import * as pulumi from "@pulumi/pulumi";
/**
 * Builds an `OrganizationRole.permissions` descriptor that grants the supplied scopes only on the named environment. Pair with `Environment.environmentId` (or the `getEnvironment` data source) to avoid hand-rolling the `PermissionDescriptorCondition` tree yourself. The result is directly assignable to `OrganizationRole.permissions`. To grant scopes on more than one entity in a single role, hand-roll a `PermissionDescriptorGroup` whose `entries` list pulls the output of each helper.
 */
export declare function buildEnvironmentScopedPermissions(args: BuildEnvironmentScopedPermissionsArgs, opts?: pulumi.InvokeOptions): Promise<BuildEnvironmentScopedPermissionsResult>;
export interface BuildEnvironmentScopedPermissionsArgs {
    /**
     * The target environment's UUID. Use the `environmentId` output of an `Environment` resource or the `getEnvironment` data source.
     */
    environmentId: string;
    /**
     * The set of `environment:*` scopes to grant on the target environment (e.g. `environment:read`, `environment:open`, `environment:update`). Discover valid scope names via the `getOrganizationRoleScopes` data source.
     */
    permissions: string[];
}
export interface BuildEnvironmentScopedPermissionsResult {
    /**
     * A `PermissionDescriptorCondition` tree gating a `PermissionDescriptorAllow` on the named environment, ready to assign to `OrganizationRole.permissions`.
     */
    readonly permissions: {
        [key: string]: any;
    };
}
/**
 * Builds an `OrganizationRole.permissions` descriptor that grants the supplied scopes only on the named environment. Pair with `Environment.environmentId` (or the `getEnvironment` data source) to avoid hand-rolling the `PermissionDescriptorCondition` tree yourself. The result is directly assignable to `OrganizationRole.permissions`. To grant scopes on more than one entity in a single role, hand-roll a `PermissionDescriptorGroup` whose `entries` list pulls the output of each helper.
 */
export declare function buildEnvironmentScopedPermissionsOutput(args: BuildEnvironmentScopedPermissionsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<BuildEnvironmentScopedPermissionsResult>;
export interface BuildEnvironmentScopedPermissionsOutputArgs {
    /**
     * The target environment's UUID. Use the `environmentId` output of an `Environment` resource or the `getEnvironment` data source.
     */
    environmentId: pulumi.Input<string>;
    /**
     * The set of `environment:*` scopes to grant on the target environment (e.g. `environment:read`, `environment:open`, `environment:update`). Discover valid scope names via the `getOrganizationRoleScopes` data source.
     */
    permissions: pulumi.Input<pulumi.Input<string>[]>;
}
//# sourceMappingURL=buildEnvironmentScopedPermissions.d.ts.map