Defaults to 30 minutes) Used when updating the Cosmos DB SQL Role Definition.delete- (Defaults to 30 minutes) Used when deleting the Cosmos DB SQL Role Definition.
Import
Cosmos DB SQL Role Definitions can be imported using the resourceId, e.g.