import * as pulumi from "@pulumi/pulumi"; /** * Create or overwrite the ACL associated with the given principal (user or group) on the specified databricks_secret_scope. Please consult [Secrets User Guide](https://docs.databricks.com/security/secrets/index.html#secrets-user-guide) for more details. * * ## Example Usage * * This way, data scientists can read the Publishing API key that is synchronized from, for example, Azure Key Vault. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as databricks from "@pulumi/databricks"; * * const ds = new databricks.Group("ds", {displayName: "data-scientists"}); * const app = new databricks.SecretScope("app", {name: "app-secret-scope"}); * const mySecretAcl = new databricks.SecretAcl("my_secret_acl", { * principal: ds.displayName, * permission: "READ", * scope: app.name, * }); * const publishingApi = new databricks.Secret("publishing_api", { * key: "publishing_api", * stringValue: example.value, * scope: app.name, * }); * ``` * * ## Related Resources * * The following resources are often used in the same context: * * * End to end workspace management guide. * * databricks.Notebook to manage [Databricks Notebooks](https://docs.databricks.com/notebooks/index.html). * * databricks.Permissions to manage [access control](https://docs.databricks.com/security/access-control/index.html) in Databricks workspace. * * databricks.Repo to manage [Databricks Repos](https://docs.databricks.com/repos.html). * * databricks.Secret to manage [secrets](https://docs.databricks.com/security/secrets/index.html#secrets-user-guide) in Databricks workspace. * * databricks.SecretScope to create [secret scopes](https://docs.databricks.com/security/secrets/index.html#secrets-user-guide) in Databricks workspace. * * ## Import * * The resource secret acl can be imported using `scopeName|||principalName` combination. * * bash * * ```sh * $ pulumi import databricks:index/secretAcl:SecretAcl object `scopeName|||principalName` * ``` */ export declare class SecretAcl extends pulumi.CustomResource { /** * Get an existing SecretAcl resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: SecretAclState, opts?: pulumi.CustomResourceOptions): SecretAcl; /** * Returns true if the given object is an instance of SecretAcl. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is SecretAcl; /** * `READ`, `WRITE` or `MANAGE`. */ readonly permission: pulumi.Output; /** * principal's identifier. It can be: */ readonly principal: pulumi.Output; /** * name of the scope */ readonly scope: pulumi.Output; /** * Create a SecretAcl resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: SecretAclArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering SecretAcl resources. */ export interface SecretAclState { /** * `READ`, `WRITE` or `MANAGE`. */ permission?: pulumi.Input; /** * principal's identifier. It can be: */ principal?: pulumi.Input; /** * name of the scope */ scope?: pulumi.Input; } /** * The set of arguments for constructing a SecretAcl resource. */ export interface SecretAclArgs { /** * `READ`, `WRITE` or `MANAGE`. */ permission: pulumi.Input; /** * principal's identifier. It can be: */ principal: pulumi.Input; /** * name of the scope */ scope: pulumi.Input; }