published on Friday, May 1, 2026 by Pulumi
published on Friday, May 1, 2026 by Pulumi
Example Usage
Role Backed by a Databricks User Identity
Create a role that is authenticated as a specific Databricks workspace user via OAuth. authMethod is left unset and defaults to LAKEBASE_OAUTH_V1 for managed identities.
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const _this = new databricks.PostgresProject("this", {
projectId: "my-project",
spec: {
pgVersion: 17,
displayName: "My Project",
},
});
const main = new databricks.PostgresBranch("main", {
branchId: "main",
parent: _this.name,
spec: {
noExpiry: true,
},
});
const jane = new databricks.PostgresRole("jane", {
roleId: "jane",
parent: main.name,
spec: {
identityType: "USER",
postgresRole: "jane@databricks.com",
},
});
import pulumi
import pulumi_databricks as databricks
this = databricks.PostgresProject("this",
project_id="my-project",
spec={
"pg_version": 17,
"display_name": "My Project",
})
main = databricks.PostgresBranch("main",
branch_id="main",
parent=this.name,
spec={
"no_expiry": True,
})
jane = databricks.PostgresRole("jane",
role_id="jane",
parent=main.name,
spec={
"identity_type": "USER",
"postgres_role": "jane@databricks.com",
})
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
this, err := databricks.NewPostgresProject(ctx, "this", &databricks.PostgresProjectArgs{
ProjectId: pulumi.String("my-project"),
Spec: &databricks.PostgresProjectSpecArgs{
PgVersion: pulumi.Int(17),
DisplayName: pulumi.String("My Project"),
},
})
if err != nil {
return err
}
main, err := databricks.NewPostgresBranch(ctx, "main", &databricks.PostgresBranchArgs{
BranchId: pulumi.String("main"),
Parent: this.Name,
Spec: &databricks.PostgresBranchSpecArgs{
NoExpiry: pulumi.Bool(true),
},
})
if err != nil {
return err
}
_, err = databricks.NewPostgresRole(ctx, "jane", &databricks.PostgresRoleArgs{
RoleId: pulumi.String("jane"),
Parent: main.Name,
Spec: &databricks.PostgresRoleSpecArgs{
IdentityType: pulumi.String("USER"),
PostgresRole: pulumi.String("jane@databricks.com"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var @this = new Databricks.Index.PostgresProject("this", new()
{
ProjectId = "my-project",
Spec = new Databricks.Inputs.PostgresProjectSpecArgs
{
PgVersion = 17,
DisplayName = "My Project",
},
});
var main = new Databricks.Index.PostgresBranch("main", new()
{
BranchId = "main",
Parent = @this.Name,
Spec = new Databricks.Inputs.PostgresBranchSpecArgs
{
NoExpiry = true,
},
});
var jane = new Databricks.Index.PostgresRole("jane", new()
{
RoleId = "jane",
Parent = main.Name,
Spec = new Databricks.Inputs.PostgresRoleSpecArgs
{
IdentityType = "USER",
PostgresRole = "jane@databricks.com",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.PostgresProject;
import com.pulumi.databricks.PostgresProjectArgs;
import com.pulumi.databricks.inputs.PostgresProjectSpecArgs;
import com.pulumi.databricks.PostgresBranch;
import com.pulumi.databricks.PostgresBranchArgs;
import com.pulumi.databricks.inputs.PostgresBranchSpecArgs;
import com.pulumi.databricks.PostgresRole;
import com.pulumi.databricks.PostgresRoleArgs;
import com.pulumi.databricks.inputs.PostgresRoleSpecArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var this_ = new PostgresProject("this", PostgresProjectArgs.builder()
.projectId("my-project")
.spec(PostgresProjectSpecArgs.builder()
.pgVersion(17)
.displayName("My Project")
.build())
.build());
var main = new PostgresBranch("main", PostgresBranchArgs.builder()
.branchId("main")
.parent(this_.name())
.spec(PostgresBranchSpecArgs.builder()
.noExpiry(true)
.build())
.build());
var jane = new PostgresRole("jane", PostgresRoleArgs.builder()
.roleId("jane")
.parent(main.name())
.spec(PostgresRoleSpecArgs.builder()
.identityType("USER")
.postgresRole("jane@databricks.com")
.build())
.build());
}
}
resources:
this:
type: databricks:PostgresProject
properties:
projectId: my-project
spec:
pgVersion: 17
displayName: My Project
main:
type: databricks:PostgresBranch
properties:
branchId: main
parent: ${this.name}
spec:
noExpiry: true
jane:
type: databricks:PostgresRole
properties:
roleId: jane
parent: ${main.name}
spec:
identityType: USER
postgresRole: jane@databricks.com
Service Principal with DATABRICKS_SUPERUSER Membership
Create a role that is authenticated as a Databricks service principal via OAuth and grant it the highest customer-exposed privilege set via DATABRICKS_SUPERUSER membership.
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const adminSp = new databricks.PostgresRole("admin_sp", {
roleId: "admin-sp",
parent: main.name,
spec: {
identityType: "SERVICE_PRINCIPAL",
postgresRole: "00000000-0000-0000-0000-000000000000",
authMethod: "LAKEBASE_OAUTH_V1",
membershipRoles: ["DATABRICKS_SUPERUSER"],
},
});
import pulumi
import pulumi_databricks as databricks
admin_sp = databricks.PostgresRole("admin_sp",
role_id="admin-sp",
parent=main["name"],
spec={
"identity_type": "SERVICE_PRINCIPAL",
"postgres_role": "00000000-0000-0000-0000-000000000000",
"auth_method": "LAKEBASE_OAUTH_V1",
"membership_roles": ["DATABRICKS_SUPERUSER"],
})
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := databricks.NewPostgresRole(ctx, "admin_sp", &databricks.PostgresRoleArgs{
RoleId: pulumi.String("admin-sp"),
Parent: pulumi.Any(main.Name),
Spec: &databricks.PostgresRoleSpecArgs{
IdentityType: pulumi.String("SERVICE_PRINCIPAL"),
PostgresRole: pulumi.String("00000000-0000-0000-0000-000000000000"),
AuthMethod: pulumi.String("LAKEBASE_OAUTH_V1"),
MembershipRoles: pulumi.StringArray{
pulumi.String("DATABRICKS_SUPERUSER"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var adminSp = new Databricks.Index.PostgresRole("admin_sp", new()
{
RoleId = "admin-sp",
Parent = main.Name,
Spec = new Databricks.Inputs.PostgresRoleSpecArgs
{
IdentityType = "SERVICE_PRINCIPAL",
PostgresRole = "00000000-0000-0000-0000-000000000000",
AuthMethod = "LAKEBASE_OAUTH_V1",
MembershipRoles = new[]
{
"DATABRICKS_SUPERUSER",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.PostgresRole;
import com.pulumi.databricks.PostgresRoleArgs;
import com.pulumi.databricks.inputs.PostgresRoleSpecArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var adminSp = new PostgresRole("adminSp", PostgresRoleArgs.builder()
.roleId("admin-sp")
.parent(main.name())
.spec(PostgresRoleSpecArgs.builder()
.identityType("SERVICE_PRINCIPAL")
.postgresRole("00000000-0000-0000-0000-000000000000")
.authMethod("LAKEBASE_OAUTH_V1")
.membershipRoles("DATABRICKS_SUPERUSER")
.build())
.build());
}
}
resources:
adminSp:
type: databricks:PostgresRole
name: admin_sp
properties:
roleId: admin-sp
parent: ${main.name}
spec:
identityType: SERVICE_PRINCIPAL
postgresRole: 00000000-0000-0000-0000-000000000000
authMethod: LAKEBASE_OAUTH_V1
membershipRoles:
- DATABRICKS_SUPERUSER
Multiple roles in a branch
By default, Pulumi creates resources in parallel if the dependency graph allows. However, Lakebase doesn’t allow executing parallel manipulations inside a single branch. Only one of these resources can be created or updated at a time:
- Role
- Database
- Endpoint
If you try to create resources in parallel, you’ll see a conflict error like:
Your project already has conflicting operations in progress. Please wait until they are complete, and then try again.
Pulumi serializes execution automatically when one resource references another.
For example, when a database names a role as its owner via spec.role, Pulumi creates the role before the database.
For resources that don’t reference each other, like two sibling roles in the same branch, add dependsOn so
Pulumi knows to wait for creation of the first one to finish, before scheduling the creation of the second one.
For example:
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const schemaOwner = new databricks.PostgresRole("schema_owner", {
roleId: "schemamigrator",
parent: test.name,
spec: {
postgresRole: "schemamigrator",
membershipRoles: ["DATABRICKS_SUPERUSER"],
},
});
const application = new databricks.PostgresDatabase("application", {
databaseId: "application",
parent: test.name,
spec: {
postgresDatabase: "application",
role: schemaOwner.name,
},
});
const applicationPostgresRole = new databricks.PostgresRole("application", {
roleId: "application",
parent: test.name,
spec: {
postgresRole: "application",
},
}, {
dependsOn: [application],
});
import pulumi
import pulumi_databricks as databricks
schema_owner = databricks.PostgresRole("schema_owner",
role_id="schemamigrator",
parent=test["name"],
spec={
"postgres_role": "schemamigrator",
"membership_roles": ["DATABRICKS_SUPERUSER"],
})
application = databricks.PostgresDatabase("application",
database_id="application",
parent=test["name"],
spec={
"postgres_database": "application",
"role": schema_owner.name,
})
application_postgres_role = databricks.PostgresRole("application",
role_id="application",
parent=test["name"],
spec={
"postgres_role": "application",
},
opts = pulumi.ResourceOptions(depends_on=[application]))
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
schemaOwner, err := databricks.NewPostgresRole(ctx, "schema_owner", &databricks.PostgresRoleArgs{
RoleId: pulumi.String("schemamigrator"),
Parent: pulumi.Any(test.Name),
Spec: &databricks.PostgresRoleSpecArgs{
PostgresRole: pulumi.String("schemamigrator"),
MembershipRoles: pulumi.StringArray{
pulumi.String("DATABRICKS_SUPERUSER"),
},
},
})
if err != nil {
return err
}
application, err := databricks.NewPostgresDatabase(ctx, "application", &databricks.PostgresDatabaseArgs{
DatabaseId: pulumi.String("application"),
Parent: pulumi.Any(test.Name),
Spec: &databricks.PostgresDatabaseSpecArgs{
PostgresDatabase: pulumi.String("application"),
Role: schemaOwner.Name,
},
})
if err != nil {
return err
}
_, err = databricks.NewPostgresRole(ctx, "application", &databricks.PostgresRoleArgs{
RoleId: pulumi.String("application"),
Parent: pulumi.Any(test.Name),
Spec: &databricks.PostgresRoleSpecArgs{
PostgresRole: pulumi.String("application"),
},
}, pulumi.DependsOn([]pulumi.Resource{
application,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var schemaOwner = new Databricks.Index.PostgresRole("schema_owner", new()
{
RoleId = "schemamigrator",
Parent = test.Name,
Spec = new Databricks.Inputs.PostgresRoleSpecArgs
{
PostgresRole = "schemamigrator",
MembershipRoles = new[]
{
"DATABRICKS_SUPERUSER",
},
},
});
var application = new Databricks.Index.PostgresDatabase("application", new()
{
DatabaseId = "application",
Parent = test.Name,
Spec = new Databricks.Inputs.PostgresDatabaseSpecArgs
{
PostgresDatabase = "application",
Role = schemaOwner.Name,
},
});
var applicationPostgresRole = new Databricks.Index.PostgresRole("application", new()
{
RoleId = "application",
Parent = test.Name,
Spec = new Databricks.Inputs.PostgresRoleSpecArgs
{
PostgresRole = "application",
},
}, new CustomResourceOptions
{
DependsOn =
{
application,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.PostgresRole;
import com.pulumi.databricks.PostgresRoleArgs;
import com.pulumi.databricks.inputs.PostgresRoleSpecArgs;
import com.pulumi.databricks.PostgresDatabase;
import com.pulumi.databricks.PostgresDatabaseArgs;
import com.pulumi.databricks.inputs.PostgresDatabaseSpecArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var schemaOwner = new PostgresRole("schemaOwner", PostgresRoleArgs.builder()
.roleId("schemamigrator")
.parent(test.name())
.spec(PostgresRoleSpecArgs.builder()
.postgresRole("schemamigrator")
.membershipRoles("DATABRICKS_SUPERUSER")
.build())
.build());
var application = new PostgresDatabase("application", PostgresDatabaseArgs.builder()
.databaseId("application")
.parent(test.name())
.spec(PostgresDatabaseSpecArgs.builder()
.postgresDatabase("application")
.role(schemaOwner.name())
.build())
.build());
var applicationPostgresRole = new PostgresRole("applicationPostgresRole", PostgresRoleArgs.builder()
.roleId("application")
.parent(test.name())
.spec(PostgresRoleSpecArgs.builder()
.postgresRole("application")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(application)
.build());
}
}
resources:
schemaOwner:
type: databricks:PostgresRole
name: schema_owner
properties:
roleId: schemamigrator
parent: ${test.name}
spec:
postgresRole: schemamigrator
membershipRoles:
- DATABRICKS_SUPERUSER
application:
type: databricks:PostgresDatabase
properties:
databaseId: application
parent: ${test.name}
spec:
postgresDatabase: application
role: ${schemaOwner.name}
applicationPostgresRole:
type: databricks:PostgresRole
name: application
properties:
roleId: application
parent: ${test.name}
spec:
postgresRole: application
options:
dependsOn:
- ${application}
Note: in a real setup, the application role would also need GRANT privileges, but that’s out of scope for this example.
Create PostgresRole Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PostgresRole(name: string, args: PostgresRoleArgs, opts?: CustomResourceOptions);@overload
def PostgresRole(resource_name: str,
args: PostgresRoleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PostgresRole(resource_name: str,
opts: Optional[ResourceOptions] = None,
parent: Optional[str] = None,
provider_config: Optional[PostgresRoleProviderConfigArgs] = None,
role_id: Optional[str] = None,
spec: Optional[PostgresRoleSpecArgs] = None)func NewPostgresRole(ctx *Context, name string, args PostgresRoleArgs, opts ...ResourceOption) (*PostgresRole, error)public PostgresRole(string name, PostgresRoleArgs args, CustomResourceOptions? opts = null)
public PostgresRole(String name, PostgresRoleArgs args)
public PostgresRole(String name, PostgresRoleArgs args, CustomResourceOptions options)
type: databricks:PostgresRole
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PostgresRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PostgresRoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PostgresRoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PostgresRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PostgresRoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var postgresRoleResource = new Databricks.PostgresRole("postgresRoleResource", new()
{
Parent = "string",
ProviderConfig = new Databricks.Inputs.PostgresRoleProviderConfigArgs
{
WorkspaceId = "string",
},
RoleId = "string",
Spec = new Databricks.Inputs.PostgresRoleSpecArgs
{
Attributes = new Databricks.Inputs.PostgresRoleSpecAttributesArgs
{
Bypassrls = false,
Createdb = false,
Createrole = false,
},
AuthMethod = "string",
IdentityType = "string",
MembershipRoles = new[]
{
"string",
},
PostgresRole = "string",
},
});
example, err := databricks.NewPostgresRole(ctx, "postgresRoleResource", &databricks.PostgresRoleArgs{
Parent: pulumi.String("string"),
ProviderConfig: &databricks.PostgresRoleProviderConfigArgs{
WorkspaceId: pulumi.String("string"),
},
RoleId: pulumi.String("string"),
Spec: &databricks.PostgresRoleSpecArgs{
Attributes: &databricks.PostgresRoleSpecAttributesArgs{
Bypassrls: pulumi.Bool(false),
Createdb: pulumi.Bool(false),
Createrole: pulumi.Bool(false),
},
AuthMethod: pulumi.String("string"),
IdentityType: pulumi.String("string"),
MembershipRoles: pulumi.StringArray{
pulumi.String("string"),
},
PostgresRole: pulumi.String("string"),
},
})
var postgresRoleResource = new PostgresRole("postgresRoleResource", PostgresRoleArgs.builder()
.parent("string")
.providerConfig(PostgresRoleProviderConfigArgs.builder()
.workspaceId("string")
.build())
.roleId("string")
.spec(PostgresRoleSpecArgs.builder()
.attributes(PostgresRoleSpecAttributesArgs.builder()
.bypassrls(false)
.createdb(false)
.createrole(false)
.build())
.authMethod("string")
.identityType("string")
.membershipRoles("string")
.postgresRole("string")
.build())
.build());
postgres_role_resource = databricks.PostgresRole("postgresRoleResource",
parent="string",
provider_config={
"workspace_id": "string",
},
role_id="string",
spec={
"attributes": {
"bypassrls": False,
"createdb": False,
"createrole": False,
},
"auth_method": "string",
"identity_type": "string",
"membership_roles": ["string"],
"postgres_role": "string",
})
const postgresRoleResource = new databricks.PostgresRole("postgresRoleResource", {
parent: "string",
providerConfig: {
workspaceId: "string",
},
roleId: "string",
spec: {
attributes: {
bypassrls: false,
createdb: false,
createrole: false,
},
authMethod: "string",
identityType: "string",
membershipRoles: ["string"],
postgresRole: "string",
},
});
type: databricks:PostgresRole
properties:
parent: string
providerConfig:
workspaceId: string
roleId: string
spec:
attributes:
bypassrls: false
createdb: false
createrole: false
authMethod: string
identityType: string
membershipRoles:
- string
postgresRole: string
PostgresRole Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PostgresRole resource accepts the following input properties:
- Parent string
- The Branch where this Role exists. Format: projects/{project_id}/branches/{branch_id}
- Provider
Config PostgresRole Provider Config - Configure the provider for management through account provider.
- Role
Id string The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- Spec
Postgres
Role Spec - The spec contains the role configuration, including identity type, authentication method, and role attributes
- Parent string
- The Branch where this Role exists. Format: projects/{project_id}/branches/{branch_id}
- Provider
Config PostgresRole Provider Config Args - Configure the provider for management through account provider.
- Role
Id string The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- Spec
Postgres
Role Spec Args - The spec contains the role configuration, including identity type, authentication method, and role attributes
- parent String
- The Branch where this Role exists. Format: projects/{project_id}/branches/{branch_id}
- provider
Config PostgresRole Provider Config - Configure the provider for management through account provider.
- role
Id String The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- spec
Postgres
Role Spec - The spec contains the role configuration, including identity type, authentication method, and role attributes
- parent string
- The Branch where this Role exists. Format: projects/{project_id}/branches/{branch_id}
- provider
Config PostgresRole Provider Config - Configure the provider for management through account provider.
- role
Id string The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- spec
Postgres
Role Spec - The spec contains the role configuration, including identity type, authentication method, and role attributes
- parent str
- The Branch where this Role exists. Format: projects/{project_id}/branches/{branch_id}
- provider_
config PostgresRole Provider Config Args - Configure the provider for management through account provider.
- role_
id str The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- spec
Postgres
Role Spec Args - The spec contains the role configuration, including identity type, authentication method, and role attributes
- parent String
- The Branch where this Role exists. Format: projects/{project_id}/branches/{branch_id}
- provider
Config Property Map - Configure the provider for management through account provider.
- role
Id String The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- spec Property Map
- The spec contains the role configuration, including identity type, authentication method, and role attributes
Outputs
All input properties are implicitly available as output properties. Additionally, the PostgresRole resource produces the following output properties:
- Create
Time string - (string)
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- (string) - Output only. The full resource path of the role. Format: projects/{project_id}/branches/{branch_id}/roles/{role_id}
- Status
Postgres
Role Status - (RoleRoleStatus) - Current status of the role, including its identity type, authentication method, and role attributes
- Update
Time string - (string)
- Create
Time string - (string)
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- (string) - Output only. The full resource path of the role. Format: projects/{project_id}/branches/{branch_id}/roles/{role_id}
- Status
Postgres
Role Status - (RoleRoleStatus) - Current status of the role, including its identity type, authentication method, and role attributes
- Update
Time string - (string)
- create
Time String - (string)
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- (string) - Output only. The full resource path of the role. Format: projects/{project_id}/branches/{branch_id}/roles/{role_id}
- status
Postgres
Role Status - (RoleRoleStatus) - Current status of the role, including its identity type, authentication method, and role attributes
- update
Time String - (string)
- create
Time string - (string)
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- (string) - Output only. The full resource path of the role. Format: projects/{project_id}/branches/{branch_id}/roles/{role_id}
- status
Postgres
Role Status - (RoleRoleStatus) - Current status of the role, including its identity type, authentication method, and role attributes
- update
Time string - (string)
- create_
time str - (string)
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- (string) - Output only. The full resource path of the role. Format: projects/{project_id}/branches/{branch_id}/roles/{role_id}
- status
Postgres
Role Status - (RoleRoleStatus) - Current status of the role, including its identity type, authentication method, and role attributes
- update_
time str - (string)
- create
Time String - (string)
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- (string) - Output only. The full resource path of the role. Format: projects/{project_id}/branches/{branch_id}/roles/{role_id}
- status Property Map
- (RoleRoleStatus) - Current status of the role, including its identity type, authentication method, and role attributes
- update
Time String - (string)
Look up Existing PostgresRole Resource
Get an existing PostgresRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PostgresRoleState, opts?: CustomResourceOptions): PostgresRole@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
create_time: Optional[str] = None,
name: Optional[str] = None,
parent: Optional[str] = None,
provider_config: Optional[PostgresRoleProviderConfigArgs] = None,
role_id: Optional[str] = None,
spec: Optional[PostgresRoleSpecArgs] = None,
status: Optional[PostgresRoleStatusArgs] = None,
update_time: Optional[str] = None) -> PostgresRolefunc GetPostgresRole(ctx *Context, name string, id IDInput, state *PostgresRoleState, opts ...ResourceOption) (*PostgresRole, error)public static PostgresRole Get(string name, Input<string> id, PostgresRoleState? state, CustomResourceOptions? opts = null)public static PostgresRole get(String name, Output<String> id, PostgresRoleState state, CustomResourceOptions options)resources: _: type: databricks:PostgresRole get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Create
Time string - (string)
- Name string
- (string) - Output only. The full resource path of the role. Format: projects/{project_id}/branches/{branch_id}/roles/{role_id}
- Parent string
- The Branch where this Role exists. Format: projects/{project_id}/branches/{branch_id}
- Provider
Config PostgresRole Provider Config - Configure the provider for management through account provider.
- Role
Id string The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- Spec
Postgres
Role Spec - The spec contains the role configuration, including identity type, authentication method, and role attributes
- Status
Postgres
Role Status - (RoleRoleStatus) - Current status of the role, including its identity type, authentication method, and role attributes
- Update
Time string - (string)
- Create
Time string - (string)
- Name string
- (string) - Output only. The full resource path of the role. Format: projects/{project_id}/branches/{branch_id}/roles/{role_id}
- Parent string
- The Branch where this Role exists. Format: projects/{project_id}/branches/{branch_id}
- Provider
Config PostgresRole Provider Config Args - Configure the provider for management through account provider.
- Role
Id string The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- Spec
Postgres
Role Spec Args - The spec contains the role configuration, including identity type, authentication method, and role attributes
- Status
Postgres
Role Status Args - (RoleRoleStatus) - Current status of the role, including its identity type, authentication method, and role attributes
- Update
Time string - (string)
- create
Time String - (string)
- name String
- (string) - Output only. The full resource path of the role. Format: projects/{project_id}/branches/{branch_id}/roles/{role_id}
- parent String
- The Branch where this Role exists. Format: projects/{project_id}/branches/{branch_id}
- provider
Config PostgresRole Provider Config - Configure the provider for management through account provider.
- role
Id String The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- spec
Postgres
Role Spec - The spec contains the role configuration, including identity type, authentication method, and role attributes
- status
Postgres
Role Status - (RoleRoleStatus) - Current status of the role, including its identity type, authentication method, and role attributes
- update
Time String - (string)
- create
Time string - (string)
- name string
- (string) - Output only. The full resource path of the role. Format: projects/{project_id}/branches/{branch_id}/roles/{role_id}
- parent string
- The Branch where this Role exists. Format: projects/{project_id}/branches/{branch_id}
- provider
Config PostgresRole Provider Config - Configure the provider for management through account provider.
- role
Id string The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- spec
Postgres
Role Spec - The spec contains the role configuration, including identity type, authentication method, and role attributes
- status
Postgres
Role Status - (RoleRoleStatus) - Current status of the role, including its identity type, authentication method, and role attributes
- update
Time string - (string)
- create_
time str - (string)
- name str
- (string) - Output only. The full resource path of the role. Format: projects/{project_id}/branches/{branch_id}/roles/{role_id}
- parent str
- The Branch where this Role exists. Format: projects/{project_id}/branches/{branch_id}
- provider_
config PostgresRole Provider Config Args - Configure the provider for management through account provider.
- role_
id str The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- spec
Postgres
Role Spec Args - The spec contains the role configuration, including identity type, authentication method, and role attributes
- status
Postgres
Role Status Args - (RoleRoleStatus) - Current status of the role, including its identity type, authentication method, and role attributes
- update_
time str - (string)
- create
Time String - (string)
- name String
- (string) - Output only. The full resource path of the role. Format: projects/{project_id}/branches/{branch_id}/roles/{role_id}
- parent String
- The Branch where this Role exists. Format: projects/{project_id}/branches/{branch_id}
- provider
Config Property Map - Configure the provider for management through account provider.
- role
Id String The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- spec Property Map
- The spec contains the role configuration, including identity type, authentication method, and role attributes
- status Property Map
- (RoleRoleStatus) - Current status of the role, including its identity type, authentication method, and role attributes
- update
Time String - (string)
Supporting Types
PostgresRoleProviderConfig, PostgresRoleProviderConfigArgs
- Workspace
Id string - Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
- Workspace
Id string - Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
- workspace
Id String - Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
- workspace
Id string - Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
- workspace_
id str - Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
- workspace
Id String - Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
PostgresRoleSpec, PostgresRoleSpecArgs
- Attributes
Postgres
Role Spec Attributes - Auth
Method string - Identity
Type string - Membership
Roles List<string> - Postgres
Role string
- Attributes
Postgres
Role Spec Attributes - Auth
Method string - Identity
Type string - Membership
Roles []string - Postgres
Role string
- attributes
Postgres
Role Spec Attributes - auth
Method String - identity
Type String - membership
Roles List<String> - postgres
Role String
- attributes
Postgres
Role Spec Attributes - auth
Method string - identity
Type string - membership
Roles string[] - postgres
Role string
- attributes
Postgres
Role Spec Attributes - auth_
method str - identity_
type str - membership_
roles Sequence[str] - postgres_
role str
- attributes Property Map
- auth
Method String - identity
Type String - membership
Roles List<String> - postgres
Role String
PostgresRoleSpecAttributes, PostgresRoleSpecAttributesArgs
- Bypassrls bool
- Createdb bool
- Createrole bool
- Bypassrls bool
- Createdb bool
- Createrole bool
- bypassrls Boolean
- createdb Boolean
- createrole Boolean
- bypassrls boolean
- createdb boolean
- createrole boolean
- bypassrls bool
- createdb bool
- createrole bool
- bypassrls Boolean
- createdb Boolean
- createrole Boolean
PostgresRoleStatus, PostgresRoleStatusArgs
- Attributes
Postgres
Role Status Attributes - Auth
Method string - Identity
Type string - Membership
Roles List<string> - Postgres
Role string - Role
Id string The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- Attributes
Postgres
Role Status Attributes - Auth
Method string - Identity
Type string - Membership
Roles []string - Postgres
Role string - Role
Id string The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- attributes
Postgres
Role Status Attributes - auth
Method String - identity
Type String - membership
Roles List<String> - postgres
Role String - role
Id String The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- attributes
Postgres
Role Status Attributes - auth
Method string - identity
Type string - membership
Roles string[] - postgres
Role string - role
Id string The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- attributes
Postgres
Role Status Attributes - auth_
method str - identity_
type str - membership_
roles Sequence[str] - postgres_
role str - role_
id str The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
- attributes Property Map
- auth
Method String - identity
Type String - membership
Roles List<String> - postgres
Role String - role
Id String The ID to use for the Role, which will become the final component of the role's resource name. This ID becomes the role in Postgres.
This value should be 4-63 characters, and valid characters are lowercase letters, numbers, and hyphens, as defined by RFC 1123.
If roleId is not specified in the request, it is generated automatically
PostgresRoleStatusAttributes, PostgresRoleStatusAttributesArgs
- Bypassrls bool
- Createdb bool
- Createrole bool
- Bypassrls bool
- Createdb bool
- Createrole bool
- bypassrls Boolean
- createdb Boolean
- createrole Boolean
- bypassrls boolean
- createdb boolean
- createrole boolean
- bypassrls bool
- createdb bool
- createrole bool
- bypassrls Boolean
- createdb Boolean
- createrole Boolean
Package Details
- Repository
- databricks pulumi/pulumi-databricks
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
databricksTerraform Provider.
published on Friday, May 1, 2026 by Pulumi
