import * as pulumi from "@pulumi/pulumi";
/**
 * Provides a resource to manage vke permission
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as volcengine from "@pulumi/volcengine";
 * import * as volcengine from "@volcengine/pulumi";
 *
 * const fooZones = volcengine.ecs.getZones({});
 * // create vpc
 * const fooVpc = new volcengine.vpc.Vpc("fooVpc", {
 *     vpcName: "acc-test-vpc",
 *     cidrBlock: "172.16.0.0/16",
 * });
 * // create subnet
 * const fooSubnet = new volcengine.vpc.Subnet("fooSubnet", {
 *     subnetName: "acc-test-subnet",
 *     cidrBlock: "172.16.0.0/24",
 *     zoneId: fooZones.then(fooZones => fooZones.zones?.[0]?.id),
 *     vpcId: fooVpc.id,
 * });
 * // create security group
 * const fooSecurityGroup = new volcengine.vpc.SecurityGroup("fooSecurityGroup", {
 *     securityGroupName: "acc-test-security-group",
 *     vpcId: fooVpc.id,
 * });
 * // create vke cluster
 * const fooCluster = new volcengine.vke.Cluster("fooCluster", {
 *     description: "created by terraform",
 *     projectName: "default",
 *     deleteProtectionEnabled: false,
 *     clusterConfig: {
 *         subnetIds: [fooSubnet.id],
 *         apiServerPublicAccessEnabled: true,
 *         apiServerPublicAccessConfig: {
 *             publicAccessNetworkConfig: {
 *                 billingType: "PostPaidByBandwidth",
 *                 bandwidth: 1,
 *             },
 *         },
 *         resourcePublicAccessDefaultEnabled: true,
 *     },
 *     podsConfig: {
 *         podNetworkMode: "VpcCniShared",
 *         vpcCniConfig: {
 *             subnetIds: [fooSubnet.id],
 *         },
 *     },
 *     servicesConfig: {
 *         serviceCidrsv4s: ["172.30.0.0/18"],
 *     },
 *     tags: [{
 *         key: "tf-k1",
 *         value: "tf-v1",
 *     }],
 * });
 * const fooPermission = new volcengine.vke.Permission("fooPermission", {
 *     roleName: "vke:visitor",
 *     granteeId: 385500000,
 *     granteeType: "User",
 *     roleDomain: "cluster",
 *     clusterId: fooCluster.id,
 * });
 * ```
 *
 * ## Import
 *
 * VkePermission can be imported using the id, e.g.
 *
 * ```sh
 * $ pulumi import volcengine:vke/permission:Permission default resource_id
 * ```
 */
export declare class Permission extends pulumi.CustomResource {
    /**
     * Get an existing Permission resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PermissionState, opts?: pulumi.CustomResourceOptions): Permission;
    /**
     * Returns true if the given object is an instance of Permission.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is Permission;
    /**
     * The authorized time of the RBAC Permission.
     */
    readonly authorizedAt: pulumi.Output<string>;
    /**
     * The ID of the Authorizer.
     */
    readonly authorizerId: pulumi.Output<number>;
    /**
     * The name of the Authorizer.
     */
    readonly authorizerName: pulumi.Output<string>;
    /**
     * The type of the Authorizer.
     */
    readonly authorizerType: pulumi.Output<string>;
    /**
     * The cluster ID that needs to be authorized to IAM users or roles.
     */
    readonly clusterId: pulumi.Output<string>;
    /**
     * The granted time of the RBAC Permission.
     */
    readonly grantedAt: pulumi.Output<string>;
    /**
     * The ID of the grantee.
     */
    readonly granteeId: pulumi.Output<number>;
    /**
     * The type of the grantee. Valid values: `User`.
     */
    readonly granteeType: pulumi.Output<string>;
    /**
     * Whether the RBAC role is a custom role. Default is false.
     */
    readonly isCustomRole: pulumi.Output<boolean>;
    /**
     * The name of the Kube Role Binding.
     */
    readonly kubeRoleBindingName: pulumi.Output<string>;
    /**
     * The message of the RBAC Permission.
     */
    readonly message: pulumi.Output<string>;
    /**
     * The namespace that needs to be authorized to IAM users or roles.
     */
    readonly namespace: pulumi.Output<string>;
    /**
     * The revoked time of the RBAC Permission.
     */
    readonly revokedAt: pulumi.Output<string>;
    /**
     * The types of permissions granted to IAM users or roles. Valid values: `namespace`, `cluster`, `allClusters`.
     * When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignoreChanges ignore changes in fields.
     */
    readonly roleDomain: pulumi.Output<string>;
    /**
     * The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
     */
    readonly roleName: pulumi.Output<string>;
    /**
     * The status of the RBAC Permission.
     */
    readonly status: pulumi.Output<string>;
    /**
     * Create a Permission resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: PermissionArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering Permission resources.
 */
export interface PermissionState {
    /**
     * The authorized time of the RBAC Permission.
     */
    authorizedAt?: pulumi.Input<string>;
    /**
     * The ID of the Authorizer.
     */
    authorizerId?: pulumi.Input<number>;
    /**
     * The name of the Authorizer.
     */
    authorizerName?: pulumi.Input<string>;
    /**
     * The type of the Authorizer.
     */
    authorizerType?: pulumi.Input<string>;
    /**
     * The cluster ID that needs to be authorized to IAM users or roles.
     */
    clusterId?: pulumi.Input<string>;
    /**
     * The granted time of the RBAC Permission.
     */
    grantedAt?: pulumi.Input<string>;
    /**
     * The ID of the grantee.
     */
    granteeId?: pulumi.Input<number>;
    /**
     * The type of the grantee. Valid values: `User`.
     */
    granteeType?: pulumi.Input<string>;
    /**
     * Whether the RBAC role is a custom role. Default is false.
     */
    isCustomRole?: pulumi.Input<boolean>;
    /**
     * The name of the Kube Role Binding.
     */
    kubeRoleBindingName?: pulumi.Input<string>;
    /**
     * The message of the RBAC Permission.
     */
    message?: pulumi.Input<string>;
    /**
     * The namespace that needs to be authorized to IAM users or roles.
     */
    namespace?: pulumi.Input<string>;
    /**
     * The revoked time of the RBAC Permission.
     */
    revokedAt?: pulumi.Input<string>;
    /**
     * The types of permissions granted to IAM users or roles. Valid values: `namespace`, `cluster`, `allClusters`.
     * When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignoreChanges ignore changes in fields.
     */
    roleDomain?: pulumi.Input<string>;
    /**
     * The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
     */
    roleName?: pulumi.Input<string>;
    /**
     * The status of the RBAC Permission.
     */
    status?: pulumi.Input<string>;
}
/**
 * The set of arguments for constructing a Permission resource.
 */
export interface PermissionArgs {
    /**
     * The cluster ID that needs to be authorized to IAM users or roles.
     */
    clusterId?: pulumi.Input<string>;
    /**
     * The ID of the grantee.
     */
    granteeId: pulumi.Input<number>;
    /**
     * The type of the grantee. Valid values: `User`.
     */
    granteeType: pulumi.Input<string>;
    /**
     * Whether the RBAC role is a custom role. Default is false.
     */
    isCustomRole?: pulumi.Input<boolean>;
    /**
     * The namespace that needs to be authorized to IAM users or roles.
     */
    namespace?: pulumi.Input<string>;
    /**
     * The types of permissions granted to IAM users or roles. Valid values: `namespace`, `cluster`, `allClusters`.
     * When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignoreChanges ignore changes in fields.
     */
    roleDomain: pulumi.Input<string>;
    /**
     * The name of RBAC role. The following RBAC permissions can be granted: custom role name, system preset role names.
     */
    roleName: pulumi.Input<string>;
}
