{"attribution":"This Pulumi package is based on the [`athenz` Terraform Provider](https://github.com/athenz/terraform-provider-athenz).","config":{"defaults":["zmsUrl"],"variables":{"cacert":{"description":"CA Certificate file path","type":"string"},"cert":{"description":"Athenz client certificate","type":"string"},"disableResourceOwnership":{"description":"Disable resource ownership feature","type":"boolean"},"groupMetaResourceState":{"description":"Default state for<span pulumi-lang-nodejs=\" athenz.GroupMeta \" pulumi-lang-dotnet=\" athenz.GroupMeta \" pulumi-lang-go=\" GroupMeta \" pulumi-lang-python=\" GroupMeta \" pulumi-lang-yaml=\" athenz.GroupMeta \" pulumi-lang-java=\" athenz.GroupMeta \"> athenz.GroupMeta </span>resources","type":"number"},"key":{"description":"Athenz client key","type":"string"},"resourceOwner":{"description":"Resource Owner Identity","type":"string"},"roleMetaResourceState":{"description":"Default state for<span pulumi-lang-nodejs=\" athenz.RoleMeta \" pulumi-lang-dotnet=\" athenz.RoleMeta \" pulumi-lang-go=\" RoleMeta \" pulumi-lang-python=\" RoleMeta \" pulumi-lang-yaml=\" athenz.RoleMeta \" pulumi-lang-java=\" athenz.RoleMeta \"> athenz.RoleMeta </span>resources","type":"number"},"zmsUrl":{"description":"Athenz API URL","type":"string"}}},"description":"A Pulumi provider dynamically bridged from athenz.","functions":{"athenz:index/getAllDomainDetails:getAllDomainDetails":{"description":"<span pulumi-lang-nodejs=\"`athenz.getAllDomainDetails`\" pulumi-lang-dotnet=\"`athenz.getAllDomainDetails`\" pulumi-lang-go=\"`getAllDomainDetails`\" pulumi-lang-python=\"`get_all_domain_details`\" pulumi-lang-yaml=\"`athenz.getAllDomainDetails`\" pulumi-lang-java=\"`athenz.getAllDomainDetails`\">`athenz.getAllDomainDetails`</span> provides full details about a specific Athenz domain (top-level domain/ subdomain/ personal domain)\n\nNote: It can be useful for import  \n\n## Example Usage\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst config = new pulumi.Config();\nconst domainName = config.require(\"domainName\");\nconst domain_test = athenz.getAllDomainDetails({\n    name: domainName,\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nconfig = pulumi.Config()\ndomain_name = config.require(\"domainName\")\ndomain_test = athenz.get_all_domain_details(name=domain_name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var config = new Config();\n    var domainName = config.Require(\"domainName\");\n    var domain_test = Athenz.GetAllDomainDetails.Invoke(new()\n    {\n        Name = domainName,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tdomainName := cfg.Require(\"domainName\")\n\t\t_, err := athenz.GetAllDomainDetails(ctx, &athenz.GetAllDomainDetailsArgs{\n\t\t\tName: domainName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.AthenzFunctions;\nimport com.pulumi.athenz.inputs.GetAllDomainDetailsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var config = ctx.config();\n        final var domainName = config.get(\"domainName\");\n        final var domain-test = AthenzFunctions.getAllDomainDetails(GetAllDomainDetailsArgs.builder()\n            .name(domainName)\n            .build());\n\n    }\n}\n```\n```yaml\nconfiguration:\n  domainName:\n    type: string\nvariables:\n  domain-test:\n    fn::invoke:\n      function: athenz:getAllDomainDetails\n      arguments:\n        name: ${domainName}\n```\n<!--End PulumiCodeChooser -->\n","inputs":{"description":"A collection of arguments for invoking getAllDomainDetails.\n","properties":{"applicationId":{"type":"string"},"awsAccountId":{"type":"string"},"azureClient":{"type":"string"},"azureSubscription":{"type":"string"},"azureTenant":{"type":"string"},"businessService":{"type":"string"},"contacts":{"additionalProperties":{"type":"string"},"type":"object"},"description":{"type":"string"},"environment":{"type":"string"},"gcpProjectId":{"type":"string"},"gcpProjectNumber":{"type":"string"},"groupExpiryDays":{"type":"number"},"groupLists":{"items":{"type":"string"},"type":"array"},"id":{"type":"string"},"memberPurgeExpiryDays":{"type":"number"},"name":{"description":"The name of the specific Athenz domain. Must be fully qualified name.\n","type":"string"},"org":{"type":"string"},"policyLists":{"items":{"type":"string"},"type":"array"},"roleCertExpiryMins":{"type":"number"},"roleLists":{"items":{"type":"string"},"type":"array"},"serviceCertExpiryMins":{"type":"number"},"serviceExpiryDays":{"type":"number"},"serviceLists":{"items":{"type":"string"},"type":"array"},"slackChannel":{"type":"string"},"tags":{"additionalProperties":{"type":"string"},"type":"object"},"tokenExpiryMins":{"type":"number"},"userAuthorityFilter":{"type":"string"},"userExpiryDays":{"type":"number"}},"required":["name"],"type":"object"},"outputs":{"description":"A collection of values returned by getAllDomainDetails.\n","properties":{"applicationId":{"type":"string"},"awsAccountId":{"type":"string"},"azureClient":{"type":"string"},"azureSubscription":{"type":"string"},"azureTenant":{"type":"string"},"businessService":{"type":"string"},"contacts":{"additionalProperties":{"type":"string"},"type":"object"},"description":{"type":"string"},"environment":{"type":"string"},"gcpProjectId":{"type":"string"},"gcpProjectNumber":{"type":"string"},"groupExpiryDays":{"type":"number"},"groupLists":{"items":{"type":"string"},"type":"array"},"id":{"type":"string"},"memberPurgeExpiryDays":{"type":"number"},"name":{"type":"string"},"org":{"type":"string"},"policyLists":{"items":{"type":"string"},"type":"array"},"roleCertExpiryMins":{"type":"number"},"roleLists":{"items":{"type":"string"},"type":"array"},"serviceCertExpiryMins":{"type":"number"},"serviceExpiryDays":{"type":"number"},"serviceLists":{"items":{"type":"string"},"type":"array"},"slackChannel":{"type":"string"},"tags":{"additionalProperties":{"type":"string"},"type":"object"},"tokenExpiryMins":{"type":"number"},"userAuthorityFilter":{"type":"string"},"userExpiryDays":{"type":"number"}},"required":["id","name"],"type":"object"}},"athenz:index/getDomain:getDomain":{"description":"<span pulumi-lang-nodejs=\"`athenz.getDomain`\" pulumi-lang-dotnet=\"`athenz.getDomain`\" pulumi-lang-go=\"`getDomain`\" pulumi-lang-python=\"`get_domain`\" pulumi-lang-yaml=\"`athenz.getDomain`\" pulumi-lang-java=\"`athenz.getDomain`\">`athenz.getDomain`</span> provides details about a specific Athenz domain (top-level domain/ sub domain/ personal domain)\n\n## Example Usage\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst config = new pulumi.Config();\nconst domainName = config.require(\"domainName\");\nconst domain_test = athenz.getDomain({\n    name: domainName,\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nconfig = pulumi.Config()\ndomain_name = config.require(\"domainName\")\ndomain_test = athenz.get_domain(name=domain_name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var config = new Config();\n    var domainName = config.Require(\"domainName\");\n    var domain_test = Athenz.GetDomain.Invoke(new()\n    {\n        Name = domainName,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tdomainName := cfg.Require(\"domainName\")\n\t\t_, err := athenz.GetDomain(ctx, &athenz.GetDomainArgs{\n\t\t\tName: domainName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.AthenzFunctions;\nimport com.pulumi.athenz.inputs.GetDomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var config = ctx.config();\n        final var domainName = config.get(\"domainName\");\n        final var domain-test = AthenzFunctions.getDomain(GetDomainArgs.builder()\n            .name(domainName)\n            .build());\n\n    }\n}\n```\n```yaml\nconfiguration:\n  domainName:\n    type: string\nvariables:\n  domain-test:\n    fn::invoke:\n      function: athenz:getDomain\n      arguments:\n        name: ${domainName}\n```\n<!--End PulumiCodeChooser -->\n","inputs":{"description":"A collection of arguments for invoking getDomain.\n","properties":{"id":{"description":"The ID of this resource.\n","type":"string"},"name":{"description":"- The name of the specific Athenz domain. must be fully qualified name.\n","type":"string"}},"required":["name"],"type":"object"},"outputs":{"description":"A collection of values returned by getDomain.\n","properties":{"id":{"description":"The ID of this resource.\n","type":"string"},"name":{"description":"- The name of the specific Athenz domain. must be fully qualified name.\n","type":"string"}},"required":["id","name"],"type":"object"}},"athenz:index/getGroup:getGroup":{"description":"<span pulumi-lang-nodejs=\"`athenz.Group`\" pulumi-lang-dotnet=\"`athenz.Group`\" pulumi-lang-go=\"`Group`\" pulumi-lang-python=\"`Group`\" pulumi-lang-yaml=\"`athenz.Group`\" pulumi-lang-java=\"`athenz.Group`\">`athenz.Group`</span> provides details about a specific Athenz group.\n\n## Example Usage\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst config = new pulumi.Config();\nconst groupName = config.require(\"groupName\");\nconst selected = athenz.getGroup({\n    name: groupName,\n    domain: \"some_domain\",\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nconfig = pulumi.Config()\ngroup_name = config.require(\"groupName\")\nselected = athenz.get_group(name=group_name,\n    domain=\"some_domain\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var config = new Config();\n    var groupName = config.Require(\"groupName\");\n    var selected = Athenz.GetGroup.Invoke(new()\n    {\n        Name = groupName,\n        Domain = \"some_domain\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tgroupName := cfg.Require(\"groupName\")\n\t\t_, err := athenz.LookupGroup(ctx, &athenz.LookupGroupArgs{\n\t\t\tName:   groupName,\n\t\t\tDomain: \"some_domain\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.AthenzFunctions;\nimport com.pulumi.athenz.inputs.GetGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var config = ctx.config();\n        final var groupName = config.get(\"groupName\");\n        final var selected = AthenzFunctions.getGroup(GetGroupArgs.builder()\n            .name(groupName)\n            .domain(\"some_domain\")\n            .build());\n\n    }\n}\n```\n```yaml\nconfiguration:\n  groupName:\n    type: string\nvariables:\n  selected:\n    fn::invoke:\n      function: athenz:getGroup\n      arguments:\n        name: ${groupName}\n        domain: some_domain\n```\n<!--End PulumiCodeChooser -->\n","inputs":{"description":"A collection of arguments for invoking getGroup.\n","properties":{"auditEnabled":{"description":"audit enabled flag for the group\n","type":"boolean"},"deleteProtection":{"description":"If true, ask for delete confirmation in audit and review enabled groups\n","type":"boolean"},"domain":{"description":"- The Athenz domain name.\n","type":"string"},"id":{"description":"The ID of this resource.\n","type":"string"},"lastReviewedDate":{"description":"Last reviewed date for the group\n","type":"string"},"members":{"description":"Users or services to be added as members\n","items":{"$ref":"#/types/athenz:index%2FgetGroupMember:getGroupMember"},"type":"array"},"name":{"description":"- The name of the specific Athenz group.\n","type":"string"},"notifyDetails":{"description":"Set of instructions included in notifications for review and audit enabled groups\n","type":"string"},"notifyRoles":{"description":"comma seperated list of roles whose members should be notified for member review/approval\n","type":"string"},"principalDomainFilter":{"description":"comma seperated list of domains to enforce principal membership\n","type":"string"},"reviewEnabled":{"description":"Flag indicates whether group updates require another review and approval\n","type":"boolean"},"selfRenew":{"description":"Flag indicates whether to allow expired members to renew their membership\n","type":"boolean"},"selfRenewMins":{"description":"Number of minutes members can renew their membership if self review option is enabled\n","type":"number"},"selfServe":{"description":"Flag indicates whether group allows self-service. Users can add themselves in the group, but it has to be approved by domain admins to be effective.\n","type":"boolean"},"settings":{"$ref":"#/types/athenz:index%2FgetGroupSettings:getGroupSettings","description":"Advanced settings\n"},"tags":{"additionalProperties":{"type":"string"},"description":"map of group tags\n","type":"object"},"userAuthorityExpiration":{"description":"expiration enforced by a user authority configured attribute\n","type":"string"},"userAuthorityFilter":{"description":"membership filtered based on user authority configured attributes\n","type":"string"}},"required":["domain","name"],"type":"object"},"outputs":{"description":"A collection of values returned by getGroup.\n","properties":{"auditEnabled":{"description":"audit enabled flag for the group\n","type":"boolean"},"deleteProtection":{"description":"If true, ask for delete confirmation in audit and review enabled groups\n","type":"boolean"},"domain":{"description":"- The Athenz domain name.\n","type":"string"},"id":{"description":"The ID of this resource.\n","type":"string"},"lastReviewedDate":{"description":"Last reviewed date for the group\n","type":"string"},"members":{"description":"Users or services to be added as members\n","items":{"$ref":"#/types/athenz:index%2FgetGroupMember:getGroupMember"},"type":"array"},"name":{"description":"- The name of the specific Athenz group.\n","type":"string"},"notifyDetails":{"description":"Set of instructions included in notifications for review and audit enabled groups\n","type":"string"},"notifyRoles":{"description":"comma seperated list of roles whose members should be notified for member review/approval\n","type":"string"},"principalDomainFilter":{"description":"comma seperated list of domains to enforce principal membership\n","type":"string"},"reviewEnabled":{"description":"Flag indicates whether group updates require another review and approval\n","type":"boolean"},"selfRenew":{"description":"Flag indicates whether to allow expired members to renew their membership\n","type":"boolean"},"selfRenewMins":{"description":"Number of minutes members can renew their membership if self review option is enabled\n","type":"number"},"selfServe":{"description":"Flag indicates whether group allows self-service. Users can add themselves in the group, but it has to be approved by domain admins to be effective.\n","type":"boolean"},"settings":{"$ref":"#/types/athenz:index%2FgetGroupSettings:getGroupSettings","description":"Advanced settings\n"},"tags":{"additionalProperties":{"type":"string"},"description":"map of group tags\n","type":"object"},"userAuthorityExpiration":{"description":"expiration enforced by a user authority configured attribute\n","type":"string"},"userAuthorityFilter":{"description":"membership filtered based on user authority configured attributes\n","type":"string"}},"required":["domain","id","name"],"type":"object"}},"athenz:index/getPolicy:getPolicy":{"description":"## Example Usage\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst config = new pulumi.Config();\nconst policyName = config.require(\"policyName\");\nconst selected = athenz.getPolicy({\n    name: policyName,\n    domain: \"some_domain\",\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nconfig = pulumi.Config()\npolicy_name = config.require(\"policyName\")\nselected = athenz.get_policy(name=policy_name,\n    domain=\"some_domain\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var config = new Config();\n    var policyName = config.Require(\"policyName\");\n    var selected = Athenz.GetPolicy.Invoke(new()\n    {\n        Name = policyName,\n        Domain = \"some_domain\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tpolicyName := cfg.Require(\"policyName\")\n\t\t_, err := athenz.LookupPolicy(ctx, &athenz.LookupPolicyArgs{\n\t\t\tName:   policyName,\n\t\t\tDomain: \"some_domain\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.AthenzFunctions;\nimport com.pulumi.athenz.inputs.GetPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var config = ctx.config();\n        final var policyName = config.get(\"policyName\");\n        final var selected = AthenzFunctions.getPolicy(GetPolicyArgs.builder()\n            .name(policyName)\n            .domain(\"some_domain\")\n            .build());\n\n    }\n}\n```\n```yaml\nconfiguration:\n  policyName:\n    type: string\nvariables:\n  selected:\n    fn::invoke:\n      function: athenz:getPolicy\n      arguments:\n        name: ${policyName}\n        domain: some_domain\n```\n<!--End PulumiCodeChooser -->\n","inputs":{"description":"A collection of arguments for invoking getPolicy.\n","properties":{"assertions":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyAssertion:getPolicyAssertion"},"type":"array"},"domain":{"description":"- The Athenz domain name.\n","type":"string"},"id":{"description":"The ID of this resource.\n","type":"string"},"name":{"description":"- The name of the specific Athenz policy.\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"type":"object"}},"required":["domain","name"],"type":"object"},"outputs":{"description":"A collection of values returned by getPolicy.\n","properties":{"assertions":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyAssertion:getPolicyAssertion"},"type":"array"},"domain":{"description":"- The Athenz domain name.\n","type":"string"},"id":{"description":"The ID of this resource.\n","type":"string"},"name":{"description":"- The name of the specific Athenz policy.\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"type":"object"}},"required":["domain","id","name"],"type":"object"}},"athenz:index/getPolicyVersion:getPolicyVersion":{"description":"<span pulumi-lang-nodejs=\"`athenz.PolicyVersion`\" pulumi-lang-dotnet=\"`athenz.PolicyVersion`\" pulumi-lang-go=\"`PolicyVersion`\" pulumi-lang-python=\"`PolicyVersion`\" pulumi-lang-yaml=\"`athenz.PolicyVersion`\" pulumi-lang-java=\"`athenz.PolicyVersion`\">`athenz.PolicyVersion`</span> provides details about a specific Athenz policy with all its versions.\n\n","inputs":{"description":"A collection of arguments for invoking getPolicyVersion.\n","properties":{"auditRef":{"type":"string"},"domain":{"description":"Name of the domain that policy belongs to\n","type":"string"},"id":{"description":"The ID of this resource.\n","type":"string"},"name":{"description":"Name of the policy\n","type":"string"}},"required":["domain","name"],"type":"object"},"outputs":{"description":"A collection of values returned by getPolicyVersion.\n","properties":{"activeVersion":{"description":"The policy version that will be active\n","type":"string"},"auditRef":{"type":"string"},"domain":{"description":"Name of the domain that policy belongs to\n","type":"string"},"id":{"description":"The ID of this resource.\n","type":"string"},"name":{"description":"Name of the policy\n","type":"string"},"versions":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyVersionVersion:getPolicyVersionVersion"},"type":"array"}},"required":["activeVersion","domain","id","name","versions"],"type":"object"}},"athenz:index/getRole:getRole":{"description":"<span pulumi-lang-nodejs=\"`athenz.Role`\" pulumi-lang-dotnet=\"`athenz.Role`\" pulumi-lang-go=\"`Role`\" pulumi-lang-python=\"`Role`\" pulumi-lang-yaml=\"`athenz.Role`\" pulumi-lang-java=\"`athenz.Role`\">`athenz.Role`</span> provides details about a specific Athenz role.\n\n## Example Usage\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst config = new pulumi.Config();\nconst roleName = config.require(\"roleName\");\nconst selected = athenz.getRole({\n    name: roleName,\n    domain: \"some_domain\",\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nconfig = pulumi.Config()\nrole_name = config.require(\"roleName\")\nselected = athenz.get_role(name=role_name,\n    domain=\"some_domain\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var config = new Config();\n    var roleName = config.Require(\"roleName\");\n    var selected = Athenz.GetRole.Invoke(new()\n    {\n        Name = roleName,\n        Domain = \"some_domain\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\troleName := cfg.Require(\"roleName\")\n\t\t_, err := athenz.LookupRole(ctx, &athenz.LookupRoleArgs{\n\t\t\tName:   roleName,\n\t\t\tDomain: \"some_domain\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.AthenzFunctions;\nimport com.pulumi.athenz.inputs.GetRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var config = ctx.config();\n        final var roleName = config.get(\"roleName\");\n        final var selected = AthenzFunctions.getRole(GetRoleArgs.builder()\n            .name(roleName)\n            .domain(\"some_domain\")\n            .build());\n\n    }\n}\n```\n```yaml\nconfiguration:\n  roleName:\n    type: string\nvariables:\n  selected:\n    fn::invoke:\n      function: athenz:getRole\n      arguments:\n        name: ${roleName}\n        domain: some_domain\n```\n<!--End PulumiCodeChooser -->\n","inputs":{"description":"A collection of arguments for invoking getRole.\n","properties":{"auditEnabled":{"description":"audit enabled flag for the role\n","type":"boolean"},"deleteProtection":{"description":"If true, ask for delete confirmation in audit and review enabled roles\n","type":"boolean"},"description":{"description":"description for the role\n","type":"string"},"domain":{"description":"- The Athenz domain name.\n","type":"string"},"id":{"description":"The ID of this resource.\n","type":"string"},"lastReviewedDate":{"description":"Last reviewed date for the role\n","type":"string"},"members":{"description":"Athenz principal to be added as members\n","items":{"$ref":"#/types/athenz:index%2FgetRoleMember:getRoleMember"},"type":"array"},"name":{"description":"- The name of the specific Athenz role.\n","type":"string"},"notifyDetails":{"description":"Set of instructions included in notifications for review and audit enabled roles\n","type":"string"},"notifyRoles":{"description":"comma seperated list of roles whose members should be notified for member review/approval\n","type":"string"},"principalDomainFilter":{"description":"comma seperated list of domains to enforce principal membership\n","type":"string"},"reviewEnabled":{"description":"Flag indicates whether role updates require another review and approval\n","type":"boolean"},"selfRenew":{"description":"Flag indicates whether to allow expired members to renew their membership\n","type":"boolean"},"selfRenewMins":{"description":"Number of minutes members can renew their membership if self review option is enabled\n","type":"number"},"selfServe":{"description":"Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.\n","type":"boolean"},"settings":{"$ref":"#/types/athenz:index%2FgetRoleSettings:getRoleSettings","description":"Advanced settings\n"},"signAlgorithm":{"description":"sign algorithm to be used for tokens issued for this role: rsa or ec\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"description":"map of role tags\n","type":"object"},"trust":{"description":"The domain, which this role is trusted to\n","type":"string"},"userAuthorityExpiration":{"description":"expiration enforced by a user authority configured attribute\n","type":"string"},"userAuthorityFilter":{"description":"membership filtered based on user authority configured attributes\n","type":"string"}},"required":["domain","name"],"type":"object"},"outputs":{"description":"A collection of values returned by getRole.\n","properties":{"auditEnabled":{"description":"audit enabled flag for the role\n","type":"boolean"},"deleteProtection":{"description":"If true, ask for delete confirmation in audit and review enabled roles\n","type":"boolean"},"description":{"description":"description for the role\n","type":"string"},"domain":{"description":"- The Athenz domain name.\n","type":"string"},"id":{"description":"The ID of this resource.\n","type":"string"},"lastReviewedDate":{"description":"Last reviewed date for the role\n","type":"string"},"members":{"description":"Athenz principal to be added as members\n","items":{"$ref":"#/types/athenz:index%2FgetRoleMember:getRoleMember"},"type":"array"},"name":{"description":"- The name of the specific Athenz role.\n","type":"string"},"notifyDetails":{"description":"Set of instructions included in notifications for review and audit enabled roles\n","type":"string"},"notifyRoles":{"description":"comma seperated list of roles whose members should be notified for member review/approval\n","type":"string"},"principalDomainFilter":{"description":"comma seperated list of domains to enforce principal membership\n","type":"string"},"reviewEnabled":{"description":"Flag indicates whether role updates require another review and approval\n","type":"boolean"},"selfRenew":{"description":"Flag indicates whether to allow expired members to renew their membership\n","type":"boolean"},"selfRenewMins":{"description":"Number of minutes members can renew their membership if self review option is enabled\n","type":"number"},"selfServe":{"description":"Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.\n","type":"boolean"},"settings":{"$ref":"#/types/athenz:index%2FgetRoleSettings:getRoleSettings","description":"Advanced settings\n"},"signAlgorithm":{"description":"sign algorithm to be used for tokens issued for this role: rsa or ec\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"description":"map of role tags\n","type":"object"},"trust":{"description":"The domain, which this role is trusted to\n","type":"string"},"userAuthorityExpiration":{"description":"expiration enforced by a user authority configured attribute\n","type":"string"},"userAuthorityFilter":{"description":"membership filtered based on user authority configured attributes\n","type":"string"}},"required":["domain","id","name"],"type":"object"}},"athenz:index/getRoles:getRoles":{"description":"<span pulumi-lang-nodejs=\"`athenz.getRoles`\" pulumi-lang-dotnet=\"`athenz.getRoles`\" pulumi-lang-go=\"`getRoles`\" pulumi-lang-python=\"`get_roles`\" pulumi-lang-yaml=\"`athenz.getRoles`\" pulumi-lang-java=\"`athenz.getRoles`\">`athenz.getRoles`</span> This Data Source you can get the list of all roles in a domain with an optional flag to include members\n\n## Example Usage\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst config = new pulumi.Config();\nconst tagKey = config.require(\"tagKey\");\nconst tagValue = config.require(\"tagValue\");\nconst selected = athenz.getRoles({\n    domain: \"some_domain\",\n    tagKey: tagKey,\n    tagValue: tagValue,\n    includeMembers: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nconfig = pulumi.Config()\ntag_key = config.require(\"tagKey\")\ntag_value = config.require(\"tagValue\")\nselected = athenz.get_roles(domain=\"some_domain\",\n    tag_key=tag_key,\n    tag_value=tag_value,\n    include_members=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var config = new Config();\n    var tagKey = config.Require(\"tagKey\");\n    var tagValue = config.Require(\"tagValue\");\n    var selected = Athenz.GetRoles.Invoke(new()\n    {\n        Domain = \"some_domain\",\n        TagKey = tagKey,\n        TagValue = tagValue,\n        IncludeMembers = false,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\ttagKey := cfg.Require(\"tagKey\")\n\t\ttagValue := cfg.Require(\"tagValue\")\n\t\t_, err := athenz.GetRoles(ctx, &athenz.GetRolesArgs{\n\t\t\tDomain:         \"some_domain\",\n\t\t\tTagKey:         pulumi.StringRef(tagKey),\n\t\t\tTagValue:       pulumi.StringRef(tagValue),\n\t\t\tIncludeMembers: pulumi.BoolRef(false),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.AthenzFunctions;\nimport com.pulumi.athenz.inputs.GetRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var config = ctx.config();\n        final var tagKey = config.get(\"tagKey\");\n        final var tagValue = config.get(\"tagValue\");\n        final var selected = AthenzFunctions.getRoles(GetRolesArgs.builder()\n            .domain(\"some_domain\")\n            .tagKey(tagKey)\n            .tagValue(tagValue)\n            .includeMembers(false)\n            .build());\n\n    }\n}\n```\n```yaml\nconfiguration:\n  tagKey:\n    type: string\n  tagValue:\n    type: string\nvariables:\n  selected:\n    fn::invoke:\n      function: athenz:getRoles\n      arguments:\n        domain: some_domain\n        tagKey: ${tagKey}\n        tagValue: ${tagValue}\n        includeMembers: false\n```\n<!--End PulumiCodeChooser -->\n","inputs":{"description":"A collection of arguments for invoking getRoles.\n","properties":{"domain":{"description":"- The Athenz domain name.\n","type":"string"},"id":{"description":"The ID of this resource.\n","type":"string"},"includeMembers":{"description":"If true - return list of members in the role.\n","type":"boolean"},"roles":{"items":{"$ref":"#/types/athenz:index%2FgetRolesRole:getRolesRole"},"type":"array"},"tagKey":{"description":"Query all roles that have a given tag*key.\n","type":"string"},"tagValue":{"description":"- Query all roles that have a given tag*key AND tag*value.\n","type":"string"}},"required":["domain"],"type":"object"},"outputs":{"description":"A collection of values returned by getRoles.\n","properties":{"domain":{"description":"- The Athenz domain name.\n","type":"string"},"id":{"description":"The ID of this resource.\n","type":"string"},"includeMembers":{"description":"If true - return list of members in the role.\n","type":"boolean"},"roles":{"items":{"$ref":"#/types/athenz:index%2FgetRolesRole:getRolesRole"},"type":"array"},"tagKey":{"description":"Query all roles that have a given tag*key.\n","type":"string"},"tagValue":{"description":"- Query all roles that have a given tag*key AND tag*value.\n","type":"string"}},"required":["domain","id"],"type":"object"}},"athenz:index/getService:getService":{"description":"<span pulumi-lang-nodejs=\"`athenz.Service`\" pulumi-lang-dotnet=\"`athenz.Service`\" pulumi-lang-go=\"`Service`\" pulumi-lang-python=\"`Service`\" pulumi-lang-yaml=\"`athenz.Service`\" pulumi-lang-java=\"`athenz.Service`\">`athenz.Service`</span> provides details about a specific Athenz service.\n\n## Example Usage\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst config = new pulumi.Config();\nconst serviceName = config.require(\"serviceName\");\nconst selected = athenz.getService({\n    name: serviceName,\n    domain: someDomain,\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nconfig = pulumi.Config()\nservice_name = config.require(\"serviceName\")\nselected = athenz.get_service(name=service_name,\n    domain=some_domain)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var config = new Config();\n    var serviceName = config.Require(\"serviceName\");\n    var selected = Athenz.GetService.Invoke(new()\n    {\n        Name = serviceName,\n        Domain = someDomain,\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tserviceName := cfg.Require(\"serviceName\")\n\t\t_, err := athenz.LookupService(ctx, &athenz.LookupServiceArgs{\n\t\t\tName:   serviceName,\n\t\t\tDomain: someDomain,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.AthenzFunctions;\nimport com.pulumi.athenz.inputs.GetServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        final var config = ctx.config();\n        final var serviceName = config.get(\"serviceName\");\n        final var selected = AthenzFunctions.getService(GetServiceArgs.builder()\n            .name(serviceName)\n            .domain(someDomain)\n            .build());\n\n    }\n}\n```\n```yaml\nconfiguration:\n  serviceName:\n    type: string\nvariables:\n  selected:\n    fn::invoke:\n      function: athenz:getService\n      arguments:\n        name: ${serviceName}\n        domain: ${someDomain}\n```\n<!--End PulumiCodeChooser -->\n","inputs":{"description":"A collection of arguments for invoking getService.\n","properties":{"description":{"description":"A description of the service\n","type":"string"},"domain":{"description":"- The Athenz domain name.\n","type":"string"},"id":{"description":"The ID of this resource.\n","type":"string"},"name":{"description":"- The name of the specific Athenz service.\n","type":"string"},"publicKeys":{"items":{"$ref":"#/types/athenz:index%2FgetServicePublicKey:getServicePublicKey"},"type":"array"},"tags":{"additionalProperties":{"type":"string"},"type":"object"}},"required":["domain","name"],"type":"object"},"outputs":{"description":"A collection of values returned by getService.\n","properties":{"description":{"description":"A description of the service\n","type":"string"},"domain":{"description":"- The Athenz domain name.\n","type":"string"},"id":{"description":"The ID of this resource.\n","type":"string"},"name":{"description":"- The name of the specific Athenz service.\n","type":"string"},"publicKeys":{"items":{"$ref":"#/types/athenz:index%2FgetServicePublicKey:getServicePublicKey"},"type":"array"},"tags":{"additionalProperties":{"type":"string"},"type":"object"}},"required":["domain","id","name"],"type":"object"}},"pulumi:providers:athenz/terraformConfig":{"description":"This function returns a Terraform config object with terraform-namecased keys,to be used with the Terraform Module Provider.","inputs":{"properties":{"__self__":{"$ref":"#/resources/pulumi:providers:athenz"}},"required":["__self__"],"type":"object"},"outputs":{"properties":{"result":{"additionalProperties":{"$ref":"pulumi.json#/Any"},"type":"object"}},"required":["result"],"type":"object"}}},"language":{"csharp":{"compatibility":"tfbridge20","liftSingleValueMethodReturns":true,"respectSchemaVersion":true},"go":{"generateExtraInputTypes":true,"importBasePath":"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz","liftSingleValueMethodReturns":true,"respectSchemaVersion":true,"rootPackageName":"athenz"},"java":{"basePackage":"","buildFiles":"","gradleNexusPublishPluginVersion":"","gradleTest":""},"nodejs":{"compatibility":"tfbridge20","disableUnionOutputTypes":true,"liftSingleValueMethodReturns":true,"packageDescription":"A Pulumi provider dynamically bridged from athenz.","readme":"> This provider is a derived work of the [Terraform Provider](https://github.com/athenz/terraform-provider-athenz)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> please consult the source [`terraform-provider-athenz` repo](https://github.com/athenz/terraform-provider-athenz/issues).","respectSchemaVersion":true},"python":{"compatibility":"tfbridge20","pyproject":{"enabled":true},"readme":"> This provider is a derived work of the [Terraform Provider](https://github.com/athenz/terraform-provider-athenz)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> please consult the source [`terraform-provider-athenz` repo](https://github.com/athenz/terraform-provider-athenz/issues).","respectSchemaVersion":true}},"meta":{"moduleFormat":"(.*)(?:/[^/]*)"},"name":"athenz","parameterization":{"baseProvider":{"name":"terraform-provider","version":"1.0.1"},"parameter":"eyJyZW1vdGUiOnsidXJsIjoicmVnaXN0cnkub3BlbnRvZnUub3JnL2F0aGVuei9hdGhlbnoiLCJ2ZXJzaW9uIjoiMS4wLjUwIn19"},"provider":{"description":"The provider type for the athenz package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n","inputProperties":{"cacert":{"description":"CA Certificate file path","type":"string"},"cert":{"description":"Athenz client certificate","type":"string"},"disableResourceOwnership":{"description":"Disable resource ownership feature","type":"boolean"},"groupMetaResourceState":{"description":"Default state for<span pulumi-lang-nodejs=\" athenz.GroupMeta \" pulumi-lang-dotnet=\" athenz.GroupMeta \" pulumi-lang-go=\" GroupMeta \" pulumi-lang-python=\" GroupMeta \" pulumi-lang-yaml=\" athenz.GroupMeta \" pulumi-lang-java=\" athenz.GroupMeta \"> athenz.GroupMeta </span>resources","type":"number"},"key":{"description":"Athenz client key","type":"string"},"resourceOwner":{"description":"Resource Owner Identity","type":"string"},"roleMetaResourceState":{"description":"Default state for<span pulumi-lang-nodejs=\" athenz.RoleMeta \" pulumi-lang-dotnet=\" athenz.RoleMeta \" pulumi-lang-go=\" RoleMeta \" pulumi-lang-python=\" RoleMeta \" pulumi-lang-yaml=\" athenz.RoleMeta \" pulumi-lang-java=\" athenz.RoleMeta \"> athenz.RoleMeta </span>resources","type":"number"},"zmsUrl":{"description":"Athenz API URL","type":"string"}},"methods":{"terraformConfig":"pulumi:providers:athenz/terraformConfig"},"properties":{"cacert":{"description":"CA Certificate file path","type":"string"},"cert":{"description":"Athenz client certificate","type":"string"},"key":{"description":"Athenz client key","type":"string"},"resourceOwner":{"description":"Resource Owner Identity","type":"string"},"zmsUrl":{"description":"Athenz API URL","type":"string"}},"required":["zmsUrl"],"requiredInputs":["zmsUrl"],"type":"object"},"publisher":"athenz","repository":"https://github.com/athenz/terraform-provider-athenz","resources":{"athenz:index/domainMeta:DomainMeta":{"description":"<span pulumi-lang-nodejs=\"`athenz.DomainMeta`\" pulumi-lang-dotnet=\"`athenz.DomainMeta`\" pulumi-lang-go=\"`DomainMeta`\" pulumi-lang-python=\"`DomainMeta`\" pulumi-lang-yaml=\"`athenz.DomainMeta`\" pulumi-lang-java=\"`athenz.DomainMeta`\">`athenz.DomainMeta`</span> provides an Athenz domain meta resource.\n","inputProperties":{"applicationId":{"description":"associated application id\n","type":"string"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"businessService":{"description":"associated business service with domain\n","type":"string"},"contacts":{"additionalProperties":{"type":"string"},"description":"map of domain contacts\n","type":"object"},"description":{"description":"description for the domain\n","type":"string"},"domain":{"description":"name of the domain\n","type":"string"},"domainMetaId":{"description":"The ID of this resource.\n","type":"string"},"environment":{"description":"string specifying the environment this domain is used in (production, staging, etc.)\n","type":"string"},"groupExpiryDays":{"description":"all groups in the domain roles will have specified max expiry days\n","type":"number"},"memberPurgeExpiryDays":{"description":"purge role/group members with expiry date configured days in the past\n","type":"number"},"onCall":{"description":"oncall team name/id for any incidents in this domain\n","type":"string"},"roleCertExpiryMins":{"description":"role certs issued for this domain will have specified max timeout in mins\n","type":"number"},"serviceCertExpiryMins":{"description":"service identity certs issued for this domain will have specified max timeout in mins\n","type":"number"},"serviceExpiryDays":{"description":"all services in the domain roles will have specified max expiry days\n","type":"number"},"slackChannel":{"description":"associated slack channel for notifications\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"description":"map of domain tags\n","type":"object"},"tokenExpiryMins":{"description":"tokens issued for this domain will have specified max timeout in mins\n","type":"number"},"userAuthorityFilter":{"description":"membership filtered based on user authority configured attributes\n","type":"string"},"userExpiryDays":{"description":"all user members in the domain will have specified max expiry days\n","type":"number"}},"properties":{"applicationId":{"description":"associated application id\n","type":"string"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"businessService":{"description":"associated business service with domain\n","type":"string"},"contacts":{"additionalProperties":{"type":"string"},"description":"map of domain contacts\n","type":"object"},"description":{"description":"description for the domain\n","type":"string"},"domain":{"description":"name of the domain\n","type":"string"},"domainMetaId":{"description":"The ID of this resource.\n","type":"string"},"environment":{"description":"string specifying the environment this domain is used in (production, staging, etc.)\n","type":"string"},"groupExpiryDays":{"description":"all groups in the domain roles will have specified max expiry days\n","type":"number"},"memberPurgeExpiryDays":{"description":"purge role/group members with expiry date configured days in the past\n","type":"number"},"onCall":{"description":"oncall team name/id for any incidents in this domain\n","type":"string"},"roleCertExpiryMins":{"description":"role certs issued for this domain will have specified max timeout in mins\n","type":"number"},"serviceCertExpiryMins":{"description":"service identity certs issued for this domain will have specified max timeout in mins\n","type":"number"},"serviceExpiryDays":{"description":"all services in the domain roles will have specified max expiry days\n","type":"number"},"slackChannel":{"description":"associated slack channel for notifications\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"description":"map of domain tags\n","type":"object"},"tokenExpiryMins":{"description":"tokens issued for this domain will have specified max timeout in mins\n","type":"number"},"userAuthorityFilter":{"description":"membership filtered based on user authority configured attributes\n","type":"string"},"userExpiryDays":{"description":"all user members in the domain will have specified max expiry days\n","type":"number"}},"required":["domain","domainMetaId"],"requiredInputs":["domain"],"stateInputs":{"description":"Input properties used for looking up and filtering DomainMeta resources.\n","properties":{"applicationId":{"description":"associated application id\n","type":"string"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"businessService":{"description":"associated business service with domain\n","type":"string"},"contacts":{"additionalProperties":{"type":"string"},"description":"map of domain contacts\n","type":"object"},"description":{"description":"description for the domain\n","type":"string"},"domain":{"description":"name of the domain\n","type":"string"},"domainMetaId":{"description":"The ID of this resource.\n","type":"string"},"environment":{"description":"string specifying the environment this domain is used in (production, staging, etc.)\n","type":"string"},"groupExpiryDays":{"description":"all groups in the domain roles will have specified max expiry days\n","type":"number"},"memberPurgeExpiryDays":{"description":"purge role/group members with expiry date configured days in the past\n","type":"number"},"onCall":{"description":"oncall team name/id for any incidents in this domain\n","type":"string"},"roleCertExpiryMins":{"description":"role certs issued for this domain will have specified max timeout in mins\n","type":"number"},"serviceCertExpiryMins":{"description":"service identity certs issued for this domain will have specified max timeout in mins\n","type":"number"},"serviceExpiryDays":{"description":"all services in the domain roles will have specified max expiry days\n","type":"number"},"slackChannel":{"description":"associated slack channel for notifications\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"description":"map of domain tags\n","type":"object"},"tokenExpiryMins":{"description":"tokens issued for this domain will have specified max timeout in mins\n","type":"number"},"userAuthorityFilter":{"description":"membership filtered based on user authority configured attributes\n","type":"string"},"userExpiryDays":{"description":"all user members in the domain will have specified max expiry days\n","type":"number"}},"type":"object"},"type":"object"},"athenz:index/group:Group":{"description":"---\n\n<span pulumi-lang-nodejs=\"`athenz.Group`\" pulumi-lang-dotnet=\"`athenz.Group`\" pulumi-lang-go=\"`Group`\" pulumi-lang-python=\"`Group`\" pulumi-lang-yaml=\"`athenz.Group`\" pulumi-lang-java=\"`athenz.Group`\">`athenz.Group`</span> provides an Athenz group resource.\n\n## Example Usage\n\nIMPORTANT NOTE: please do NOT use json syntax but only hcl syntax\n\n<!--Start PulumiCodeChooser -->\n```yaml\nresources:\n  newgrp:\n    type: athenz:Group\n    properties:\n      name: some_group\n      domain: some_domain\n      members:\n        - name: user.<user-id>\n        - name: <domain>.<service-name>\n          expiration: 2022-12-29 23:59:59\n      auditRef: create group\n      tags:\n        key1: val1,val2\n        key2: val3,val4\n```\n<!--End PulumiCodeChooser -->\n\n\n### Deprecated**\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst newgrp = new athenz.Group(\"newgrp\", {\n    name: \"some_group\",\n    domain: \"some_domain\",\n    members: [\n        \"user.<user-id>\",\n        \"<domain>.<service-name>\",\n    ],\n    auditRef: \"create group\",\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nnewgrp = athenz.Group(\"newgrp\",\n    name=\"some_group\",\n    domain=\"some_domain\",\n    members=[\n        \"user.<user-id>\",\n        \"<domain>.<service-name>\",\n    ],\n    audit_ref=\"create group\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var newgrp = new Athenz.Group(\"newgrp\", new()\n    {\n        Name = \"some_group\",\n        Domain = \"some_domain\",\n        Members = new[]\n        {\n            \"user.<user-id>\",\n            \"<domain>.<service-name>\",\n        },\n        AuditRef = \"create group\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := athenz.NewGroup(ctx, \"newgrp\", &athenz.GroupArgs{\n\t\t\tName:   pulumi.String(\"some_group\"),\n\t\t\tDomain: pulumi.String(\"some_domain\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user.<user-id>\"),\n\t\t\t\tpulumi.String(\"<domain>.<service-name>\"),\n\t\t\t},\n\t\t\tAuditRef: pulumi.String(\"create group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.Group;\nimport com.pulumi.athenz.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var newgrp = new Group(\"newgrp\", GroupArgs.builder()\n            .name(\"some_group\")\n            .domain(\"some_domain\")\n            .members(            \n                \"user.<user-id>\",\n                \"<domain>.<service-name>\")\n            .auditRef(\"create group\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  newgrp:\n    type: athenz:Group\n    properties:\n      name: some_group\n      domain: some_domain\n      members:\n        - user.<user-id>\n        - <domain>.<service-name>\n      auditRef: create group\n```\n<!--End PulumiCodeChooser -->\n","inputProperties":{"auditEnabled":{"type":"boolean"},"auditRef":{"type":"string"},"deleteProtection":{"type":"boolean"},"domain":{"description":"Name of the domain that group belongs to","type":"string"},"groupId":{"type":"string"},"lastReviewedDate":{"description":"The last reviewed timestamp for the group","type":"string"},"member":{"description":"Users or services to be added as members with attribute","items":{"$ref":"#/types/athenz:index%2FGroupMember:GroupMember"},"type":"array"},"members":{"deprecationMessage":"Deprecated","description":"Users or services to be added as members","items":{"type":"string"},"type":"array"},"name":{"description":"Name of the standard group role","type":"string"},"notifyDetails":{"type":"string"},"notifyRoles":{"type":"string"},"principalDomainFilter":{"type":"string"},"reviewEnabled":{"type":"boolean"},"selfRenew":{"type":"boolean"},"selfRenewMins":{"type":"number"},"selfServe":{"type":"boolean"},"settings":{"$ref":"#/types/athenz:index%2FGroupSettings:GroupSettings","description":"Advanced settings"},"tags":{"additionalProperties":{"type":"string"},"type":"object"},"userAuthorityExpiration":{"type":"string"},"userAuthorityFilter":{"type":"string"}},"properties":{"auditEnabled":{"type":"boolean"},"auditRef":{"type":"string"},"deleteProtection":{"type":"boolean"},"domain":{"description":"Name of the domain that group belongs to","type":"string"},"groupId":{"type":"string"},"lastReviewedDate":{"description":"The last reviewed timestamp for the group","type":"string"},"member":{"description":"Users or services to be added as members with attribute","items":{"$ref":"#/types/athenz:index%2FGroupMember:GroupMember"},"type":"array"},"members":{"deprecationMessage":"Deprecated","description":"Users or services to be added as members","items":{"type":"string"},"type":"array"},"name":{"description":"Name of the standard group role","type":"string"},"notifyDetails":{"type":"string"},"notifyRoles":{"type":"string"},"principalDomainFilter":{"type":"string"},"reviewEnabled":{"type":"boolean"},"selfRenew":{"type":"boolean"},"selfRenewMins":{"type":"number"},"selfServe":{"type":"boolean"},"settings":{"$ref":"#/types/athenz:index%2FGroupSettings:GroupSettings","description":"Advanced settings"},"tags":{"additionalProperties":{"type":"string"},"type":"object"},"userAuthorityExpiration":{"type":"string"},"userAuthorityFilter":{"type":"string"}},"required":["domain","groupId","name"],"requiredInputs":["domain"],"stateInputs":{"description":"Input properties used for looking up and filtering Group resources.\n","properties":{"auditEnabled":{"type":"boolean"},"auditRef":{"type":"string"},"deleteProtection":{"type":"boolean"},"domain":{"description":"Name of the domain that group belongs to","type":"string"},"groupId":{"type":"string"},"lastReviewedDate":{"description":"The last reviewed timestamp for the group","type":"string"},"member":{"description":"Users or services to be added as members with attribute","items":{"$ref":"#/types/athenz:index%2FGroupMember:GroupMember"},"type":"array"},"members":{"deprecationMessage":"Deprecated","description":"Users or services to be added as members","items":{"type":"string"},"type":"array"},"name":{"description":"Name of the standard group role","type":"string"},"notifyDetails":{"type":"string"},"notifyRoles":{"type":"string"},"principalDomainFilter":{"type":"string"},"reviewEnabled":{"type":"boolean"},"selfRenew":{"type":"boolean"},"selfRenewMins":{"type":"number"},"selfServe":{"type":"boolean"},"settings":{"$ref":"#/types/athenz:index%2FGroupSettings:GroupSettings","description":"Advanced settings"},"tags":{"additionalProperties":{"type":"string"},"type":"object"},"userAuthorityExpiration":{"type":"string"},"userAuthorityFilter":{"type":"string"}},"type":"object"},"type":"object"},"athenz:index/groupMembers:GroupMembers":{"description":"---\n\n<span pulumi-lang-nodejs=\"`athenz.GroupMembers`\" pulumi-lang-dotnet=\"`athenz.GroupMembers`\" pulumi-lang-go=\"`GroupMembers`\" pulumi-lang-python=\"`GroupMembers`\" pulumi-lang-yaml=\"`athenz.GroupMembers`\" pulumi-lang-java=\"`athenz.GroupMembers`\">`athenz.GroupMembers`</span> provides support for managing members of an existing athenz group\n\n## Example Usage\n\nIMPORTANT NOTE: please do NOT use json syntax but only hcl syntax\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst newgrp = new athenz.GroupMembers(\"newgrp\", {\n    name: \"some_group\",\n    domain: \"some_domain\",\n    members: [\n        {\n            name: \"user.<user-id>\",\n        },\n        {\n            name: \"<domain>.<service-name>\",\n            expiration: \"2022-12-29 23:59:59\",\n        },\n    ],\n    auditRef: \"create group\",\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nnewgrp = athenz.GroupMembers(\"newgrp\",\n    name=\"some_group\",\n    domain=\"some_domain\",\n    members=[\n        {\n            \"name\": \"user.<user-id>\",\n        },\n        {\n            \"name\": \"<domain>.<service-name>\",\n            \"expiration\": \"2022-12-29 23:59:59\",\n        },\n    ],\n    audit_ref=\"create group\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var newgrp = new Athenz.GroupMembers(\"newgrp\", new()\n    {\n        Name = \"some_group\",\n        Domain = \"some_domain\",\n        Members = new[]\n        {\n            new Athenz.Inputs.GroupMembersMemberArgs\n            {\n                Name = \"user.<user-id>\",\n            },\n            new Athenz.Inputs.GroupMembersMemberArgs\n            {\n                Name = \"<domain>.<service-name>\",\n                Expiration = \"2022-12-29 23:59:59\",\n            },\n        },\n        AuditRef = \"create group\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := athenz.NewGroupMembers(ctx, \"newgrp\", &athenz.GroupMembersArgs{\n\t\t\tName:   pulumi.String(\"some_group\"),\n\t\t\tDomain: pulumi.String(\"some_domain\"),\n\t\t\tMembers: athenz.GroupMembersMemberArray{\n\t\t\t\t&athenz.GroupMembersMemberArgs{\n\t\t\t\t\tName: pulumi.String(\"user.<user-id>\"),\n\t\t\t\t},\n\t\t\t\t&athenz.GroupMembersMemberArgs{\n\t\t\t\t\tName:       pulumi.String(\"<domain>.<service-name>\"),\n\t\t\t\t\tExpiration: pulumi.String(\"2022-12-29 23:59:59\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAuditRef: pulumi.String(\"create group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.GroupMembers;\nimport com.pulumi.athenz.GroupMembersArgs;\nimport com.pulumi.athenz.inputs.GroupMembersMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var newgrp = new GroupMembers(\"newgrp\", GroupMembersArgs.builder()\n            .name(\"some_group\")\n            .domain(\"some_domain\")\n            .members(            \n                GroupMembersMemberArgs.builder()\n                    .name(\"user.<user-id>\")\n                    .build(),\n                GroupMembersMemberArgs.builder()\n                    .name(\"<domain>.<service-name>\")\n                    .expiration(\"2022-12-29 23:59:59\")\n                    .build())\n            .auditRef(\"create group\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  newgrp:\n    type: athenz:GroupMembers\n    properties:\n      name: some_group\n      domain: some_domain\n      members:\n        - name: user.<user-id>\n        - name: <domain>.<service-name>\n          expiration: 2022-12-29 23:59:59\n      auditRef: create group\n```\n<!--End PulumiCodeChooser -->\n","inputProperties":{"auditRef":{"type":"string"},"domain":{"description":"Name of the domain that group belongs to","type":"string"},"groupMembersId":{"type":"string"},"members":{"description":"Users or services to be added as members with attribute","items":{"$ref":"#/types/athenz:index%2FGroupMembersMember:GroupMembersMember"},"type":"array"},"name":{"description":"Name of the standard group role","type":"string"}},"properties":{"auditRef":{"type":"string"},"domain":{"description":"Name of the domain that group belongs to","type":"string"},"groupMembersId":{"type":"string"},"members":{"description":"Users or services to be added as members with attribute","items":{"$ref":"#/types/athenz:index%2FGroupMembersMember:GroupMembersMember"},"type":"array"},"name":{"description":"Name of the standard group role","type":"string"}},"required":["domain","groupMembersId","name"],"requiredInputs":["domain"],"stateInputs":{"description":"Input properties used for looking up and filtering GroupMembers resources.\n","properties":{"auditRef":{"type":"string"},"domain":{"description":"Name of the domain that group belongs to","type":"string"},"groupMembersId":{"type":"string"},"members":{"description":"Users or services to be added as members with attribute","items":{"$ref":"#/types/athenz:index%2FGroupMembersMember:GroupMembersMember"},"type":"array"},"name":{"description":"Name of the standard group role","type":"string"}},"type":"object"},"type":"object"},"athenz:index/groupMeta:GroupMeta":{"description":"## Example Usage\n\nIMPORTANT NOTE: please do NOT use json syntax but only hcl syntax\n\n","inputProperties":{"auditEnabled":{"description":"audit enabled flag for the group\n","type":"boolean"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"deleteProtection":{"description":"If true, ask for delete confirmation in audit and review enabled groups\n","type":"boolean"},"domain":{"description":"name of the domain\n","type":"string"},"groupMetaId":{"description":"The ID of this resource.\n","type":"string"},"maxMembers":{"description":"maximum number of members allowed in the group\n","type":"number"},"name":{"description":"Name of the group\n","type":"string"},"notifyDetails":{"description":"Set of instructions included in notifications for review and audit enabled groups\n","type":"string"},"notifyRoles":{"description":"comma seperated list of roles whose members should be notified for member review/approval\n","type":"string"},"principalDomainFilter":{"description":"comma seperated list of domains to enforce principal membership\n","type":"string"},"resourceState":{"description":"Bitmask of resource state flags controlling group behavior when creating or destroying the resource. 0x01: create the group if not already present, 0x02: always delete the group when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level.\n","type":"number"},"reviewEnabled":{"description":"Flag indicates whether group updates require another review and approval\n","type":"boolean"},"selfRenew":{"description":"Flag indicates whether to allow expired members to renew their membership\n","type":"boolean"},"selfRenewMins":{"description":"Number of minutes members can renew their membership if self review option is enabled\n","type":"number"},"selfServe":{"description":"Flag indicates whether group allows self-service. Users can add themselves in the group, but it has to be approved by domain admins to be effective.\n","type":"boolean"},"serviceExpiryDays":{"description":"all services in the group will have specified max expiry days\n","type":"number"},"tags":{"additionalProperties":{"type":"string"},"description":"map of group tags\n","type":"object"},"userAuthorityExpiration":{"description":"expiration enforced by a user authority configured attribute\n","type":"string"},"userAuthorityFilter":{"description":"membership filtered based on user authority configured attributes\n","type":"string"},"userExpiryDays":{"description":"all user members in the group will have specified max expiry days\n","type":"number"}},"properties":{"auditEnabled":{"description":"audit enabled flag for the group\n","type":"boolean"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"deleteProtection":{"description":"If true, ask for delete confirmation in audit and review enabled groups\n","type":"boolean"},"domain":{"description":"name of the domain\n","type":"string"},"groupMetaId":{"description":"The ID of this resource.\n","type":"string"},"maxMembers":{"description":"maximum number of members allowed in the group\n","type":"number"},"name":{"description":"Name of the group\n","type":"string"},"notifyDetails":{"description":"Set of instructions included in notifications for review and audit enabled groups\n","type":"string"},"notifyRoles":{"description":"comma seperated list of roles whose members should be notified for member review/approval\n","type":"string"},"principalDomainFilter":{"description":"comma seperated list of domains to enforce principal membership\n","type":"string"},"resourceState":{"description":"Bitmask of resource state flags controlling group behavior when creating or destroying the resource. 0x01: create the group if not already present, 0x02: always delete the group when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level.\n","type":"number"},"reviewEnabled":{"description":"Flag indicates whether group updates require another review and approval\n","type":"boolean"},"selfRenew":{"description":"Flag indicates whether to allow expired members to renew their membership\n","type":"boolean"},"selfRenewMins":{"description":"Number of minutes members can renew their membership if self review option is enabled\n","type":"number"},"selfServe":{"description":"Flag indicates whether group allows self-service. Users can add themselves in the group, but it has to be approved by domain admins to be effective.\n","type":"boolean"},"serviceExpiryDays":{"description":"all services in the group will have specified max expiry days\n","type":"number"},"tags":{"additionalProperties":{"type":"string"},"description":"map of group tags\n","type":"object"},"userAuthorityExpiration":{"description":"expiration enforced by a user authority configured attribute\n","type":"string"},"userAuthorityFilter":{"description":"membership filtered based on user authority configured attributes\n","type":"string"},"userExpiryDays":{"description":"all user members in the group will have specified max expiry days\n","type":"number"}},"required":["domain","groupMetaId","name"],"requiredInputs":["domain"],"stateInputs":{"description":"Input properties used for looking up and filtering GroupMeta resources.\n","properties":{"auditEnabled":{"description":"audit enabled flag for the group\n","type":"boolean"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"deleteProtection":{"description":"If true, ask for delete confirmation in audit and review enabled groups\n","type":"boolean"},"domain":{"description":"name of the domain\n","type":"string"},"groupMetaId":{"description":"The ID of this resource.\n","type":"string"},"maxMembers":{"description":"maximum number of members allowed in the group\n","type":"number"},"name":{"description":"Name of the group\n","type":"string"},"notifyDetails":{"description":"Set of instructions included in notifications for review and audit enabled groups\n","type":"string"},"notifyRoles":{"description":"comma seperated list of roles whose members should be notified for member review/approval\n","type":"string"},"principalDomainFilter":{"description":"comma seperated list of domains to enforce principal membership\n","type":"string"},"resourceState":{"description":"Bitmask of resource state flags controlling group behavior when creating or destroying the resource. 0x01: create the group if not already present, 0x02: always delete the group when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level.\n","type":"number"},"reviewEnabled":{"description":"Flag indicates whether group updates require another review and approval\n","type":"boolean"},"selfRenew":{"description":"Flag indicates whether to allow expired members to renew their membership\n","type":"boolean"},"selfRenewMins":{"description":"Number of minutes members can renew their membership if self review option is enabled\n","type":"number"},"selfServe":{"description":"Flag indicates whether group allows self-service. Users can add themselves in the group, but it has to be approved by domain admins to be effective.\n","type":"boolean"},"serviceExpiryDays":{"description":"all services in the group will have specified max expiry days\n","type":"number"},"tags":{"additionalProperties":{"type":"string"},"description":"map of group tags\n","type":"object"},"userAuthorityExpiration":{"description":"expiration enforced by a user authority configured attribute\n","type":"string"},"userAuthorityFilter":{"description":"membership filtered based on user authority configured attributes\n","type":"string"},"userExpiryDays":{"description":"all user members in the group will have specified max expiry days\n","type":"number"}},"type":"object"},"type":"object"},"athenz:index/policy:Policy":{"description":"<span pulumi-lang-nodejs=\"`athenz.Policy`\" pulumi-lang-dotnet=\"`athenz.Policy`\" pulumi-lang-go=\"`Policy`\" pulumi-lang-python=\"`Policy`\" pulumi-lang-yaml=\"`athenz.Policy`\" pulumi-lang-java=\"`athenz.Policy`\">`athenz.Policy`</span> provides an Athenz policy resource.\n\n## Example Usage\n\nIMPORTANT NOTE: please do NOT use json syntax but only hcl syntax\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst fooPolicy = new athenz.Policy(\"foo_policy\", {\n    name: \"foo\",\n    domain: \"some_domain\",\n    assertions: [\n        {\n            effect: \"ALLOW\",\n            action: \"some_action\",\n            role: \"some_role_name\",\n            resource: \"some_domain:some_resource\",\n        },\n        {\n            effect: \"ALLOW\",\n            action: \"SOME_ACTION\",\n            role: \"some_role_name\",\n            resource: \"some_domain:some_resource\",\n            caseSensitive: true,\n        },\n    ],\n    auditRef: \"create policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nfoo_policy = athenz.Policy(\"foo_policy\",\n    name=\"foo\",\n    domain=\"some_domain\",\n    assertions=[\n        {\n            \"effect\": \"ALLOW\",\n            \"action\": \"some_action\",\n            \"role\": \"some_role_name\",\n            \"resource\": \"some_domain:some_resource\",\n        },\n        {\n            \"effect\": \"ALLOW\",\n            \"action\": \"SOME_ACTION\",\n            \"role\": \"some_role_name\",\n            \"resource\": \"some_domain:some_resource\",\n            \"case_sensitive\": True,\n        },\n    ],\n    audit_ref=\"create policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var fooPolicy = new Athenz.Policy(\"foo_policy\", new()\n    {\n        Name = \"foo\",\n        Domain = \"some_domain\",\n        Assertions = new[]\n        {\n            new Athenz.Inputs.PolicyAssertionArgs\n            {\n                Effect = \"ALLOW\",\n                Action = \"some_action\",\n                Role = \"some_role_name\",\n                Resource = \"some_domain:some_resource\",\n            },\n            new Athenz.Inputs.PolicyAssertionArgs\n            {\n                Effect = \"ALLOW\",\n                Action = \"SOME_ACTION\",\n                Role = \"some_role_name\",\n                Resource = \"some_domain:some_resource\",\n                CaseSensitive = true,\n            },\n        },\n        AuditRef = \"create policy\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := athenz.NewPolicy(ctx, \"foo_policy\", &athenz.PolicyArgs{\n\t\t\tName:   pulumi.String(\"foo\"),\n\t\t\tDomain: pulumi.String(\"some_domain\"),\n\t\t\tAssertions: athenz.PolicyAssertionArray{\n\t\t\t\t&athenz.PolicyAssertionArgs{\n\t\t\t\t\tEffect:   pulumi.String(\"ALLOW\"),\n\t\t\t\t\tAction:   pulumi.String(\"some_action\"),\n\t\t\t\t\tRole:     pulumi.String(\"some_role_name\"),\n\t\t\t\t\tResource: pulumi.String(\"some_domain:some_resource\"),\n\t\t\t\t},\n\t\t\t\t&athenz.PolicyAssertionArgs{\n\t\t\t\t\tEffect:        pulumi.String(\"ALLOW\"),\n\t\t\t\t\tAction:        pulumi.String(\"SOME_ACTION\"),\n\t\t\t\t\tRole:          pulumi.String(\"some_role_name\"),\n\t\t\t\t\tResource:      pulumi.String(\"some_domain:some_resource\"),\n\t\t\t\t\tCaseSensitive: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAuditRef: pulumi.String(\"create policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.Policy;\nimport com.pulumi.athenz.PolicyArgs;\nimport com.pulumi.athenz.inputs.PolicyAssertionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var fooPolicy = new Policy(\"fooPolicy\", PolicyArgs.builder()\n            .name(\"foo\")\n            .domain(\"some_domain\")\n            .assertions(            \n                PolicyAssertionArgs.builder()\n                    .effect(\"ALLOW\")\n                    .action(\"some_action\")\n                    .role(\"some_role_name\")\n                    .resource(\"some_domain:some_resource\")\n                    .build(),\n                PolicyAssertionArgs.builder()\n                    .effect(\"ALLOW\")\n                    .action(\"SOME_ACTION\")\n                    .role(\"some_role_name\")\n                    .resource(\"some_domain:some_resource\")\n                    .caseSensitive(true)\n                    .build())\n            .auditRef(\"create policy\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  fooPolicy:\n    type: athenz:Policy\n    name: foo_policy\n    properties:\n      name: foo\n      domain: some_domain\n      assertions:\n        - effect: ALLOW\n          action: some_action\n          role: some_role_name\n          resource: some_domain:some_resource\n        - effect: ALLOW\n          action: SOME_ACTION\n          role: some_role_name\n          resource: some_domain:some_resource\n          caseSensitive: true\n      auditRef: create policy\n```\n<!--End PulumiCodeChooser -->\n","inputProperties":{"assertions":{"description":"A set of assertions that govern usage of resources. where \\n\\n is \\n\\n \\n\\n to \\n\\n on \\n\\n.\n","items":{"$ref":"#/types/athenz:index%2FPolicyAssertion:PolicyAssertion"},"type":"array"},"auditRef":{"type":"string"},"domain":{"description":"Name of the domain that policy belongs to\n","type":"string"},"name":{"description":"Name of the policy\n","type":"string"},"policyId":{"description":"The ID of this resource.\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"type":"object"}},"properties":{"assertions":{"description":"A set of assertions that govern usage of resources. where \\n\\n is \\n\\n \\n\\n to \\n\\n on \\n\\n.\n","items":{"$ref":"#/types/athenz:index%2FPolicyAssertion:PolicyAssertion"},"type":"array"},"auditRef":{"type":"string"},"domain":{"description":"Name of the domain that policy belongs to\n","type":"string"},"name":{"description":"Name of the policy\n","type":"string"},"policyId":{"description":"The ID of this resource.\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"type":"object"}},"required":["domain","name","policyId"],"requiredInputs":["domain"],"stateInputs":{"description":"Input properties used for looking up and filtering Policy resources.\n","properties":{"assertions":{"description":"A set of assertions that govern usage of resources. where \\n\\n is \\n\\n \\n\\n to \\n\\n on \\n\\n.\n","items":{"$ref":"#/types/athenz:index%2FPolicyAssertion:PolicyAssertion"},"type":"array"},"auditRef":{"type":"string"},"domain":{"description":"Name of the domain that policy belongs to\n","type":"string"},"name":{"description":"Name of the policy\n","type":"string"},"policyId":{"description":"The ID of this resource.\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"type":"object"}},"type":"object"},"type":"object"},"athenz:index/policyVersion:PolicyVersion":{"description":"<span pulumi-lang-nodejs=\"`athenz.PolicyVersion`\" pulumi-lang-dotnet=\"`athenz.PolicyVersion`\" pulumi-lang-go=\"`PolicyVersion`\" pulumi-lang-python=\"`PolicyVersion`\" pulumi-lang-yaml=\"`athenz.PolicyVersion`\" pulumi-lang-java=\"`athenz.PolicyVersion`\">`athenz.PolicyVersion`</span> provides an Athenz policy resource with all of its versions.\n\n## Example Usage\n\nIMPORTANT NOTE: please do NOT use json syntax but only hcl syntax\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst policyWithVersion = new athenz.PolicyVersion(\"policy_with_version\", {\n    name: \"with_version\",\n    domain: \"some_domain\",\n    activeVersion: \"version1\",\n    versions: [\n        {\n            versionName: \"version1\",\n            assertions: [{\n                effect: \"ALLOW\",\n                action: \"*\",\n                role: \"role1\",\n                resource: \"some_domain:resource1\",\n            }],\n        },\n        {\n            versionName: \"version2\",\n            assertions: [\n                {\n                    effect: \"ALLOW\",\n                    action: \"*\",\n                    role: \"role2\",\n                    resource: \"some_domain:RESOURCE2\",\n                    caseSensitive: true,\n                },\n                {\n                    effect: \"DENY\",\n                    action: \"PLAY\",\n                    role: \"role2\",\n                    resource: \"some_domain:resource2\",\n                    caseSensitive: true,\n                },\n            ],\n        },\n    ],\n    auditRef: \"create policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\npolicy_with_version = athenz.PolicyVersion(\"policy_with_version\",\n    name=\"with_version\",\n    domain=\"some_domain\",\n    active_version=\"version1\",\n    versions=[\n        {\n            \"version_name\": \"version1\",\n            \"assertions\": [{\n                \"effect\": \"ALLOW\",\n                \"action\": \"*\",\n                \"role\": \"role1\",\n                \"resource\": \"some_domain:resource1\",\n            }],\n        },\n        {\n            \"version_name\": \"version2\",\n            \"assertions\": [\n                {\n                    \"effect\": \"ALLOW\",\n                    \"action\": \"*\",\n                    \"role\": \"role2\",\n                    \"resource\": \"some_domain:RESOURCE2\",\n                    \"case_sensitive\": True,\n                },\n                {\n                    \"effect\": \"DENY\",\n                    \"action\": \"PLAY\",\n                    \"role\": \"role2\",\n                    \"resource\": \"some_domain:resource2\",\n                    \"case_sensitive\": True,\n                },\n            ],\n        },\n    ],\n    audit_ref=\"create policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var policyWithVersion = new Athenz.PolicyVersion(\"policy_with_version\", new()\n    {\n        Name = \"with_version\",\n        Domain = \"some_domain\",\n        ActiveVersion = \"version1\",\n        Versions = new[]\n        {\n            new Athenz.Inputs.PolicyVersionVersionArgs\n            {\n                VersionName = \"version1\",\n                Assertions = new[]\n                {\n                    new Athenz.Inputs.PolicyVersionVersionAssertionArgs\n                    {\n                        Effect = \"ALLOW\",\n                        Action = \"*\",\n                        Role = \"role1\",\n                        Resource = \"some_domain:resource1\",\n                    },\n                },\n            },\n            new Athenz.Inputs.PolicyVersionVersionArgs\n            {\n                VersionName = \"version2\",\n                Assertions = new[]\n                {\n                    new Athenz.Inputs.PolicyVersionVersionAssertionArgs\n                    {\n                        Effect = \"ALLOW\",\n                        Action = \"*\",\n                        Role = \"role2\",\n                        Resource = \"some_domain:RESOURCE2\",\n                        CaseSensitive = true,\n                    },\n                    new Athenz.Inputs.PolicyVersionVersionAssertionArgs\n                    {\n                        Effect = \"DENY\",\n                        Action = \"PLAY\",\n                        Role = \"role2\",\n                        Resource = \"some_domain:resource2\",\n                        CaseSensitive = true,\n                    },\n                },\n            },\n        },\n        AuditRef = \"create policy\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := athenz.NewPolicyVersion(ctx, \"policy_with_version\", &athenz.PolicyVersionArgs{\n\t\t\tName:          pulumi.String(\"with_version\"),\n\t\t\tDomain:        pulumi.String(\"some_domain\"),\n\t\t\tActiveVersion: pulumi.String(\"version1\"),\n\t\t\tVersions: athenz.PolicyVersionVersionArray{\n\t\t\t\t&athenz.PolicyVersionVersionArgs{\n\t\t\t\t\tVersionName: pulumi.String(\"version1\"),\n\t\t\t\t\tAssertions: athenz.PolicyVersionVersionAssertionArray{\n\t\t\t\t\t\t&athenz.PolicyVersionVersionAssertionArgs{\n\t\t\t\t\t\t\tEffect:   pulumi.String(\"ALLOW\"),\n\t\t\t\t\t\t\tAction:   pulumi.String(\"*\"),\n\t\t\t\t\t\t\tRole:     pulumi.String(\"role1\"),\n\t\t\t\t\t\t\tResource: pulumi.String(\"some_domain:resource1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&athenz.PolicyVersionVersionArgs{\n\t\t\t\t\tVersionName: pulumi.String(\"version2\"),\n\t\t\t\t\tAssertions: athenz.PolicyVersionVersionAssertionArray{\n\t\t\t\t\t\t&athenz.PolicyVersionVersionAssertionArgs{\n\t\t\t\t\t\t\tEffect:        pulumi.String(\"ALLOW\"),\n\t\t\t\t\t\t\tAction:        pulumi.String(\"*\"),\n\t\t\t\t\t\t\tRole:          pulumi.String(\"role2\"),\n\t\t\t\t\t\t\tResource:      pulumi.String(\"some_domain:RESOURCE2\"),\n\t\t\t\t\t\t\tCaseSensitive: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&athenz.PolicyVersionVersionAssertionArgs{\n\t\t\t\t\t\t\tEffect:        pulumi.String(\"DENY\"),\n\t\t\t\t\t\t\tAction:        pulumi.String(\"PLAY\"),\n\t\t\t\t\t\t\tRole:          pulumi.String(\"role2\"),\n\t\t\t\t\t\t\tResource:      pulumi.String(\"some_domain:resource2\"),\n\t\t\t\t\t\t\tCaseSensitive: pulumi.Bool(true),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAuditRef: pulumi.String(\"create policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.PolicyVersion;\nimport com.pulumi.athenz.PolicyVersionArgs;\nimport com.pulumi.athenz.inputs.PolicyVersionVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var policyWithVersion = new PolicyVersion(\"policyWithVersion\", PolicyVersionArgs.builder()\n            .name(\"with_version\")\n            .domain(\"some_domain\")\n            .activeVersion(\"version1\")\n            .versions(            \n                PolicyVersionVersionArgs.builder()\n                    .versionName(\"version1\")\n                    .assertions(PolicyVersionVersionAssertionArgs.builder()\n                        .effect(\"ALLOW\")\n                        .action(\"*\")\n                        .role(\"role1\")\n                        .resource(\"some_domain:resource1\")\n                        .build())\n                    .build(),\n                PolicyVersionVersionArgs.builder()\n                    .versionName(\"version2\")\n                    .assertions(                    \n                        PolicyVersionVersionAssertionArgs.builder()\n                            .effect(\"ALLOW\")\n                            .action(\"*\")\n                            .role(\"role2\")\n                            .resource(\"some_domain:RESOURCE2\")\n                            .caseSensitive(true)\n                            .build(),\n                        PolicyVersionVersionAssertionArgs.builder()\n                            .effect(\"DENY\")\n                            .action(\"PLAY\")\n                            .role(\"role2\")\n                            .resource(\"some_domain:resource2\")\n                            .caseSensitive(true)\n                            .build())\n                    .build())\n            .auditRef(\"create policy\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  policyWithVersion:\n    type: athenz:PolicyVersion\n    name: policy_with_version\n    properties:\n      name: with_version\n      domain: some_domain\n      activeVersion: version1\n      versions:\n        - versionName: version1\n          assertions:\n            - effect: ALLOW\n              action: '*'\n              role: role1\n              resource: some_domain:resource1\n        - versionName: version2\n          assertions:\n            - effect: ALLOW\n              action: '*'\n              role: role2\n              resource: some_domain:RESOURCE2\n              caseSensitive: true\n            - effect: DENY\n              action: PLAY\n              role: role2\n              resource: some_domain:resource2\n              caseSensitive: true\n      auditRef: create policy\n```\n<!--End PulumiCodeChooser -->\n","inputProperties":{"activeVersion":{"description":"The active version of the policy. Must match one of the version name defined un the resource\n","type":"string"},"auditRef":{"type":"string"},"domain":{"description":"Name of the domain that policy belongs to\n","type":"string"},"name":{"description":"Name of the policy\n","type":"string"},"policyVersionId":{"description":"The ID of this resource.\n","type":"string"},"versions":{"description":"- A set of policy versions\n","items":{"$ref":"#/types/athenz:index%2FPolicyVersionVersion:PolicyVersionVersion"},"type":"array"}},"properties":{"activeVersion":{"description":"The active version of the policy. Must match one of the version name defined un the resource\n","type":"string"},"auditRef":{"type":"string"},"domain":{"description":"Name of the domain that policy belongs to\n","type":"string"},"name":{"description":"Name of the policy\n","type":"string"},"policyVersionId":{"description":"The ID of this resource.\n","type":"string"},"versions":{"description":"- A set of policy versions\n","items":{"$ref":"#/types/athenz:index%2FPolicyVersionVersion:PolicyVersionVersion"},"type":"array"}},"required":["activeVersion","domain","name","policyVersionId","versions"],"requiredInputs":["activeVersion","domain","versions"],"stateInputs":{"description":"Input properties used for looking up and filtering PolicyVersion resources.\n","properties":{"activeVersion":{"description":"The active version of the policy. Must match one of the version name defined un the resource\n","type":"string"},"auditRef":{"type":"string"},"domain":{"description":"Name of the domain that policy belongs to\n","type":"string"},"name":{"description":"Name of the policy\n","type":"string"},"policyVersionId":{"description":"The ID of this resource.\n","type":"string"},"versions":{"description":"- A set of policy versions\n","items":{"$ref":"#/types/athenz:index%2FPolicyVersionVersion:PolicyVersionVersion"},"type":"array"}},"type":"object"},"type":"object"},"athenz:index/role:Role":{"description":"<span pulumi-lang-nodejs=\"`athenz.Role`\" pulumi-lang-dotnet=\"`athenz.Role`\" pulumi-lang-go=\"`Role`\" pulumi-lang-python=\"`Role`\" pulumi-lang-yaml=\"`athenz.Role`\" pulumi-lang-java=\"`athenz.Role`\">`athenz.Role`</span> provides an Athenz role resource.\n\n## Example Usage\n\nIMPORTANT NOTE: please do NOT use json syntax but only hcl syntax\n\n<!--Start PulumiCodeChooser -->\n```yaml\nresources:\n  fooRole:\n    type: athenz:Role\n    name: foo_role\n    properties:\n      name: some_name\n      domain: some_domain\n      members:\n        - name: domain1.user1\n          expiration: 2022-12-29 23:59:59\n          review: 2023-12-29 23:59:59\n        - name: domain2.user2\n          expiration: 2022-12-29 23:59:59\n          review: 2023-12-29 23:59:59\n        - name: domain3.user3\n          expiration: 2022-12-29 23:59:59\n          review: 2023-12-29 23:59:59\n      settings:\n        tokenExpiryMins: 60\n        certExpiryMins: 60\n        userExpiryDays: 7\n        userReviewDays: 7\n        groupExpiryDays: 14\n        groupReviewDays: 14\n        serviceExpiryDays: 21\n        serviceReviewDays: 21\n      auditRef: create role\n      tags:\n        key1: val1,val2\n        key2: val3,val4\n```\n<!--End PulumiCodeChooser -->\n\n\n### Deprecated** (Please Use As Explained In The Second Example)\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst fooRole = new athenz.Role(\"foo_role\", {\n    name: \"some_name\",\n    domain: \"some_domain\",\n    members: [\n        \"domain1.user1\",\n        \"domain2.user2\",\n    ],\n    auditRef: \"create role\",\n    tags: {\n        key1: \"val1,val2\",\n        key2: \"val3,val4\",\n    },\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nfoo_role = athenz.Role(\"foo_role\",\n    name=\"some_name\",\n    domain=\"some_domain\",\n    members=[\n        \"domain1.user1\",\n        \"domain2.user2\",\n    ],\n    audit_ref=\"create role\",\n    tags={\n        \"key1\": \"val1,val2\",\n        \"key2\": \"val3,val4\",\n    })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var fooRole = new Athenz.Role(\"foo_role\", new()\n    {\n        Name = \"some_name\",\n        Domain = \"some_domain\",\n        Members = new[]\n        {\n            \"domain1.user1\",\n            \"domain2.user2\",\n        },\n        AuditRef = \"create role\",\n        Tags = \n        {\n            { \"key1\", \"val1,val2\" },\n            { \"key2\", \"val3,val4\" },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := athenz.NewRole(ctx, \"foo_role\", &athenz.RoleArgs{\n\t\t\tName:   pulumi.String(\"some_name\"),\n\t\t\tDomain: pulumi.String(\"some_domain\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"domain1.user1\"),\n\t\t\t\tpulumi.String(\"domain2.user2\"),\n\t\t\t},\n\t\t\tAuditRef: pulumi.String(\"create role\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"val1,val2\"),\n\t\t\t\t\"key2\": pulumi.String(\"val3,val4\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.Role;\nimport com.pulumi.athenz.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var fooRole = new Role(\"fooRole\", RoleArgs.builder()\n            .name(\"some_name\")\n            .domain(\"some_domain\")\n            .members(            \n                \"domain1.user1\",\n                \"domain2.user2\")\n            .auditRef(\"create role\")\n            .tags(Map.ofEntries(\n                Map.entry(\"key1\", \"val1,val2\"),\n                Map.entry(\"key2\", \"val3,val4\")\n            ))\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  fooRole:\n    type: athenz:Role\n    name: foo_role\n    properties:\n      name: some_name\n      domain: some_domain\n      members:\n        - domain1.user1\n        - domain2.user2\n      auditRef: create role\n      tags:\n        key1: val1,val2\n        key2: val3,val4\n```\n<!--End PulumiCodeChooser -->\n\n## Example Delegated Role Usage\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst fooRole = new athenz.Role(\"foo_role\", {\n    name: \"some_name\",\n    domain: \"some_domain\",\n    trust: \"some_delegated_domain\",\n    auditRef: \"create delegated role\",\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nfoo_role = athenz.Role(\"foo_role\",\n    name=\"some_name\",\n    domain=\"some_domain\",\n    trust=\"some_delegated_domain\",\n    audit_ref=\"create delegated role\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var fooRole = new Athenz.Role(\"foo_role\", new()\n    {\n        Name = \"some_name\",\n        Domain = \"some_domain\",\n        Trust = \"some_delegated_domain\",\n        AuditRef = \"create delegated role\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := athenz.NewRole(ctx, \"foo_role\", &athenz.RoleArgs{\n\t\t\tName:     pulumi.String(\"some_name\"),\n\t\t\tDomain:   pulumi.String(\"some_domain\"),\n\t\t\tTrust:    pulumi.String(\"some_delegated_domain\"),\n\t\t\tAuditRef: pulumi.String(\"create delegated role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.Role;\nimport com.pulumi.athenz.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var fooRole = new Role(\"fooRole\", RoleArgs.builder()\n            .name(\"some_name\")\n            .domain(\"some_domain\")\n            .trust(\"some_delegated_domain\")\n            .auditRef(\"create delegated role\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  fooRole:\n    type: athenz:Role\n    name: foo_role\n    properties:\n      name: some_name\n      domain: some_domain\n      trust: some_delegated_domain\n      auditRef: create delegated role\n```\n<!--End PulumiCodeChooser -->\n","inputProperties":{"auditEnabled":{"description":"audit enabled flag for the role\n","type":"boolean"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"deleteProtection":{"description":"If true, ask for delete confirmation in audit and review enabled roles\n","type":"boolean"},"description":{"description":"description for the role\n","type":"string"},"domain":{"description":"Name of the domain that role belongs to\n","type":"string"},"lastReviewedDate":{"description":"The last reviewed timestamp for the role\n","type":"string"},"member":{"description":"A set of Athenz principal members\n","items":{"$ref":"#/types/athenz:index%2FRoleMember:RoleMember"},"type":"array"},"members":{"deprecationMessage":"Deprecated","description":"**Deprecated** use member attribute instead (Optional) List of Athenz principal members. must be in this format: `user.<userid> or <domain>.<service> or <domain>:group.<group>`.\n","items":{"type":"string"},"type":"array"},"name":{"description":"Name of the role\n","type":"string"},"notifyDetails":{"description":"Set of instructions included in notifications for review and audit enabled roles\n","type":"string"},"notifyRoles":{"description":"comma seperated list of roles whose members should be notified for member review/approval\n","type":"string"},"principalDomainFilter":{"description":"comma seperated list of domains to enforce principal membership\n","type":"string"},"reviewEnabled":{"description":"Flag indicates whether role updates require another review and approval\n","type":"boolean"},"roleId":{"description":"The ID of this resource.\n","type":"string"},"selfRenew":{"description":"Flag indicates whether to allow expired members to renew their membership\n","type":"boolean"},"selfRenewMins":{"description":"Number of minutes members can renew their membership if self review option is enabled\n","type":"number"},"selfServe":{"description":"Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.\n","type":"boolean"},"settings":{"$ref":"#/types/athenz:index%2FRoleSettings:RoleSettings","description":"A map of advanced settings with the following options\n"},"signAlgorithm":{"description":"sign algorithm to be used for tokens issued for this role: rsa or ec\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"description":"- Map of tags. The key is the tag-name and value is the tag-values are represented as a string with a comma separator. e.g. key1 = \"val1,val2\", this will be converted to: key1 = [\"val1\", \"val2\"]\n","type":"object"},"trust":{"description":"The domain, which this role is trusted to.\n","type":"string"},"userAuthorityExpiration":{"description":"expiration enforced by a user authority configured attribute\n","type":"string"},"userAuthorityFilter":{"description":"membership filtered based on user authority configured attributes\n","type":"string"}},"properties":{"auditEnabled":{"description":"audit enabled flag for the role\n","type":"boolean"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"deleteProtection":{"description":"If true, ask for delete confirmation in audit and review enabled roles\n","type":"boolean"},"description":{"description":"description for the role\n","type":"string"},"domain":{"description":"Name of the domain that role belongs to\n","type":"string"},"lastReviewedDate":{"description":"The last reviewed timestamp for the role\n","type":"string"},"member":{"description":"A set of Athenz principal members\n","items":{"$ref":"#/types/athenz:index%2FRoleMember:RoleMember"},"type":"array"},"members":{"deprecationMessage":"Deprecated","description":"**Deprecated** use member attribute instead (Optional) List of Athenz principal members. must be in this format: `user.<userid> or <domain>.<service> or <domain>:group.<group>`.\n","items":{"type":"string"},"type":"array"},"name":{"description":"Name of the role\n","type":"string"},"notifyDetails":{"description":"Set of instructions included in notifications for review and audit enabled roles\n","type":"string"},"notifyRoles":{"description":"comma seperated list of roles whose members should be notified for member review/approval\n","type":"string"},"principalDomainFilter":{"description":"comma seperated list of domains to enforce principal membership\n","type":"string"},"reviewEnabled":{"description":"Flag indicates whether role updates require another review and approval\n","type":"boolean"},"roleId":{"description":"The ID of this resource.\n","type":"string"},"selfRenew":{"description":"Flag indicates whether to allow expired members to renew their membership\n","type":"boolean"},"selfRenewMins":{"description":"Number of minutes members can renew their membership if self review option is enabled\n","type":"number"},"selfServe":{"description":"Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.\n","type":"boolean"},"settings":{"$ref":"#/types/athenz:index%2FRoleSettings:RoleSettings","description":"A map of advanced settings with the following options\n"},"signAlgorithm":{"description":"sign algorithm to be used for tokens issued for this role: rsa or ec\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"description":"- Map of tags. The key is the tag-name and value is the tag-values are represented as a string with a comma separator. e.g. key1 = \"val1,val2\", this will be converted to: key1 = [\"val1\", \"val2\"]\n","type":"object"},"trust":{"description":"The domain, which this role is trusted to.\n","type":"string"},"userAuthorityExpiration":{"description":"expiration enforced by a user authority configured attribute\n","type":"string"},"userAuthorityFilter":{"description":"membership filtered based on user authority configured attributes\n","type":"string"}},"required":["domain","name","roleId"],"requiredInputs":["domain"],"stateInputs":{"description":"Input properties used for looking up and filtering Role resources.\n","properties":{"auditEnabled":{"description":"audit enabled flag for the role\n","type":"boolean"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"deleteProtection":{"description":"If true, ask for delete confirmation in audit and review enabled roles\n","type":"boolean"},"description":{"description":"description for the role\n","type":"string"},"domain":{"description":"Name of the domain that role belongs to\n","type":"string"},"lastReviewedDate":{"description":"The last reviewed timestamp for the role\n","type":"string"},"member":{"description":"A set of Athenz principal members\n","items":{"$ref":"#/types/athenz:index%2FRoleMember:RoleMember"},"type":"array"},"members":{"deprecationMessage":"Deprecated","description":"**Deprecated** use member attribute instead (Optional) List of Athenz principal members. must be in this format: `user.<userid> or <domain>.<service> or <domain>:group.<group>`.\n","items":{"type":"string"},"type":"array"},"name":{"description":"Name of the role\n","type":"string"},"notifyDetails":{"description":"Set of instructions included in notifications for review and audit enabled roles\n","type":"string"},"notifyRoles":{"description":"comma seperated list of roles whose members should be notified for member review/approval\n","type":"string"},"principalDomainFilter":{"description":"comma seperated list of domains to enforce principal membership\n","type":"string"},"reviewEnabled":{"description":"Flag indicates whether role updates require another review and approval\n","type":"boolean"},"roleId":{"description":"The ID of this resource.\n","type":"string"},"selfRenew":{"description":"Flag indicates whether to allow expired members to renew their membership\n","type":"boolean"},"selfRenewMins":{"description":"Number of minutes members can renew their membership if self review option is enabled\n","type":"number"},"selfServe":{"description":"Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.\n","type":"boolean"},"settings":{"$ref":"#/types/athenz:index%2FRoleSettings:RoleSettings","description":"A map of advanced settings with the following options\n"},"signAlgorithm":{"description":"sign algorithm to be used for tokens issued for this role: rsa or ec\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"description":"- Map of tags. The key is the tag-name and value is the tag-values are represented as a string with a comma separator. e.g. key1 = \"val1,val2\", this will be converted to: key1 = [\"val1\", \"val2\"]\n","type":"object"},"trust":{"description":"The domain, which this role is trusted to.\n","type":"string"},"userAuthorityExpiration":{"description":"expiration enforced by a user authority configured attribute\n","type":"string"},"userAuthorityFilter":{"description":"membership filtered based on user authority configured attributes\n","type":"string"}},"type":"object"},"type":"object"},"athenz:index/roleMembers:RoleMembers":{"description":"<span pulumi-lang-nodejs=\"`athenz.RoleMembers`\" pulumi-lang-dotnet=\"`athenz.RoleMembers`\" pulumi-lang-go=\"`RoleMembers`\" pulumi-lang-python=\"`RoleMembers`\" pulumi-lang-yaml=\"`athenz.RoleMembers`\" pulumi-lang-java=\"`athenz.RoleMembers`\">`athenz.RoleMembers`</span> provides an Athenz role resource.\n\n## Example Usage\n\nIMPORTANT NOTE: please do NOT use json syntax but only hcl syntax\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst fooRole = new athenz.RoleMembers(\"foo_role\", {\n    name: \"some_name\",\n    domain: \"some_domain\",\n    members: [\n        {\n            name: \"domain1.user1\",\n            expiration: \"2022-12-29 23:59:59\",\n            review: \"2023-12-29 23:59:59\",\n        },\n        {\n            name: \"domain2.user2\",\n            expiration: \"2022-12-29 23:59:59\",\n            review: \"2023-12-29 23:59:59\",\n        },\n        {\n            name: \"domain3.user3\",\n            expiration: \"2022-12-29 23:59:59\",\n            review: \"2023-12-29 23:59:59\",\n        },\n    ],\n    auditRef: \"manage role membership\",\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nfoo_role = athenz.RoleMembers(\"foo_role\",\n    name=\"some_name\",\n    domain=\"some_domain\",\n    members=[\n        {\n            \"name\": \"domain1.user1\",\n            \"expiration\": \"2022-12-29 23:59:59\",\n            \"review\": \"2023-12-29 23:59:59\",\n        },\n        {\n            \"name\": \"domain2.user2\",\n            \"expiration\": \"2022-12-29 23:59:59\",\n            \"review\": \"2023-12-29 23:59:59\",\n        },\n        {\n            \"name\": \"domain3.user3\",\n            \"expiration\": \"2022-12-29 23:59:59\",\n            \"review\": \"2023-12-29 23:59:59\",\n        },\n    ],\n    audit_ref=\"manage role membership\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var fooRole = new Athenz.RoleMembers(\"foo_role\", new()\n    {\n        Name = \"some_name\",\n        Domain = \"some_domain\",\n        Members = new[]\n        {\n            new Athenz.Inputs.RoleMembersMemberArgs\n            {\n                Name = \"domain1.user1\",\n                Expiration = \"2022-12-29 23:59:59\",\n                Review = \"2023-12-29 23:59:59\",\n            },\n            new Athenz.Inputs.RoleMembersMemberArgs\n            {\n                Name = \"domain2.user2\",\n                Expiration = \"2022-12-29 23:59:59\",\n                Review = \"2023-12-29 23:59:59\",\n            },\n            new Athenz.Inputs.RoleMembersMemberArgs\n            {\n                Name = \"domain3.user3\",\n                Expiration = \"2022-12-29 23:59:59\",\n                Review = \"2023-12-29 23:59:59\",\n            },\n        },\n        AuditRef = \"manage role membership\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := athenz.NewRoleMembers(ctx, \"foo_role\", &athenz.RoleMembersArgs{\n\t\t\tName:   pulumi.String(\"some_name\"),\n\t\t\tDomain: pulumi.String(\"some_domain\"),\n\t\t\tMembers: athenz.RoleMembersMemberArray{\n\t\t\t\t&athenz.RoleMembersMemberArgs{\n\t\t\t\t\tName:       pulumi.String(\"domain1.user1\"),\n\t\t\t\t\tExpiration: pulumi.String(\"2022-12-29 23:59:59\"),\n\t\t\t\t\tReview:     pulumi.String(\"2023-12-29 23:59:59\"),\n\t\t\t\t},\n\t\t\t\t&athenz.RoleMembersMemberArgs{\n\t\t\t\t\tName:       pulumi.String(\"domain2.user2\"),\n\t\t\t\t\tExpiration: pulumi.String(\"2022-12-29 23:59:59\"),\n\t\t\t\t\tReview:     pulumi.String(\"2023-12-29 23:59:59\"),\n\t\t\t\t},\n\t\t\t\t&athenz.RoleMembersMemberArgs{\n\t\t\t\t\tName:       pulumi.String(\"domain3.user3\"),\n\t\t\t\t\tExpiration: pulumi.String(\"2022-12-29 23:59:59\"),\n\t\t\t\t\tReview:     pulumi.String(\"2023-12-29 23:59:59\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAuditRef: pulumi.String(\"manage role membership\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.RoleMembers;\nimport com.pulumi.athenz.RoleMembersArgs;\nimport com.pulumi.athenz.inputs.RoleMembersMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var fooRole = new RoleMembers(\"fooRole\", RoleMembersArgs.builder()\n            .name(\"some_name\")\n            .domain(\"some_domain\")\n            .members(            \n                RoleMembersMemberArgs.builder()\n                    .name(\"domain1.user1\")\n                    .expiration(\"2022-12-29 23:59:59\")\n                    .review(\"2023-12-29 23:59:59\")\n                    .build(),\n                RoleMembersMemberArgs.builder()\n                    .name(\"domain2.user2\")\n                    .expiration(\"2022-12-29 23:59:59\")\n                    .review(\"2023-12-29 23:59:59\")\n                    .build(),\n                RoleMembersMemberArgs.builder()\n                    .name(\"domain3.user3\")\n                    .expiration(\"2022-12-29 23:59:59\")\n                    .review(\"2023-12-29 23:59:59\")\n                    .build())\n            .auditRef(\"manage role membership\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  fooRole:\n    type: athenz:RoleMembers\n    name: foo_role\n    properties:\n      name: some_name\n      domain: some_domain\n      members:\n        - name: domain1.user1\n          expiration: 2022-12-29 23:59:59\n          review: 2023-12-29 23:59:59\n        - name: domain2.user2\n          expiration: 2022-12-29 23:59:59\n          review: 2023-12-29 23:59:59\n        - name: domain3.user3\n          expiration: 2022-12-29 23:59:59\n          review: 2023-12-29 23:59:59\n      auditRef: manage role membership\n```\n<!--End PulumiCodeChooser -->\n","inputProperties":{"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"domain":{"description":"Name of the domain that role belongs to\n","type":"string"},"members":{"description":"A set of Athenz principal members\n","items":{"$ref":"#/types/athenz:index%2FRoleMembersMember:RoleMembersMember"},"type":"array"},"name":{"description":"Name of the role\n","type":"string"},"roleMembersId":{"description":"The ID of this resource.\n","type":"string"}},"properties":{"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"domain":{"description":"Name of the domain that role belongs to\n","type":"string"},"members":{"description":"A set of Athenz principal members\n","items":{"$ref":"#/types/athenz:index%2FRoleMembersMember:RoleMembersMember"},"type":"array"},"name":{"description":"Name of the role\n","type":"string"},"roleMembersId":{"description":"The ID of this resource.\n","type":"string"}},"required":["domain","name","roleMembersId"],"requiredInputs":["domain"],"stateInputs":{"description":"Input properties used for looking up and filtering RoleMembers resources.\n","properties":{"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"domain":{"description":"Name of the domain that role belongs to\n","type":"string"},"members":{"description":"A set of Athenz principal members\n","items":{"$ref":"#/types/athenz:index%2FRoleMembersMember:RoleMembersMember"},"type":"array"},"name":{"description":"Name of the role\n","type":"string"},"roleMembersId":{"description":"The ID of this resource.\n","type":"string"}},"type":"object"},"type":"object"},"athenz:index/roleMeta:RoleMeta":{"description":"## Example Usage\n\nIMPORTANT NOTE: please do NOT use json syntax but only hcl syntax\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst roleMeta = new athenz.RoleMeta(\"role_meta\", {\n    name: \"some_role\",\n    domain: \"some_domain\",\n    tokenExpiryMins: 360,\n    certExpiryMins: 720,\n    userExpiryDays: 90,\n    userReviewDays: 60,\n    groupExpiryDays: 90,\n    groupReviewDays: 60,\n    serviceReviewDays: 120,\n    serviceExpiryDays: 90,\n    maxMembers: 250,\n    selfServe: true,\n    selfRenew: false,\n    selfRenewMins: 90,\n    deleteProtection: false,\n    reviewEnabled: false,\n    signAlgorithm: \"ec\",\n    description: \"meta role test description\",\n    userAuthorityFilter: \"OnShore-US\",\n    userAuthorityExpiration: \"ElevatedClearance\",\n    notifyRoles: \"role1,role2\",\n    notifyDetails: \"notify details\",\n    principalDomainFilter: \"user,home,+sports,-sports.dev\",\n    tags: {\n        key1: \"val1,val2\",\n        key2: \"val3,val4\",\n    },\n    auditRef: \"update role meta\",\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nrole_meta = athenz.RoleMeta(\"role_meta\",\n    name=\"some_role\",\n    domain=\"some_domain\",\n    token_expiry_mins=360,\n    cert_expiry_mins=720,\n    user_expiry_days=90,\n    user_review_days=60,\n    group_expiry_days=90,\n    group_review_days=60,\n    service_review_days=120,\n    service_expiry_days=90,\n    max_members=250,\n    self_serve=True,\n    self_renew=False,\n    self_renew_mins=90,\n    delete_protection=False,\n    review_enabled=False,\n    sign_algorithm=\"ec\",\n    description=\"meta role test description\",\n    user_authority_filter=\"OnShore-US\",\n    user_authority_expiration=\"ElevatedClearance\",\n    notify_roles=\"role1,role2\",\n    notify_details=\"notify details\",\n    principal_domain_filter=\"user,home,+sports,-sports.dev\",\n    tags={\n        \"key1\": \"val1,val2\",\n        \"key2\": \"val3,val4\",\n    },\n    audit_ref=\"update role meta\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var roleMeta = new Athenz.RoleMeta(\"role_meta\", new()\n    {\n        Name = \"some_role\",\n        Domain = \"some_domain\",\n        TokenExpiryMins = 360,\n        CertExpiryMins = 720,\n        UserExpiryDays = 90,\n        UserReviewDays = 60,\n        GroupExpiryDays = 90,\n        GroupReviewDays = 60,\n        ServiceReviewDays = 120,\n        ServiceExpiryDays = 90,\n        MaxMembers = 250,\n        SelfServe = true,\n        SelfRenew = false,\n        SelfRenewMins = 90,\n        DeleteProtection = false,\n        ReviewEnabled = false,\n        SignAlgorithm = \"ec\",\n        Description = \"meta role test description\",\n        UserAuthorityFilter = \"OnShore-US\",\n        UserAuthorityExpiration = \"ElevatedClearance\",\n        NotifyRoles = \"role1,role2\",\n        NotifyDetails = \"notify details\",\n        PrincipalDomainFilter = \"user,home,+sports,-sports.dev\",\n        Tags = \n        {\n            { \"key1\", \"val1,val2\" },\n            { \"key2\", \"val3,val4\" },\n        },\n        AuditRef = \"update role meta\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := athenz.NewRoleMeta(ctx, \"role_meta\", &athenz.RoleMetaArgs{\n\t\t\tName:                    pulumi.String(\"some_role\"),\n\t\t\tDomain:                  pulumi.String(\"some_domain\"),\n\t\t\tTokenExpiryMins:         pulumi.Float64(360),\n\t\t\tCertExpiryMins:          pulumi.Float64(720),\n\t\t\tUserExpiryDays:          pulumi.Float64(90),\n\t\t\tUserReviewDays:          pulumi.Float64(60),\n\t\t\tGroupExpiryDays:         pulumi.Float64(90),\n\t\t\tGroupReviewDays:         pulumi.Float64(60),\n\t\t\tServiceReviewDays:       pulumi.Float64(120),\n\t\t\tServiceExpiryDays:       pulumi.Float64(90),\n\t\t\tMaxMembers:              pulumi.Float64(250),\n\t\t\tSelfServe:               pulumi.Bool(true),\n\t\t\tSelfRenew:               pulumi.Bool(false),\n\t\t\tSelfRenewMins:           pulumi.Float64(90),\n\t\t\tDeleteProtection:        pulumi.Bool(false),\n\t\t\tReviewEnabled:           pulumi.Bool(false),\n\t\t\tSignAlgorithm:           pulumi.String(\"ec\"),\n\t\t\tDescription:             pulumi.String(\"meta role test description\"),\n\t\t\tUserAuthorityFilter:     pulumi.String(\"OnShore-US\"),\n\t\t\tUserAuthorityExpiration: pulumi.String(\"ElevatedClearance\"),\n\t\t\tNotifyRoles:             pulumi.String(\"role1,role2\"),\n\t\t\tNotifyDetails:           pulumi.String(\"notify details\"),\n\t\t\tPrincipalDomainFilter:   pulumi.String(\"user,home,+sports,-sports.dev\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"key1\": pulumi.String(\"val1,val2\"),\n\t\t\t\t\"key2\": pulumi.String(\"val3,val4\"),\n\t\t\t},\n\t\t\tAuditRef: pulumi.String(\"update role meta\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.RoleMeta;\nimport com.pulumi.athenz.RoleMetaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var roleMeta = new RoleMeta(\"roleMeta\", RoleMetaArgs.builder()\n            .name(\"some_role\")\n            .domain(\"some_domain\")\n            .tokenExpiryMins(360.0)\n            .certExpiryMins(720.0)\n            .userExpiryDays(90.0)\n            .userReviewDays(60.0)\n            .groupExpiryDays(90.0)\n            .groupReviewDays(60.0)\n            .serviceReviewDays(120.0)\n            .serviceExpiryDays(90.0)\n            .maxMembers(250.0)\n            .selfServe(true)\n            .selfRenew(false)\n            .selfRenewMins(90.0)\n            .deleteProtection(false)\n            .reviewEnabled(false)\n            .signAlgorithm(\"ec\")\n            .description(\"meta role test description\")\n            .userAuthorityFilter(\"OnShore-US\")\n            .userAuthorityExpiration(\"ElevatedClearance\")\n            .notifyRoles(\"role1,role2\")\n            .notifyDetails(\"notify details\")\n            .principalDomainFilter(\"user,home,+sports,-sports.dev\")\n            .tags(Map.ofEntries(\n                Map.entry(\"key1\", \"val1,val2\"),\n                Map.entry(\"key2\", \"val3,val4\")\n            ))\n            .auditRef(\"update role meta\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  roleMeta:\n    type: athenz:RoleMeta\n    name: role_meta\n    properties:\n      name: some_role\n      domain: some_domain\n      tokenExpiryMins: 360\n      certExpiryMins: 720\n      userExpiryDays: 90\n      userReviewDays: 60\n      groupExpiryDays: 90\n      groupReviewDays: 60\n      serviceReviewDays: 120\n      serviceExpiryDays: 90\n      maxMembers: 250\n      selfServe: true\n      selfRenew: false\n      selfRenewMins: 90\n      deleteProtection: false\n      reviewEnabled: false\n      signAlgorithm: ec\n      description: meta role test description\n      userAuthorityFilter: OnShore-US\n      userAuthorityExpiration: ElevatedClearance\n      notifyRoles: role1,role2\n      notifyDetails: notify details\n      principalDomainFilter: user,home,+sports,-sports.dev\n      tags:\n        key1: val1,val2\n        key2: val3,val4\n      auditRef: update role meta\n```\n<!--End PulumiCodeChooser -->\n\n#<span pulumi-lang-nodejs=\" athenz.RoleMeta \" pulumi-lang-dotnet=\" athenz.RoleMeta \" pulumi-lang-go=\" RoleMeta \" pulumi-lang-python=\" RoleMeta \" pulumi-lang-yaml=\" athenz.RoleMeta \" pulumi-lang-java=\" athenz.RoleMeta \"> athenz.RoleMeta </span>(Resource)\n\n<span pulumi-lang-nodejs=\"`athenz.RoleMeta`\" pulumi-lang-dotnet=\"`athenz.RoleMeta`\" pulumi-lang-go=\"`RoleMeta`\" pulumi-lang-python=\"`RoleMeta`\" pulumi-lang-yaml=\"`athenz.RoleMeta`\" pulumi-lang-java=\"`athenz.RoleMeta`\">`athenz.RoleMeta`</span> provides an Athenz role meta resource.\n","inputProperties":{"auditEnabled":{"description":"audit enabled flag for the role\n","type":"boolean"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"certExpiryMins":{"description":"role certs issued for this role will have specified max timeout in minutes\n","type":"number"},"deleteProtection":{"description":"If true, ask for delete confirmation in audit and review enabled roles\n","type":"boolean"},"description":{"description":"description for the role\n","type":"string"},"domain":{"description":"name of the domain\n","type":"string"},"groupExpiryDays":{"description":"all groups in the role will have specified max expiry days\n","type":"number"},"groupReviewDays":{"description":"all groups in the role will have specified review reminder days\n","type":"number"},"maxMembers":{"description":"maximum number of members allowed in the role\n","type":"number"},"name":{"description":"Name of the role\n","type":"string"},"notifyDetails":{"description":"Set of instructions included in notifications for review and audit enabled roles\n","type":"string"},"notifyRoles":{"description":"comma seperated list of roles whose members should be notified for member review/approval\n","type":"string"},"principalDomainFilter":{"description":"comma seperated list of domains to enforce principal membership\n","type":"string"},"resourceState":{"description":"Bitmask of resource state flags controlling role behavior when creating or destroying the resource. 0x01: create the role if not already present, 0x02: always delete the role when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level\n","type":"number"},"reviewEnabled":{"description":"Flag indicates whether role updates require another review and approval\n","type":"boolean"},"roleMetaId":{"description":"The ID of this resource.\n","type":"string"},"selfRenew":{"description":"Flag indicates whether to allow expired members to renew their membership\n","type":"boolean"},"selfRenewMins":{"description":"Number of minutes members can renew their membership if self review option is enabled\n","type":"number"},"selfServe":{"description":"Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.\n","type":"boolean"},"serviceExpiryDays":{"description":"all services in the role will have specified max expiry days\n","type":"number"},"serviceReviewDays":{"description":"all services in the role will have specified review reminder days\n","type":"number"},"signAlgorithm":{"description":"sign algorithm to be used for tokens issued for this role: rsa or ec\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"description":"map of role tags\n","type":"object"},"tokenExpiryMins":{"description":"tokens issued for this role will have specified max timeout in minutes\n","type":"number"},"userAuthorityExpiration":{"description":"expiration enforced by a user authority configured attribute\n","type":"string"},"userAuthorityFilter":{"description":"membership filtered based on user authority configured attributes\n","type":"string"},"userExpiryDays":{"description":"all user members in the role will have specified max expiry days\n","type":"number"},"userReviewDays":{"description":"all user members in the role will have specified review reminder days\n","type":"number"}},"properties":{"auditEnabled":{"description":"audit enabled flag for the role\n","type":"boolean"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"certExpiryMins":{"description":"role certs issued for this role will have specified max timeout in minutes\n","type":"number"},"deleteProtection":{"description":"If true, ask for delete confirmation in audit and review enabled roles\n","type":"boolean"},"description":{"description":"description for the role\n","type":"string"},"domain":{"description":"name of the domain\n","type":"string"},"groupExpiryDays":{"description":"all groups in the role will have specified max expiry days\n","type":"number"},"groupReviewDays":{"description":"all groups in the role will have specified review reminder days\n","type":"number"},"maxMembers":{"description":"maximum number of members allowed in the role\n","type":"number"},"name":{"description":"Name of the role\n","type":"string"},"notifyDetails":{"description":"Set of instructions included in notifications for review and audit enabled roles\n","type":"string"},"notifyRoles":{"description":"comma seperated list of roles whose members should be notified for member review/approval\n","type":"string"},"principalDomainFilter":{"description":"comma seperated list of domains to enforce principal membership\n","type":"string"},"resourceState":{"description":"Bitmask of resource state flags controlling role behavior when creating or destroying the resource. 0x01: create the role if not already present, 0x02: always delete the role when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level\n","type":"number"},"reviewEnabled":{"description":"Flag indicates whether role updates require another review and approval\n","type":"boolean"},"roleMetaId":{"description":"The ID of this resource.\n","type":"string"},"selfRenew":{"description":"Flag indicates whether to allow expired members to renew their membership\n","type":"boolean"},"selfRenewMins":{"description":"Number of minutes members can renew their membership if self review option is enabled\n","type":"number"},"selfServe":{"description":"Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.\n","type":"boolean"},"serviceExpiryDays":{"description":"all services in the role will have specified max expiry days\n","type":"number"},"serviceReviewDays":{"description":"all services in the role will have specified review reminder days\n","type":"number"},"signAlgorithm":{"description":"sign algorithm to be used for tokens issued for this role: rsa or ec\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"description":"map of role tags\n","type":"object"},"tokenExpiryMins":{"description":"tokens issued for this role will have specified max timeout in minutes\n","type":"number"},"userAuthorityExpiration":{"description":"expiration enforced by a user authority configured attribute\n","type":"string"},"userAuthorityFilter":{"description":"membership filtered based on user authority configured attributes\n","type":"string"},"userExpiryDays":{"description":"all user members in the role will have specified max expiry days\n","type":"number"},"userReviewDays":{"description":"all user members in the role will have specified review reminder days\n","type":"number"}},"required":["domain","name","roleMetaId"],"requiredInputs":["domain"],"stateInputs":{"description":"Input properties used for looking up and filtering RoleMeta resources.\n","properties":{"auditEnabled":{"description":"audit enabled flag for the role\n","type":"boolean"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"certExpiryMins":{"description":"role certs issued for this role will have specified max timeout in minutes\n","type":"number"},"deleteProtection":{"description":"If true, ask for delete confirmation in audit and review enabled roles\n","type":"boolean"},"description":{"description":"description for the role\n","type":"string"},"domain":{"description":"name of the domain\n","type":"string"},"groupExpiryDays":{"description":"all groups in the role will have specified max expiry days\n","type":"number"},"groupReviewDays":{"description":"all groups in the role will have specified review reminder days\n","type":"number"},"maxMembers":{"description":"maximum number of members allowed in the role\n","type":"number"},"name":{"description":"Name of the role\n","type":"string"},"notifyDetails":{"description":"Set of instructions included in notifications for review and audit enabled roles\n","type":"string"},"notifyRoles":{"description":"comma seperated list of roles whose members should be notified for member review/approval\n","type":"string"},"principalDomainFilter":{"description":"comma seperated list of domains to enforce principal membership\n","type":"string"},"resourceState":{"description":"Bitmask of resource state flags controlling role behavior when creating or destroying the resource. 0x01: create the role if not already present, 0x02: always delete the role when destroying the resource. Default value is -1 indicating to inherit the value defined at the provider configuration level\n","type":"number"},"reviewEnabled":{"description":"Flag indicates whether role updates require another review and approval\n","type":"boolean"},"roleMetaId":{"description":"The ID of this resource.\n","type":"string"},"selfRenew":{"description":"Flag indicates whether to allow expired members to renew their membership\n","type":"boolean"},"selfRenewMins":{"description":"Number of minutes members can renew their membership if self review option is enabled\n","type":"number"},"selfServe":{"description":"Flag indicates whether role allows self-service. Users can add themselves in the role, but it has to be approved by domain admins to be effective.\n","type":"boolean"},"serviceExpiryDays":{"description":"all services in the role will have specified max expiry days\n","type":"number"},"serviceReviewDays":{"description":"all services in the role will have specified review reminder days\n","type":"number"},"signAlgorithm":{"description":"sign algorithm to be used for tokens issued for this role: rsa or ec\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"description":"map of role tags\n","type":"object"},"tokenExpiryMins":{"description":"tokens issued for this role will have specified max timeout in minutes\n","type":"number"},"userAuthorityExpiration":{"description":"expiration enforced by a user authority configured attribute\n","type":"string"},"userAuthorityFilter":{"description":"membership filtered based on user authority configured attributes\n","type":"string"},"userExpiryDays":{"description":"all user members in the role will have specified max expiry days\n","type":"number"},"userReviewDays":{"description":"all user members in the role will have specified review reminder days\n","type":"number"}},"type":"object"},"type":"object"},"athenz:index/selfServeGroupMembers:SelfServeGroupMembers":{"description":"## Example Usage\n\nIMPORTANT NOTE: please do NOT use json syntax but only hcl syntax\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst fooGroup = new athenz.SelfServeGroupMembers(\"foo_group\", {\n    name: \"some_name\",\n    domain: \"some_domain\",\n    members: [\n        {\n            name: \"domain1.user1\",\n            expiration: \"2022-12-29 23:59:59\",\n        },\n        {\n            name: \"domain2.user2\",\n            expiration: \"2022-12-29 23:59:59\",\n        },\n        {\n            name: \"domain3.user3\",\n        },\n    ],\n    auditRef: \"manage group membership\",\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nfoo_group = athenz.SelfServeGroupMembers(\"foo_group\",\n    name=\"some_name\",\n    domain=\"some_domain\",\n    members=[\n        {\n            \"name\": \"domain1.user1\",\n            \"expiration\": \"2022-12-29 23:59:59\",\n        },\n        {\n            \"name\": \"domain2.user2\",\n            \"expiration\": \"2022-12-29 23:59:59\",\n        },\n        {\n            \"name\": \"domain3.user3\",\n        },\n    ],\n    audit_ref=\"manage group membership\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var fooGroup = new Athenz.SelfServeGroupMembers(\"foo_group\", new()\n    {\n        Name = \"some_name\",\n        Domain = \"some_domain\",\n        Members = new[]\n        {\n            new Athenz.Inputs.SelfServeGroupMembersMemberArgs\n            {\n                Name = \"domain1.user1\",\n                Expiration = \"2022-12-29 23:59:59\",\n            },\n            new Athenz.Inputs.SelfServeGroupMembersMemberArgs\n            {\n                Name = \"domain2.user2\",\n                Expiration = \"2022-12-29 23:59:59\",\n            },\n            new Athenz.Inputs.SelfServeGroupMembersMemberArgs\n            {\n                Name = \"domain3.user3\",\n            },\n        },\n        AuditRef = \"manage group membership\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := athenz.NewSelfServeGroupMembers(ctx, \"foo_group\", &athenz.SelfServeGroupMembersArgs{\n\t\t\tName:   pulumi.String(\"some_name\"),\n\t\t\tDomain: pulumi.String(\"some_domain\"),\n\t\t\tMembers: athenz.SelfServeGroupMembersMemberArray{\n\t\t\t\t&athenz.SelfServeGroupMembersMemberArgs{\n\t\t\t\t\tName:       pulumi.String(\"domain1.user1\"),\n\t\t\t\t\tExpiration: pulumi.String(\"2022-12-29 23:59:59\"),\n\t\t\t\t},\n\t\t\t\t&athenz.SelfServeGroupMembersMemberArgs{\n\t\t\t\t\tName:       pulumi.String(\"domain2.user2\"),\n\t\t\t\t\tExpiration: pulumi.String(\"2022-12-29 23:59:59\"),\n\t\t\t\t},\n\t\t\t\t&athenz.SelfServeGroupMembersMemberArgs{\n\t\t\t\t\tName: pulumi.String(\"domain3.user3\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAuditRef: pulumi.String(\"manage group membership\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.SelfServeGroupMembers;\nimport com.pulumi.athenz.SelfServeGroupMembersArgs;\nimport com.pulumi.athenz.inputs.SelfServeGroupMembersMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var fooGroup = new SelfServeGroupMembers(\"fooGroup\", SelfServeGroupMembersArgs.builder()\n            .name(\"some_name\")\n            .domain(\"some_domain\")\n            .members(            \n                SelfServeGroupMembersMemberArgs.builder()\n                    .name(\"domain1.user1\")\n                    .expiration(\"2022-12-29 23:59:59\")\n                    .build(),\n                SelfServeGroupMembersMemberArgs.builder()\n                    .name(\"domain2.user2\")\n                    .expiration(\"2022-12-29 23:59:59\")\n                    .build(),\n                SelfServeGroupMembersMemberArgs.builder()\n                    .name(\"domain3.user3\")\n                    .build())\n            .auditRef(\"manage group membership\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  fooGroup:\n    type: athenz:SelfServeGroupMembers\n    name: foo_group\n    properties:\n      name: some_name\n      domain: some_domain\n      members:\n        - name: domain1.user1\n          expiration: 2022-12-29 23:59:59\n        - name: domain2.user2\n          expiration: 2022-12-29 23:59:59\n        - name: domain3.user3\n      auditRef: manage group membership\n```\n<!--End PulumiCodeChooser -->\n","inputProperties":{"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"domain":{"description":"Name of the domain that group belongs to\n","type":"string"},"members":{"items":{"$ref":"#/types/athenz:index%2FSelfServeGroupMembersMember:SelfServeGroupMembersMember"},"type":"array"},"name":{"description":"Name of the group\n","type":"string"},"selfServeGroupMembersId":{"description":"The ID of this resource.\n","type":"string"}},"properties":{"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"domain":{"description":"Name of the domain that group belongs to\n","type":"string"},"members":{"items":{"$ref":"#/types/athenz:index%2FSelfServeGroupMembersMember:SelfServeGroupMembersMember"},"type":"array"},"name":{"description":"Name of the group\n","type":"string"},"selfServeGroupMembersId":{"description":"The ID of this resource.\n","type":"string"}},"required":["domain","name","selfServeGroupMembersId"],"requiredInputs":["domain"],"stateInputs":{"description":"Input properties used for looking up and filtering SelfServeGroupMembers resources.\n","properties":{"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"domain":{"description":"Name of the domain that group belongs to\n","type":"string"},"members":{"items":{"$ref":"#/types/athenz:index%2FSelfServeGroupMembersMember:SelfServeGroupMembersMember"},"type":"array"},"name":{"description":"Name of the group\n","type":"string"},"selfServeGroupMembersId":{"description":"The ID of this resource.\n","type":"string"}},"type":"object"},"type":"object"},"athenz:index/selfServeRoleMembers:SelfServeRoleMembers":{"description":"## Example Usage\n\nIMPORTANT NOTE: please do NOT use json syntax but only hcl syntax\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst fooRole = new athenz.SelfServeRoleMembers(\"foo_role\", {\n    name: \"some_name\",\n    domain: \"some_domain\",\n    members: [\n        {\n            name: \"domain1.user1\",\n            expiration: \"2022-12-29 23:59:59\",\n            review: \"2023-12-29 23:59:59\",\n        },\n        {\n            name: \"domain2.user2\",\n            expiration: \"2022-12-29 23:59:59\",\n            review: \"2023-12-29 23:59:59\",\n        },\n        {\n            name: \"domain3.user3\",\n            expiration: \"2022-12-29 23:59:59\",\n            review: \"2023-12-29 23:59:59\",\n        },\n    ],\n    auditRef: \"manage role membership\",\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nfoo_role = athenz.SelfServeRoleMembers(\"foo_role\",\n    name=\"some_name\",\n    domain=\"some_domain\",\n    members=[\n        {\n            \"name\": \"domain1.user1\",\n            \"expiration\": \"2022-12-29 23:59:59\",\n            \"review\": \"2023-12-29 23:59:59\",\n        },\n        {\n            \"name\": \"domain2.user2\",\n            \"expiration\": \"2022-12-29 23:59:59\",\n            \"review\": \"2023-12-29 23:59:59\",\n        },\n        {\n            \"name\": \"domain3.user3\",\n            \"expiration\": \"2022-12-29 23:59:59\",\n            \"review\": \"2023-12-29 23:59:59\",\n        },\n    ],\n    audit_ref=\"manage role membership\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var fooRole = new Athenz.SelfServeRoleMembers(\"foo_role\", new()\n    {\n        Name = \"some_name\",\n        Domain = \"some_domain\",\n        Members = new[]\n        {\n            new Athenz.Inputs.SelfServeRoleMembersMemberArgs\n            {\n                Name = \"domain1.user1\",\n                Expiration = \"2022-12-29 23:59:59\",\n                Review = \"2023-12-29 23:59:59\",\n            },\n            new Athenz.Inputs.SelfServeRoleMembersMemberArgs\n            {\n                Name = \"domain2.user2\",\n                Expiration = \"2022-12-29 23:59:59\",\n                Review = \"2023-12-29 23:59:59\",\n            },\n            new Athenz.Inputs.SelfServeRoleMembersMemberArgs\n            {\n                Name = \"domain3.user3\",\n                Expiration = \"2022-12-29 23:59:59\",\n                Review = \"2023-12-29 23:59:59\",\n            },\n        },\n        AuditRef = \"manage role membership\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := athenz.NewSelfServeRoleMembers(ctx, \"foo_role\", &athenz.SelfServeRoleMembersArgs{\n\t\t\tName:   pulumi.String(\"some_name\"),\n\t\t\tDomain: pulumi.String(\"some_domain\"),\n\t\t\tMembers: athenz.SelfServeRoleMembersMemberArray{\n\t\t\t\t&athenz.SelfServeRoleMembersMemberArgs{\n\t\t\t\t\tName:       pulumi.String(\"domain1.user1\"),\n\t\t\t\t\tExpiration: pulumi.String(\"2022-12-29 23:59:59\"),\n\t\t\t\t\tReview:     pulumi.String(\"2023-12-29 23:59:59\"),\n\t\t\t\t},\n\t\t\t\t&athenz.SelfServeRoleMembersMemberArgs{\n\t\t\t\t\tName:       pulumi.String(\"domain2.user2\"),\n\t\t\t\t\tExpiration: pulumi.String(\"2022-12-29 23:59:59\"),\n\t\t\t\t\tReview:     pulumi.String(\"2023-12-29 23:59:59\"),\n\t\t\t\t},\n\t\t\t\t&athenz.SelfServeRoleMembersMemberArgs{\n\t\t\t\t\tName:       pulumi.String(\"domain3.user3\"),\n\t\t\t\t\tExpiration: pulumi.String(\"2022-12-29 23:59:59\"),\n\t\t\t\t\tReview:     pulumi.String(\"2023-12-29 23:59:59\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAuditRef: pulumi.String(\"manage role membership\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.SelfServeRoleMembers;\nimport com.pulumi.athenz.SelfServeRoleMembersArgs;\nimport com.pulumi.athenz.inputs.SelfServeRoleMembersMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var fooRole = new SelfServeRoleMembers(\"fooRole\", SelfServeRoleMembersArgs.builder()\n            .name(\"some_name\")\n            .domain(\"some_domain\")\n            .members(            \n                SelfServeRoleMembersMemberArgs.builder()\n                    .name(\"domain1.user1\")\n                    .expiration(\"2022-12-29 23:59:59\")\n                    .review(\"2023-12-29 23:59:59\")\n                    .build(),\n                SelfServeRoleMembersMemberArgs.builder()\n                    .name(\"domain2.user2\")\n                    .expiration(\"2022-12-29 23:59:59\")\n                    .review(\"2023-12-29 23:59:59\")\n                    .build(),\n                SelfServeRoleMembersMemberArgs.builder()\n                    .name(\"domain3.user3\")\n                    .expiration(\"2022-12-29 23:59:59\")\n                    .review(\"2023-12-29 23:59:59\")\n                    .build())\n            .auditRef(\"manage role membership\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  fooRole:\n    type: athenz:SelfServeRoleMembers\n    name: foo_role\n    properties:\n      name: some_name\n      domain: some_domain\n      members:\n        - name: domain1.user1\n          expiration: 2022-12-29 23:59:59\n          review: 2023-12-29 23:59:59\n        - name: domain2.user2\n          expiration: 2022-12-29 23:59:59\n          review: 2023-12-29 23:59:59\n        - name: domain3.user3\n          expiration: 2022-12-29 23:59:59\n          review: 2023-12-29 23:59:59\n      auditRef: manage role membership\n```\n<!--End PulumiCodeChooser -->\n","inputProperties":{"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"domain":{"description":"Name of the domain that role belongs to\n","type":"string"},"members":{"items":{"$ref":"#/types/athenz:index%2FSelfServeRoleMembersMember:SelfServeRoleMembersMember"},"type":"array"},"name":{"description":"Name of the role\n","type":"string"},"selfServeRoleMembersId":{"description":"The ID of this resource.\n","type":"string"}},"properties":{"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"domain":{"description":"Name of the domain that role belongs to\n","type":"string"},"members":{"items":{"$ref":"#/types/athenz:index%2FSelfServeRoleMembersMember:SelfServeRoleMembersMember"},"type":"array"},"name":{"description":"Name of the role\n","type":"string"},"selfServeRoleMembersId":{"description":"The ID of this resource.\n","type":"string"}},"required":["domain","name","selfServeRoleMembersId"],"requiredInputs":["domain"],"stateInputs":{"description":"Input properties used for looking up and filtering SelfServeRoleMembers resources.\n","properties":{"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"domain":{"description":"Name of the domain that role belongs to\n","type":"string"},"members":{"items":{"$ref":"#/types/athenz:index%2FSelfServeRoleMembersMember:SelfServeRoleMembersMember"},"type":"array"},"name":{"description":"Name of the role\n","type":"string"},"selfServeRoleMembersId":{"description":"The ID of this resource.\n","type":"string"}},"type":"object"},"type":"object"},"athenz:index/service:Service":{"description":"<span pulumi-lang-nodejs=\"`athenz.Service`\" pulumi-lang-dotnet=\"`athenz.Service`\" pulumi-lang-go=\"`Service`\" pulumi-lang-python=\"`Service`\" pulumi-lang-yaml=\"`athenz.Service`\" pulumi-lang-java=\"`athenz.Service`\">`athenz.Service`</span> provides an Athenz service resource.\n\n## Example Usage\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst fooService = new athenz.Service(\"foo_service\", {\n    name: \"foo\",\n    domain: \"some_domain\",\n    auditRef: \"create service\",\n    publicKeys: [{\n        keyId: \"v0\",\n        keyValue: `-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZCUhLc3TpvObhjdY8Hb\n/0zkfWAYSXLXaC9O1S8AXoM7/L70XY+9KL+1Iy7xYDTrbZB0tcolLwnnWHq5giZm\nUw3u6FGSl5ld4xpyqB02iK+cFSqS7KOLLH0p9gXRfxXiaqRiV2rKF0ThzrGox2cm\nDf/QoZllNdwIFGqkuRcEDvBnRTLWlEVV+1U12fyEsA1yvVb4F9RscZDYmiPRbhA+\ncLzqHKxX51dl6ek1x7AvUIM8js6WPIEfelyTRiUzXwOgIZbqvRHSPmFG0ZgZDjG3\nLlfy/E8K0QtCk3ki1y8Tga2I5k2hffx3DrHMnr14Zj3Br0T9RwiqJD7FoyTiD/ti\nxQIDAQAB\n-----END PUBLIC KEY-----\n`,\n    }],\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nfoo_service = athenz.Service(\"foo_service\",\n    name=\"foo\",\n    domain=\"some_domain\",\n    audit_ref=\"create service\",\n    public_keys=[{\n        \"key_id\": \"v0\",\n        \"key_value\": \"\"\"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZCUhLc3TpvObhjdY8Hb\n/0zkfWAYSXLXaC9O1S8AXoM7/L70XY+9KL+1Iy7xYDTrbZB0tcolLwnnWHq5giZm\nUw3u6FGSl5ld4xpyqB02iK+cFSqS7KOLLH0p9gXRfxXiaqRiV2rKF0ThzrGox2cm\nDf/QoZllNdwIFGqkuRcEDvBnRTLWlEVV+1U12fyEsA1yvVb4F9RscZDYmiPRbhA+\ncLzqHKxX51dl6ek1x7AvUIM8js6WPIEfelyTRiUzXwOgIZbqvRHSPmFG0ZgZDjG3\nLlfy/E8K0QtCk3ki1y8Tga2I5k2hffx3DrHMnr14Zj3Br0T9RwiqJD7FoyTiD/ti\nxQIDAQAB\n-----END PUBLIC KEY-----\n\"\"\",\n    }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var fooService = new Athenz.Service(\"foo_service\", new()\n    {\n        Name = \"foo\",\n        Domain = \"some_domain\",\n        AuditRef = \"create service\",\n        PublicKeys = new[]\n        {\n            new Athenz.Inputs.ServicePublicKeyArgs\n            {\n                KeyId = \"v0\",\n                KeyValue = @\"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZCUhLc3TpvObhjdY8Hb\n/0zkfWAYSXLXaC9O1S8AXoM7/L70XY+9KL+1Iy7xYDTrbZB0tcolLwnnWHq5giZm\nUw3u6FGSl5ld4xpyqB02iK+cFSqS7KOLLH0p9gXRfxXiaqRiV2rKF0ThzrGox2cm\nDf/QoZllNdwIFGqkuRcEDvBnRTLWlEVV+1U12fyEsA1yvVb4F9RscZDYmiPRbhA+\ncLzqHKxX51dl6ek1x7AvUIM8js6WPIEfelyTRiUzXwOgIZbqvRHSPmFG0ZgZDjG3\nLlfy/E8K0QtCk3ki1y8Tga2I5k2hffx3DrHMnr14Zj3Br0T9RwiqJD7FoyTiD/ti\nxQIDAQAB\n-----END PUBLIC KEY-----\n\",\n            },\n        },\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := athenz.NewService(ctx, \"foo_service\", &athenz.ServiceArgs{\n\t\t\tName:     pulumi.String(\"foo\"),\n\t\t\tDomain:   pulumi.String(\"some_domain\"),\n\t\t\tAuditRef: pulumi.String(\"create service\"),\n\t\t\tPublicKeys: athenz.ServicePublicKeyArray{\n\t\t\t\t&athenz.ServicePublicKeyArgs{\n\t\t\t\t\tKeyId: pulumi.String(\"v0\"),\n\t\t\t\t\tKeyValue: pulumi.String(`-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZCUhLc3TpvObhjdY8Hb\n/0zkfWAYSXLXaC9O1S8AXoM7/L70XY+9KL+1Iy7xYDTrbZB0tcolLwnnWHq5giZm\nUw3u6FGSl5ld4xpyqB02iK+cFSqS7KOLLH0p9gXRfxXiaqRiV2rKF0ThzrGox2cm\nDf/QoZllNdwIFGqkuRcEDvBnRTLWlEVV+1U12fyEsA1yvVb4F9RscZDYmiPRbhA+\ncLzqHKxX51dl6ek1x7AvUIM8js6WPIEfelyTRiUzXwOgIZbqvRHSPmFG0ZgZDjG3\nLlfy/E8K0QtCk3ki1y8Tga2I5k2hffx3DrHMnr14Zj3Br0T9RwiqJD7FoyTiD/ti\nxQIDAQAB\n-----END PUBLIC KEY-----\n`),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.Service;\nimport com.pulumi.athenz.ServiceArgs;\nimport com.pulumi.athenz.inputs.ServicePublicKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var fooService = new Service(\"fooService\", ServiceArgs.builder()\n            .name(\"foo\")\n            .domain(\"some_domain\")\n            .auditRef(\"create service\")\n            .publicKeys(ServicePublicKeyArgs.builder()\n                .keyId(\"v0\")\n                .keyValue(\"\"\"\n-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZCUhLc3TpvObhjdY8Hb\n/0zkfWAYSXLXaC9O1S8AXoM7/L70XY+9KL+1Iy7xYDTrbZB0tcolLwnnWHq5giZm\nUw3u6FGSl5ld4xpyqB02iK+cFSqS7KOLLH0p9gXRfxXiaqRiV2rKF0ThzrGox2cm\nDf/QoZllNdwIFGqkuRcEDvBnRTLWlEVV+1U12fyEsA1yvVb4F9RscZDYmiPRbhA+\ncLzqHKxX51dl6ek1x7AvUIM8js6WPIEfelyTRiUzXwOgIZbqvRHSPmFG0ZgZDjG3\nLlfy/E8K0QtCk3ki1y8Tga2I5k2hffx3DrHMnr14Zj3Br0T9RwiqJD7FoyTiD/ti\nxQIDAQAB\n-----END PUBLIC KEY-----\n                \"\"\")\n                .build())\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  fooService:\n    type: athenz:Service\n    name: foo_service\n    properties:\n      name: foo\n      domain: some_domain\n      auditRef: create service\n      publicKeys:\n        - keyId: v0\n          keyValue: |\n            -----BEGIN PUBLIC KEY-----\n            MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZCUhLc3TpvObhjdY8Hb\n            /0zkfWAYSXLXaC9O1S8AXoM7/L70XY+9KL+1Iy7xYDTrbZB0tcolLwnnWHq5giZm\n            Uw3u6FGSl5ld4xpyqB02iK+cFSqS7KOLLH0p9gXRfxXiaqRiV2rKF0ThzrGox2cm\n            Df/QoZllNdwIFGqkuRcEDvBnRTLWlEVV+1U12fyEsA1yvVb4F9RscZDYmiPRbhA+\n            cLzqHKxX51dl6ek1x7AvUIM8js6WPIEfelyTRiUzXwOgIZbqvRHSPmFG0ZgZDjG3\n            Llfy/E8K0QtCk3ki1y8Tga2I5k2hffx3DrHMnr14Zj3Br0T9RwiqJD7FoyTiD/ti\n            xQIDAQAB\n            -----END PUBLIC KEY-----\n```\n<!--End PulumiCodeChooser -->\n","inputProperties":{"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"description":{"description":"A description of the service\n","type":"string"},"domain":{"description":"Name of the domain that service belongs to\n","type":"string"},"name":{"description":"Name of the service to be added to the domain\n","type":"string"},"publicKeys":{"description":"- Set of maps of public keys\n","items":{"$ref":"#/types/athenz:index%2FServicePublicKey:ServicePublicKey"},"type":"array"},"serviceId":{"description":"The ID of this resource.\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"type":"object"}},"properties":{"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"description":{"description":"A description of the service\n","type":"string"},"domain":{"description":"Name of the domain that service belongs to\n","type":"string"},"name":{"description":"Name of the service to be added to the domain\n","type":"string"},"publicKeys":{"description":"- Set of maps of public keys\n","items":{"$ref":"#/types/athenz:index%2FServicePublicKey:ServicePublicKey"},"type":"array"},"serviceId":{"description":"The ID of this resource.\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"type":"object"}},"required":["domain","name","serviceId"],"requiredInputs":["domain"],"stateInputs":{"description":"Input properties used for looking up and filtering Service resources.\n","properties":{"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"description":{"description":"A description of the service\n","type":"string"},"domain":{"description":"Name of the domain that service belongs to\n","type":"string"},"name":{"description":"Name of the service to be added to the domain\n","type":"string"},"publicKeys":{"description":"- Set of maps of public keys\n","items":{"$ref":"#/types/athenz:index%2FServicePublicKey:ServicePublicKey"},"type":"array"},"serviceId":{"description":"The ID of this resource.\n","type":"string"},"tags":{"additionalProperties":{"type":"string"},"type":"object"}},"type":"object"},"type":"object"},"athenz:index/subDomain:SubDomain":{"description":"## Example Usage\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst subDomain_test = new athenz.SubDomain(\"sub_domain-test\", {\n    parentName: \"home.some_user\",\n    name: \"test\",\n    adminUsers: [\"user.someone\"],\n    auditRef: \"create domain\",\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nsub_domain_test = athenz.SubDomain(\"sub_domain-test\",\n    parent_name=\"home.some_user\",\n    name=\"test\",\n    admin_users=[\"user.someone\"],\n    audit_ref=\"create domain\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var subDomain_test = new Athenz.SubDomain(\"sub_domain-test\", new()\n    {\n        ParentName = \"home.some_user\",\n        Name = \"test\",\n        AdminUsers = new[]\n        {\n            \"user.someone\",\n        },\n        AuditRef = \"create domain\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := athenz.NewSubDomain(ctx, \"sub_domain-test\", &athenz.SubDomainArgs{\n\t\t\tParentName: pulumi.String(\"home.some_user\"),\n\t\t\tName:       pulumi.String(\"test\"),\n\t\t\tAdminUsers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user.someone\"),\n\t\t\t},\n\t\t\tAuditRef: pulumi.String(\"create domain\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.SubDomain;\nimport com.pulumi.athenz.SubDomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var subDomain_test = new SubDomain(\"subDomain-test\", SubDomainArgs.builder()\n            .parentName(\"home.some_user\")\n            .name(\"test\")\n            .adminUsers(\"user.someone\")\n            .auditRef(\"create domain\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  subDomain-test:\n    type: athenz:SubDomain\n    name: sub_domain-test\n    properties:\n      parentName: home.some_user\n      name: test\n      adminUsers:\n        - user.someone\n      auditRef: create domain\n```\n<!--End PulumiCodeChooser -->\n","inputProperties":{"adminUsers":{"description":"list of domain administrators. must be in this format: `user.<userid> or <domain>.<service>`.\n","items":{"type":"string"},"type":"array"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"name":{"description":"name of the parent domain.\n","type":"string"},"parentName":{"description":"name of the parent domain.\n","type":"string"},"subDomainId":{"description":"The ID of this resource.\n","type":"string"}},"properties":{"adminUsers":{"description":"list of domain administrators. must be in this format: `user.<userid> or <domain>.<service>`.\n","items":{"type":"string"},"type":"array"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"name":{"description":"name of the parent domain.\n","type":"string"},"parentName":{"description":"name of the parent domain.\n","type":"string"},"subDomainId":{"description":"The ID of this resource.\n","type":"string"}},"required":["adminUsers","name","parentName","subDomainId"],"requiredInputs":["adminUsers","parentName"],"stateInputs":{"description":"Input properties used for looking up and filtering SubDomain resources.\n","properties":{"adminUsers":{"description":"list of domain administrators. must be in this format: `user.<userid> or <domain>.<service>`.\n","items":{"type":"string"},"type":"array"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"name":{"description":"name of the parent domain.\n","type":"string"},"parentName":{"description":"name of the parent domain.\n","type":"string"},"subDomainId":{"description":"The ID of this resource.\n","type":"string"}},"type":"object"},"type":"object"},"athenz:index/topLevelDomain:TopLevelDomain":{"description":"## Example Usage\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst athenzTopLevelDomain_test = new athenz.TopLevelDomain(\"athenz_top_level_domain-test\", {\n    name: \"test\",\n    adminUsers: [\"user.someone\"],\n    ypmId: \"some_positive_integer\",\n    auditRef: \"create domain\",\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nathenz_top_level_domain_test = athenz.TopLevelDomain(\"athenz_top_level_domain-test\",\n    name=\"test\",\n    admin_users=[\"user.someone\"],\n    ypm_id=\"some_positive_integer\",\n    audit_ref=\"create domain\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var athenzTopLevelDomain_test = new Athenz.TopLevelDomain(\"athenz_top_level_domain-test\", new()\n    {\n        Name = \"test\",\n        AdminUsers = new[]\n        {\n            \"user.someone\",\n        },\n        YpmId = \"some_positive_integer\",\n        AuditRef = \"create domain\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := athenz.NewTopLevelDomain(ctx, \"athenz_top_level_domain-test\", &athenz.TopLevelDomainArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tAdminUsers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user.someone\"),\n\t\t\t},\n\t\t\tYpmId:    pulumi.Float64(\"some_positive_integer\"),\n\t\t\tAuditRef: pulumi.String(\"create domain\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.TopLevelDomain;\nimport com.pulumi.athenz.TopLevelDomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var athenzTopLevelDomain_test = new TopLevelDomain(\"athenzTopLevelDomain-test\", TopLevelDomainArgs.builder()\n            .name(\"test\")\n            .adminUsers(\"user.someone\")\n            .ypmId(\"some_positive_integer\")\n            .auditRef(\"create domain\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  athenzTopLevelDomain-test:\n    type: athenz:TopLevelDomain\n    name: athenz_top_level_domain-test\n    properties:\n      name: test\n      adminUsers:\n        - user.someone\n      ypmId: some_positive_integer\n      auditRef: create domain\n```\n<!--End PulumiCodeChooser -->\n","inputProperties":{"adminUsers":{"description":"list of domain administrators. must be in this format: `user.<userid> or <domain>.<service>`.\n","items":{"type":"string"},"type":"array"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"name":{"description":"name of the domain.\n","type":"string"},"topLevelDomainId":{"description":"The ID of this resource.\n","type":"string"},"ypmId":{"description":"- associated product id. must be a positive integer.\n","type":"number"}},"properties":{"adminUsers":{"description":"list of domain administrators. must be in this format: `user.<userid> or <domain>.<service>`.\n","items":{"type":"string"},"type":"array"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"name":{"description":"name of the domain.\n","type":"string"},"topLevelDomainId":{"description":"The ID of this resource.\n","type":"string"},"ypmId":{"description":"- associated product id. must be a positive integer.\n","type":"number"}},"required":["adminUsers","name","topLevelDomainId","ypmId"],"requiredInputs":["adminUsers","ypmId"],"stateInputs":{"description":"Input properties used for looking up and filtering TopLevelDomain resources.\n","properties":{"adminUsers":{"description":"list of domain administrators. must be in this format: `user.<userid> or <domain>.<service>`.\n","items":{"type":"string"},"type":"array"},"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"name":{"description":"name of the domain.\n","type":"string"},"topLevelDomainId":{"description":"The ID of this resource.\n","type":"string"},"ypmId":{"description":"- associated product id. must be a positive integer.\n","type":"number"}},"type":"object"},"type":"object"},"athenz:index/userDomain:UserDomain":{"description":"## Example Usage\n\n<!--Start PulumiCodeChooser -->\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as athenz from \"@pulumi/athenz\";\n\nconst athenzUserDomain_test = new athenz.UserDomain(\"athenz_user_domain-test\", {\n    name: \"some_user_id\",\n    auditRef: \"create domain\",\n});\n```\n```python\nimport pulumi\nimport pulumi_athenz as athenz\n\nathenz_user_domain_test = athenz.UserDomain(\"athenz_user_domain-test\",\n    name=\"some_user_id\",\n    audit_ref=\"create domain\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Athenz = Pulumi.Athenz;\n\nreturn await Deployment.RunAsync(() => \n{\n    var athenzUserDomain_test = new Athenz.UserDomain(\"athenz_user_domain-test\", new()\n    {\n        Name = \"some_user_id\",\n        AuditRef = \"create domain\",\n    });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-terraform-provider/sdks/go/athenz/athenz\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := athenz.NewUserDomain(ctx, \"athenz_user_domain-test\", &athenz.UserDomainArgs{\n\t\t\tName:     pulumi.String(\"some_user_id\"),\n\t\t\tAuditRef: pulumi.String(\"create domain\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.athenz.UserDomain;\nimport com.pulumi.athenz.UserDomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n    public static void main(String[] args) {\n        Pulumi.run(App::stack);\n    }\n\n    public static void stack(Context ctx) {\n        var athenzUserDomain_test = new UserDomain(\"athenzUserDomain-test\", UserDomainArgs.builder()\n            .name(\"some_user_id\")\n            .auditRef(\"create domain\")\n            .build());\n\n    }\n}\n```\n```yaml\nresources:\n  athenzUserDomain-test:\n    type: athenz:UserDomain\n    name: athenz_user_domain-test\n    properties:\n      name: some_user_id\n      auditRef: create domain\n```\n<!--End PulumiCodeChooser -->\n","inputProperties":{"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"name":{"description":"user id which will be the domain name.\n","type":"string"},"userDomainId":{"description":"The ID of this resource.\n","type":"string"}},"properties":{"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"name":{"description":"user id which will be the domain name.\n","type":"string"},"userDomainId":{"description":"The ID of this resource.\n","type":"string"}},"required":["name","userDomainId"],"stateInputs":{"description":"Input properties used for looking up and filtering UserDomain resources.\n","properties":{"auditRef":{"description":"string containing audit specification or ticket number.\n","type":"string"},"name":{"description":"user id which will be the domain name.\n","type":"string"},"userDomainId":{"description":"The ID of this resource.\n","type":"string"}},"type":"object"},"type":"object"}},"types":{"athenz:index/GroupMember:GroupMember":{"properties":{"expiration":{"description":"The expiration of the Athenz principal member. must be in this format: `<yyyy>-<mm>-<dd> <hh>:<MM>:<ss>`\n\n<a id=\"nestedblock--settings\"></a>\n","type":"string"},"name":{"type":"string"}},"required":["name"],"type":"object"},"athenz:index/GroupMembersMember:GroupMembersMember":{"properties":{"expiration":{"description":"The expiration of the Athenz principal member. must be in this format: `<yyyy>-<mm>-<dd> <hh>:<MM>:<ss>`\n","type":"string"},"name":{"type":"string"}},"required":["name"],"type":"object"},"athenz:index/GroupSettings:GroupSettings":{"properties":{"maxMembers":{"description":"Max number of principals in the group\n","type":"number"},"serviceExpiryDays":{"description":"All services in the role will have specified max expiry days\n","type":"number"},"userExpiryDays":{"description":"All user members in the role will have specified max expiry days\n","type":"number"}},"type":"object"},"athenz:index/PolicyAssertion:PolicyAssertion":{"language":{"nodejs":{"requiredOutputs":["action","effect","id","resource","role"]}},"properties":{"action":{"description":"- The action is the domain administrator defined action available for the resource (e.g. read, write, delete).\n","type":"string"},"caseSensitive":{"description":"If true, action and resource will be case-sensitive.\n","type":"boolean"},"conditions":{"items":{"$ref":"#/types/athenz:index%2FPolicyAssertionCondition:PolicyAssertionCondition"},"type":"array"},"effect":{"description":"- The value effect must be either ALLOW or DENY.\n","type":"string"},"id":{"description":"The ID of this resource.\n","type":"number"},"resource":{"description":"- The resource is the YRN of the resource this assertion applies to. MUST provide fully qualified name: `<domain name>:<resource name>`\n","type":"string"},"role":{"description":"- The name of the role this assertion applies to. MUST be the role name only (without the prefix `<domain name>:role`)\n","type":"string"}},"required":["action","effect","resource","role"],"type":"object"},"athenz:index/PolicyAssertionCondition:PolicyAssertionCondition":{"language":{"nodejs":{"requiredOutputs":["enforcementstate","id","instances","scopeall","scopeaws","scopeonprem"]}},"properties":{"enforcementstate":{"$ref":"#/types/athenz:index%2FPolicyAssertionConditionEnforcementstate:PolicyAssertionConditionEnforcementstate"},"id":{"description":"The ID of this resource.\n","type":"number"},"instances":{"$ref":"#/types/athenz:index%2FPolicyAssertionConditionInstances:PolicyAssertionConditionInstances"},"scopeall":{"$ref":"#/types/athenz:index%2FPolicyAssertionConditionScopeall:PolicyAssertionConditionScopeall"},"scopeaws":{"$ref":"#/types/athenz:index%2FPolicyAssertionConditionScopeaws:PolicyAssertionConditionScopeaws"},"scopeonprem":{"$ref":"#/types/athenz:index%2FPolicyAssertionConditionScopeonprem:PolicyAssertionConditionScopeonprem"}},"required":["enforcementstate","instances","scopeall","scopeaws","scopeonprem"],"type":"object"},"athenz:index/PolicyAssertionConditionEnforcementstate:PolicyAssertionConditionEnforcementstate":{"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["value"],"type":"object"},"athenz:index/PolicyAssertionConditionInstances:PolicyAssertionConditionInstances":{"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["value"],"type":"object"},"athenz:index/PolicyAssertionConditionScopeall:PolicyAssertionConditionScopeall":{"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["value"],"type":"object"},"athenz:index/PolicyAssertionConditionScopeaws:PolicyAssertionConditionScopeaws":{"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["value"],"type":"object"},"athenz:index/PolicyAssertionConditionScopeonprem:PolicyAssertionConditionScopeonprem":{"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["value"],"type":"object"},"athenz:index/PolicyVersionVersion:PolicyVersionVersion":{"properties":{"assertions":{"description":"- A set of assertions that govern usage of resources. where \\n\\n is \\n\\n \\n\\n to \\n\\n on \\n\\n.\n","items":{"$ref":"#/types/athenz:index%2FPolicyVersionVersionAssertion:PolicyVersionVersionAssertion"},"type":"array"},"versionName":{"description":"- The version name.\n","type":"string"}},"required":["versionName"],"type":"object"},"athenz:index/PolicyVersionVersionAssertion:PolicyVersionVersionAssertion":{"language":{"nodejs":{"requiredOutputs":["action","effect","id","resource","role"]}},"properties":{"action":{"description":"- The action is the domain administrator defined action available for the resource (e.g. read, write, delete).\n","type":"string"},"caseSensitive":{"description":"If true, action and resource will be case-sensitive.\n","type":"boolean"},"conditions":{"items":{"$ref":"#/types/athenz:index%2FPolicyVersionVersionAssertionCondition:PolicyVersionVersionAssertionCondition"},"type":"array"},"effect":{"description":"- The value effect must be either ALLOW or DENY.\n","type":"string"},"id":{"description":"The ID of this resource.\n","type":"number"},"resource":{"description":"- The resource is the YRN of the resource this assertion applies to. MUST provide fully qualified name: `<domain name>:<resource name>`\n","type":"string"},"role":{"description":"- The name of the role this assertion applies to. MUST be the role name only (without the prefix `<domain name>:role`).\n","type":"string"}},"required":["action","effect","resource","role"],"type":"object"},"athenz:index/PolicyVersionVersionAssertionCondition:PolicyVersionVersionAssertionCondition":{"language":{"nodejs":{"requiredOutputs":["enforcementstate","id","instances","scopeall","scopeaws","scopeonprem"]}},"properties":{"enforcementstate":{"$ref":"#/types/athenz:index%2FPolicyVersionVersionAssertionConditionEnforcementstate:PolicyVersionVersionAssertionConditionEnforcementstate"},"id":{"description":"The ID of this resource.\n","type":"number"},"instances":{"$ref":"#/types/athenz:index%2FPolicyVersionVersionAssertionConditionInstances:PolicyVersionVersionAssertionConditionInstances"},"scopeall":{"$ref":"#/types/athenz:index%2FPolicyVersionVersionAssertionConditionScopeall:PolicyVersionVersionAssertionConditionScopeall"},"scopeaws":{"$ref":"#/types/athenz:index%2FPolicyVersionVersionAssertionConditionScopeaws:PolicyVersionVersionAssertionConditionScopeaws"},"scopeonprem":{"$ref":"#/types/athenz:index%2FPolicyVersionVersionAssertionConditionScopeonprem:PolicyVersionVersionAssertionConditionScopeonprem"}},"required":["enforcementstate","instances","scopeall","scopeaws","scopeonprem"],"type":"object"},"athenz:index/PolicyVersionVersionAssertionConditionEnforcementstate:PolicyVersionVersionAssertionConditionEnforcementstate":{"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["value"],"type":"object"},"athenz:index/PolicyVersionVersionAssertionConditionInstances:PolicyVersionVersionAssertionConditionInstances":{"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["value"],"type":"object"},"athenz:index/PolicyVersionVersionAssertionConditionScopeall:PolicyVersionVersionAssertionConditionScopeall":{"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["value"],"type":"object"},"athenz:index/PolicyVersionVersionAssertionConditionScopeaws:PolicyVersionVersionAssertionConditionScopeaws":{"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["value"],"type":"object"},"athenz:index/PolicyVersionVersionAssertionConditionScopeonprem:PolicyVersionVersionAssertionConditionScopeonprem":{"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["value"],"type":"object"},"athenz:index/RoleMember:RoleMember":{"properties":{"expiration":{"description":"- The expiration time in UTC of the Athenz principal member. must be in this format: `<yyyy>-<mm>-<dd> <hh>:<MM>:<ss>`\n","type":"string"},"name":{"description":"- The name of the Athenz principal member. must be in this format: `user.<userid> or <domain>.<service> or <domain>:group.<group>`.\n","type":"string"},"review":{"description":"- The review time in UTC of the Athenz principal member. must be in this format: `<yyyy>-<mm>-<dd> <hh>:<MM>:<ss>`\n","type":"string"}},"required":["name"],"type":"object"},"athenz:index/RoleMembersMember:RoleMembersMember":{"properties":{"expiration":{"description":"- The expiration time in UTC of the Athenz principal member. must be in this format: `<yyyy>-<mm>-<dd> <hh>:<MM>:<ss>`\n","type":"string"},"name":{"description":"- The name of the Athenz principal member. must be in this format: `user.<userid> or <domain>.<service> or <domain>:group.<group>`.\n","type":"string"},"review":{"description":"- The review time in UTC of the Athenz principal member. must be in this format: `<yyyy>-<mm>-<dd> <hh>:<MM>:<ss>`\n","type":"string"}},"required":["name"],"type":"object"},"athenz:index/RoleSettings:RoleSettings":{"properties":{"certExpiryMins":{"description":"Certs issued for this role will have specified max timeout in mins\n","type":"number"},"groupExpiryDays":{"description":"all group members in the role will have specified max expiry days\n","type":"number"},"groupReviewDays":{"description":"all group members in the role will have specified max review reminder days\n","type":"number"},"maxMembers":{"description":"Max number of principals in the role\n","type":"number"},"serviceExpiryDays":{"description":"all services in the role will have specified max expiry days\n","type":"number"},"serviceReviewDays":{"description":"all service members in the role will have specified max review reminder days\n","type":"number"},"tokenExpiryMins":{"description":"tokens issued for this role will have specified max timeout in mins\n","type":"number"},"userExpiryDays":{"description":"all user members in the role will have specified max expiry days\n","type":"number"},"userReviewDays":{"description":"all user members in the role will have specified max review reminder days\n","type":"number"}},"type":"object"},"athenz:index/SelfServeGroupMembersMember:SelfServeGroupMembersMember":{"properties":{"expiration":{"description":"- The expiration time in UTC of the Athenz principal member. must be in this format: `<yyyy>-<mm>-<dd> <hh>:<MM>:<ss>`\n","type":"string"},"name":{"description":"- The name of the Athenz principal member. must be in this format: `user.<userid> or <domain>.<service> or <domain>:group.<group>`.\n","type":"string"}},"required":["name"],"type":"object"},"athenz:index/SelfServeRoleMembersMember:SelfServeRoleMembersMember":{"properties":{"expiration":{"description":"- The expiration time in UTC of the Athenz principal member. must be in this format: `<yyyy>-<mm>-<dd> <hh>:<MM>:<ss>`\n","type":"string"},"name":{"description":"- The name of the Athenz principal member. must be in this format: `user.<userid> or <domain>.<service> or <domain>:group.<group>`.\n","type":"string"},"review":{"description":"- The review time in UTC of the Athenz principal member. must be in this format: `<yyyy>-<mm>-<dd> <hh>:<MM>:<ss>`\n","type":"string"}},"required":["name"],"type":"object"},"athenz:index/ServicePublicKey:ServicePublicKey":{"properties":{"keyId":{"description":"- The key id.\n","type":"string"},"keyValue":{"description":"- The Key Value which must be a PEM encoded public key.\n","type":"string"}},"required":["keyId","keyValue"],"type":"object"},"athenz:index/getGroupMember:getGroupMember":{"properties":{"expiration":{"type":"string"},"name":{"type":"string"}},"required":["name"],"type":"object"},"athenz:index/getGroupSettings:getGroupSettings":{"properties":{"maxMembers":{"description":"Max number of principals in the group\n","type":"number"},"serviceExpiryDays":{"description":"all services in the group will have specified max expiry days\n","type":"number"},"userExpiryDays":{"description":"all user members in the group will have specified max expiry days\n","type":"number"}},"type":"object"},"athenz:index/getPolicyAssertion:getPolicyAssertion":{"language":{"nodejs":{"requiredInputs":["action","effect","resource","role"]}},"properties":{"action":{"type":"string"},"caseSensitive":{"type":"boolean"},"conditions":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyAssertionCondition:getPolicyAssertionCondition"},"type":"array"},"effect":{"type":"string"},"id":{"description":"The ID of this resource.\n","type":"number"},"resource":{"type":"string"},"role":{"type":"string"}},"required":["action","conditions","effect","id","resource","role"],"type":"object"},"athenz:index/getPolicyAssertionCondition:getPolicyAssertionCondition":{"properties":{"enforcementstates":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyAssertionConditionEnforcementstate:getPolicyAssertionConditionEnforcementstate"},"type":"array"},"ids":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyAssertionConditionId:getPolicyAssertionConditionId"},"type":"array"},"instances":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyAssertionConditionInstance:getPolicyAssertionConditionInstance"},"type":"array"},"scopealls":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyAssertionConditionScopeall:getPolicyAssertionConditionScopeall"},"type":"array"},"scopeaws":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyAssertionConditionScopeaw:getPolicyAssertionConditionScopeaw"},"type":"array"},"scopeonprems":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyAssertionConditionScopeonprem:getPolicyAssertionConditionScopeonprem"},"type":"array"}},"required":["enforcementstates","ids","instances","scopealls","scopeaws","scopeonprems"],"type":"object"},"athenz:index/getPolicyAssertionConditionEnforcementstate:getPolicyAssertionConditionEnforcementstate":{"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["operator","value"],"type":"object"},"athenz:index/getPolicyAssertionConditionId:getPolicyAssertionConditionId":{"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["operator","value"],"type":"object"},"athenz:index/getPolicyAssertionConditionInstance:getPolicyAssertionConditionInstance":{"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["operator","value"],"type":"object"},"athenz:index/getPolicyAssertionConditionScopeall:getPolicyAssertionConditionScopeall":{"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["operator","value"],"type":"object"},"athenz:index/getPolicyAssertionConditionScopeaw:getPolicyAssertionConditionScopeaw":{"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["operator","value"],"type":"object"},"athenz:index/getPolicyAssertionConditionScopeonprem:getPolicyAssertionConditionScopeonprem":{"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["operator","value"],"type":"object"},"athenz:index/getPolicyVersionVersion:getPolicyVersionVersion":{"language":{"nodejs":{"requiredInputs":[]}},"properties":{"assertions":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyVersionVersionAssertion:getPolicyVersionVersionAssertion"},"type":"array"},"versionName":{"type":"string"}},"required":["assertions","versionName"],"type":"object"},"athenz:index/getPolicyVersionVersionAssertion:getPolicyVersionVersionAssertion":{"language":{"nodejs":{"requiredInputs":[]}},"properties":{"action":{"type":"string"},"caseSensitive":{"type":"boolean"},"conditions":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyVersionVersionAssertionCondition:getPolicyVersionVersionAssertionCondition"},"type":"array"},"effect":{"type":"string"},"id":{"type":"number"},"resource":{"type":"string"},"role":{"type":"string"}},"required":["action","caseSensitive","conditions","effect","id","resource","role"],"type":"object"},"athenz:index/getPolicyVersionVersionAssertionCondition:getPolicyVersionVersionAssertionCondition":{"language":{"nodejs":{"requiredInputs":[]}},"properties":{"enforcementstates":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyVersionVersionAssertionConditionEnforcementstate:getPolicyVersionVersionAssertionConditionEnforcementstate"},"type":"array"},"ids":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyVersionVersionAssertionConditionId:getPolicyVersionVersionAssertionConditionId"},"type":"array"},"instances":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyVersionVersionAssertionConditionInstance:getPolicyVersionVersionAssertionConditionInstance"},"type":"array"},"scopealls":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyVersionVersionAssertionConditionScopeall:getPolicyVersionVersionAssertionConditionScopeall"},"type":"array"},"scopeaws":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyVersionVersionAssertionConditionScopeaw:getPolicyVersionVersionAssertionConditionScopeaw"},"type":"array"},"scopeonprems":{"items":{"$ref":"#/types/athenz:index%2FgetPolicyVersionVersionAssertionConditionScopeonprem:getPolicyVersionVersionAssertionConditionScopeonprem"},"type":"array"}},"required":["enforcementstates","ids","instances","scopealls","scopeaws","scopeonprems"],"type":"object"},"athenz:index/getPolicyVersionVersionAssertionConditionEnforcementstate:getPolicyVersionVersionAssertionConditionEnforcementstate":{"language":{"nodejs":{"requiredInputs":[]}},"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["operator","value"],"type":"object"},"athenz:index/getPolicyVersionVersionAssertionConditionId:getPolicyVersionVersionAssertionConditionId":{"language":{"nodejs":{"requiredInputs":[]}},"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["operator","value"],"type":"object"},"athenz:index/getPolicyVersionVersionAssertionConditionInstance:getPolicyVersionVersionAssertionConditionInstance":{"language":{"nodejs":{"requiredInputs":[]}},"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["operator","value"],"type":"object"},"athenz:index/getPolicyVersionVersionAssertionConditionScopeall:getPolicyVersionVersionAssertionConditionScopeall":{"language":{"nodejs":{"requiredInputs":[]}},"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["operator","value"],"type":"object"},"athenz:index/getPolicyVersionVersionAssertionConditionScopeaw:getPolicyVersionVersionAssertionConditionScopeaw":{"language":{"nodejs":{"requiredInputs":[]}},"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["operator","value"],"type":"object"},"athenz:index/getPolicyVersionVersionAssertionConditionScopeonprem:getPolicyVersionVersionAssertionConditionScopeonprem":{"language":{"nodejs":{"requiredInputs":[]}},"properties":{"operator":{"type":"number"},"value":{"type":"string"}},"required":["operator","value"],"type":"object"},"athenz:index/getRoleMember:getRoleMember":{"properties":{"expiration":{"type":"string"},"name":{"type":"string"},"review":{"type":"string"}},"required":["name"],"type":"object"},"athenz:index/getRoleSettings:getRoleSettings":{"properties":{"certExpiryMins":{"description":"certs issued for this role will have specified max timeout in mins\n","type":"number"},"groupExpiryDays":{"description":"all group members in the role will have specified max expiry days\n","type":"number"},"groupReviewDays":{"description":"all group members in the role will have specified max review reminder days\n","type":"number"},"maxMembers":{"description":"Max number of principals in the role\n","type":"number"},"serviceExpiryDays":{"description":"all services in the role will have specified max expiry days\n","type":"number"},"serviceReviewDays":{"description":"all service members in the role will have specified max review reminder days\n","type":"number"},"tokenExpiryMins":{"description":"tokens issued for this role will have specified max timeout in mins\n","type":"number"},"userExpiryDays":{"description":"all user members in the role will have specified max expiry days\n","type":"number"},"userReviewDays":{"description":"all user members in the role will have specified max review reminder days\n","type":"number"}},"type":"object"},"athenz:index/getRolesRole:getRolesRole":{"properties":{"auditEnabled":{"type":"boolean"},"deleteProtection":{"type":"boolean"},"description":{"type":"string"},"domain":{"type":"string"},"lastReviewedDate":{"description":"Last reviewed date for the role\n","type":"string"},"members":{"description":"Athenz principal to be added as members\n","items":{"$ref":"#/types/athenz:index%2FgetRolesRoleMember:getRolesRoleMember"},"type":"array"},"name":{"type":"string"},"notifyDetails":{"type":"string"},"notifyRoles":{"type":"string"},"principalDomainFilter":{"type":"string"},"reviewEnabled":{"type":"boolean"},"selfRenew":{"type":"boolean"},"selfRenewMins":{"type":"number"},"selfServe":{"type":"boolean"},"settings":{"$ref":"#/types/athenz:index%2FgetRolesRoleSettings:getRolesRoleSettings","description":"Advanced settings\n"},"signAlgorithm":{"type":"string"},"tags":{"additionalProperties":{"type":"string"},"type":"object"},"trust":{"description":"The domain, which this role is trusted to\n","type":"string"},"userAuthorityExpiration":{"type":"string"},"userAuthorityFilter":{"type":"string"}},"required":["domain","name"],"type":"object"},"athenz:index/getRolesRoleMember:getRolesRoleMember":{"properties":{"expiration":{"type":"string"},"name":{"type":"string"},"review":{"type":"string"}},"required":["name"],"type":"object"},"athenz:index/getRolesRoleSettings:getRolesRoleSettings":{"properties":{"certExpiryMins":{"type":"number"},"groupExpiryDays":{"type":"number"},"groupReviewDays":{"type":"number"},"maxMembers":{"type":"number"},"serviceExpiryDays":{"type":"number"},"serviceReviewDays":{"type":"number"},"tokenExpiryMins":{"type":"number"},"userExpiryDays":{"type":"number"},"userReviewDays":{"type":"number"}},"type":"object"},"athenz:index/getServicePublicKey:getServicePublicKey":{"properties":{"keyId":{"type":"string"},"keyValue":{"type":"string"}},"required":["keyId","keyValue"],"type":"object"}},"version":"1.0.50"}