import * as pulumi from "@pulumi/pulumi";
/**
 * Builds an `OrganizationRole.permissions` descriptor that grants the supplied scopes only on the named stack. The `stackId` is the stack's opaque Pulumi Cloud identifier — distinct from the `organization/project/stack` triple. The result is directly assignable to `OrganizationRole.permissions`. To grant scopes on more than one entity in a single role, hand-roll a `PermissionDescriptorGroup` whose `entries` list pulls the output of each helper.
 */
export declare function buildStackScopedPermissions(args: BuildStackScopedPermissionsArgs, opts?: pulumi.InvokeOptions): Promise<BuildStackScopedPermissionsResult>;
export interface BuildStackScopedPermissionsArgs {
    /**
     * The set of `stack:*` scopes to grant on the target stack (e.g. `stack:read`, `stack:edit`, `stack:admin`). Discover valid scope names via the `getOrganizationRoleScopes` data source.
     */
    permissions: string[];
    /**
     * The target stack's opaque Pulumi Cloud identifier (not the `organization/project/stack` triple).
     */
    stackId: string;
}
export interface BuildStackScopedPermissionsResult {
    /**
     * A `PermissionDescriptorCondition` tree gating a `PermissionDescriptorAllow` on the named stack, ready to assign to `OrganizationRole.permissions`.
     */
    readonly permissions: {
        [key: string]: any;
    };
}
/**
 * Builds an `OrganizationRole.permissions` descriptor that grants the supplied scopes only on the named stack. The `stackId` is the stack's opaque Pulumi Cloud identifier — distinct from the `organization/project/stack` triple. The result is directly assignable to `OrganizationRole.permissions`. To grant scopes on more than one entity in a single role, hand-roll a `PermissionDescriptorGroup` whose `entries` list pulls the output of each helper.
 */
export declare function buildStackScopedPermissionsOutput(args: BuildStackScopedPermissionsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<BuildStackScopedPermissionsResult>;
export interface BuildStackScopedPermissionsOutputArgs {
    /**
     * The set of `stack:*` scopes to grant on the target stack (e.g. `stack:read`, `stack:edit`, `stack:admin`). Discover valid scope names via the `getOrganizationRoleScopes` data source.
     */
    permissions: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * The target stack's opaque Pulumi Cloud identifier (not the `organization/project/stack` triple).
     */
    stackId: pulumi.Input<string>;
}
//# sourceMappingURL=buildStackScopedPermissions.d.ts.map