pulumi-aiven 6.30.0a1734412023__py3-none-any.whl → 6.30.0a1734637105__py3-none-any.whl

pulumi_aiven/kafka_native_acl.py

@@ -30,15 +30,15 @@ class KafkaNativeAclArgs:
                  host: Optional[pulumi.Input[str]] = None):
         """
         The set of arguments for constructing a KafkaNativeAcl resource.
-        :param pulumi.Input[str] operation: The operation. The possible values are `All`, `Alter`, `AlterConfigs`, `ClusterAction`, `Create`, `CreateTokens`, `Delete`, `Describe`, `DescribeConfigs`, `DescribeTokens`, `IdempotentWrite`, `Read` and `Write`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] operation: The action that a principal is allowed or denied on the Kafka resource. The possible values are `All`, `Alter`, `AlterConfigs`, `ClusterAction`, `Create`, `CreateTokens`, `Delete`, `Describe`, `DescribeConfigs`, `DescribeTokens`, `IdempotentWrite`, `Read` and `Write`. Changing this property forces recreation of the resource.
         :param pulumi.Input[str] pattern_type: Resource pattern used to match specified resources. The possible values are `LITERAL` and `PREFIXED`. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] permission_type: The permission type. The possible values are `ALLOW` and `DENY`. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] principal: Principal is in type:name' format. Maximum length: `256`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] permission_type: Specifies whether the action is explicitly allowed or denied for the principal on the specified resource. The possible values are `ALLOW` and `DENY`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] principal: Identities in `user:name` format that the permissions apply to. The `name` supports wildcards. Maximum length: `256`. Changing this property forces recreation of the resource.
         :param pulumi.Input[str] project: The name of the project this resource belongs to. To set up proper dependencies please refer to this variable as a reference. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] resource_name: The kafka resource name. Maximum length: `256`. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] resource_type: The kafka resource type. The possible values are `Topic`, `Group`, `Cluster`, `TransactionalId`, `DelegationToken` and `User`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] resource_name: The name of the Kafka resource the permission applies to, such as the topic name or group ID. Maximum length: `256`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] resource_type: The type of Kafka resource. The possible values are `Topic`, `Group`, `Cluster`, `TransactionalId`, `DelegationToken` and `User`. Changing this property forces recreation of the resource.
         :param pulumi.Input[str] service_name: The name of the service that this resource belongs to. To set up proper dependencies please refer to this variable as a reference. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] host: The host or `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] host: The IP address from which a principal is allowed or denied access to the resource. Use `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
         """
         pulumi.set(__self__, "operation", operation)
         pulumi.set(__self__, "pattern_type", pattern_type)
@@ -55,7 +55,7 @@ class KafkaNativeAclArgs:
     @pulumi.getter
     def operation(self) -> pulumi.Input[str]:
         """
-        The operation. The possible values are `All`, `Alter`, `AlterConfigs`, `ClusterAction`, `Create`, `CreateTokens`, `Delete`, `Describe`, `DescribeConfigs`, `DescribeTokens`, `IdempotentWrite`, `Read` and `Write`. Changing this property forces recreation of the resource.
+        The action that a principal is allowed or denied on the Kafka resource. The possible values are `All`, `Alter`, `AlterConfigs`, `ClusterAction`, `Create`, `CreateTokens`, `Delete`, `Describe`, `DescribeConfigs`, `DescribeTokens`, `IdempotentWrite`, `Read` and `Write`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "operation")
 
@@ -79,7 +79,7 @@ class KafkaNativeAclArgs:
     @pulumi.getter(name="permissionType")
     def permission_type(self) -> pulumi.Input[str]:
         """
-        The permission type. The possible values are `ALLOW` and `DENY`. Changing this property forces recreation of the resource.
+        Specifies whether the action is explicitly allowed or denied for the principal on the specified resource. The possible values are `ALLOW` and `DENY`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "permission_type")
 
@@ -91,7 +91,7 @@ class KafkaNativeAclArgs:
     @pulumi.getter
     def principal(self) -> pulumi.Input[str]:
         """
-        Principal is in type:name' format. Maximum length: `256`. Changing this property forces recreation of the resource.
+        Identities in `user:name` format that the permissions apply to. The `name` supports wildcards. Maximum length: `256`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "principal")
 
@@ -115,7 +115,7 @@ class KafkaNativeAclArgs:
     @pulumi.getter(name="resourceName")
     def resource_name(self) -> pulumi.Input[str]:
         """
-        The kafka resource name. Maximum length: `256`. Changing this property forces recreation of the resource.
+        The name of the Kafka resource the permission applies to, such as the topic name or group ID. Maximum length: `256`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "resource_name")
 
@@ -127,7 +127,7 @@ class KafkaNativeAclArgs:
     @pulumi.getter(name="resourceType")
     def resource_type(self) -> pulumi.Input[str]:
         """
-        The kafka resource type. The possible values are `Topic`, `Group`, `Cluster`, `TransactionalId`, `DelegationToken` and `User`. Changing this property forces recreation of the resource.
+        The type of Kafka resource. The possible values are `Topic`, `Group`, `Cluster`, `TransactionalId`, `DelegationToken` and `User`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "resource_type")
 
@@ -151,7 +151,7 @@ class KafkaNativeAclArgs:
     @pulumi.getter
     def host(self) -> Optional[pulumi.Input[str]]:
         """
-        The host or `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
+        The IP address from which a principal is allowed or denied access to the resource. Use `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "host")
 
@@ -174,14 +174,14 @@ class _KafkaNativeAclState:
                  service_name: Optional[pulumi.Input[str]] = None):
         """
         Input properties used for looking up and filtering KafkaNativeAcl resources.
-        :param pulumi.Input[str] host: The host or `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] operation: The operation. The possible values are `All`, `Alter`, `AlterConfigs`, `ClusterAction`, `Create`, `CreateTokens`, `Delete`, `Describe`, `DescribeConfigs`, `DescribeTokens`, `IdempotentWrite`, `Read` and `Write`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] host: The IP address from which a principal is allowed or denied access to the resource. Use `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] operation: The action that a principal is allowed or denied on the Kafka resource. The possible values are `All`, `Alter`, `AlterConfigs`, `ClusterAction`, `Create`, `CreateTokens`, `Delete`, `Describe`, `DescribeConfigs`, `DescribeTokens`, `IdempotentWrite`, `Read` and `Write`. Changing this property forces recreation of the resource.
         :param pulumi.Input[str] pattern_type: Resource pattern used to match specified resources. The possible values are `LITERAL` and `PREFIXED`. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] permission_type: The permission type. The possible values are `ALLOW` and `DENY`. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] principal: Principal is in type:name' format. Maximum length: `256`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] permission_type: Specifies whether the action is explicitly allowed or denied for the principal on the specified resource. The possible values are `ALLOW` and `DENY`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] principal: Identities in `user:name` format that the permissions apply to. The `name` supports wildcards. Maximum length: `256`. Changing this property forces recreation of the resource.
         :param pulumi.Input[str] project: The name of the project this resource belongs to. To set up proper dependencies please refer to this variable as a reference. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] resource_name: The kafka resource name. Maximum length: `256`. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] resource_type: The kafka resource type. The possible values are `Topic`, `Group`, `Cluster`, `TransactionalId`, `DelegationToken` and `User`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] resource_name: The name of the Kafka resource the permission applies to, such as the topic name or group ID. Maximum length: `256`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] resource_type: The type of Kafka resource. The possible values are `Topic`, `Group`, `Cluster`, `TransactionalId`, `DelegationToken` and `User`. Changing this property forces recreation of the resource.
         :param pulumi.Input[str] service_name: The name of the service that this resource belongs to. To set up proper dependencies please refer to this variable as a reference. Changing this property forces recreation of the resource.
         """
         if host is not None:
@@ -207,7 +207,7 @@ class _KafkaNativeAclState:
     @pulumi.getter
     def host(self) -> Optional[pulumi.Input[str]]:
         """
-        The host or `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
+        The IP address from which a principal is allowed or denied access to the resource. Use `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "host")
 
@@ -219,7 +219,7 @@ class _KafkaNativeAclState:
     @pulumi.getter
     def operation(self) -> Optional[pulumi.Input[str]]:
         """
-        The operation. The possible values are `All`, `Alter`, `AlterConfigs`, `ClusterAction`, `Create`, `CreateTokens`, `Delete`, `Describe`, `DescribeConfigs`, `DescribeTokens`, `IdempotentWrite`, `Read` and `Write`. Changing this property forces recreation of the resource.
+        The action that a principal is allowed or denied on the Kafka resource. The possible values are `All`, `Alter`, `AlterConfigs`, `ClusterAction`, `Create`, `CreateTokens`, `Delete`, `Describe`, `DescribeConfigs`, `DescribeTokens`, `IdempotentWrite`, `Read` and `Write`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "operation")
 
@@ -243,7 +243,7 @@ class _KafkaNativeAclState:
     @pulumi.getter(name="permissionType")
     def permission_type(self) -> Optional[pulumi.Input[str]]:
         """
-        The permission type. The possible values are `ALLOW` and `DENY`. Changing this property forces recreation of the resource.
+        Specifies whether the action is explicitly allowed or denied for the principal on the specified resource. The possible values are `ALLOW` and `DENY`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "permission_type")
 
@@ -255,7 +255,7 @@ class _KafkaNativeAclState:
     @pulumi.getter
     def principal(self) -> Optional[pulumi.Input[str]]:
         """
-        Principal is in type:name' format. Maximum length: `256`. Changing this property forces recreation of the resource.
+        Identities in `user:name` format that the permissions apply to. The `name` supports wildcards. Maximum length: `256`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "principal")
 
@@ -279,7 +279,7 @@ class _KafkaNativeAclState:
     @pulumi.getter(name="resourceName")
     def resource_name(self) -> Optional[pulumi.Input[str]]:
         """
-        The kafka resource name. Maximum length: `256`. Changing this property forces recreation of the resource.
+        The name of the Kafka resource the permission applies to, such as the topic name or group ID. Maximum length: `256`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "resource_name")
 
@@ -291,7 +291,7 @@ class _KafkaNativeAclState:
     @pulumi.getter(name="resourceType")
     def resource_type(self) -> Optional[pulumi.Input[str]]:
         """
-        The kafka resource type. The possible values are `Topic`, `Group`, `Cluster`, `TransactionalId`, `DelegationToken` and `User`. Changing this property forces recreation of the resource.
+        The type of Kafka resource. The possible values are `Topic`, `Group`, `Cluster`, `TransactionalId`, `DelegationToken` and `User`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "resource_type")
 
@@ -328,18 +328,45 @@ class KafkaNativeAcl(pulumi.CustomResource):
                  service_name: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
-        Manages native acls in [kafka service](https://aiven.io/docs/products/kafka/concepts/acl).
+        Creates and manages Kafka-native [access control lists](https://aiven.io/docs/products/kafka/concepts/acl) (ACLs) for an Aiven for Apache Kafka® service. ACLs control access to Kafka topics, consumer groups,
+        clusters, and Schema Registry.
+
+        Kafka-native ACLs provide advanced resource-level access control with fine-grained permissions, including `ALLOW` and `DENY` rules. For simplified topic-level control you can use Aiven ACLs.
+
+        ## Example Usage
+
+        ```python
+        import pulumi
+        import pulumi_aiven as aiven
+
+        example_acl = aiven.KafkaNativeAcl("example_acl",
+            project=example_project["project"],
+            service_name=example_kafka["serviceName"],
+            resource_type="Topic",
+            resource_name_="example-topic",
+            principal="User:example-user",
+            operation="Read",
+            pattern_type="LITERAL",
+            permission_type="ALLOW",
+            host="198.51.100.0")
+        ```
+
+        ## Import
+
+        ```sh
+        $ pulumi import aiven:index/kafkaNativeAcl:KafkaNativeAcl example_acl PROJECT/SERVICE_NAME/ID
+        ```
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] host: The host or `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] operation: The operation. The possible values are `All`, `Alter`, `AlterConfigs`, `ClusterAction`, `Create`, `CreateTokens`, `Delete`, `Describe`, `DescribeConfigs`, `DescribeTokens`, `IdempotentWrite`, `Read` and `Write`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] host: The IP address from which a principal is allowed or denied access to the resource. Use `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] operation: The action that a principal is allowed or denied on the Kafka resource. The possible values are `All`, `Alter`, `AlterConfigs`, `ClusterAction`, `Create`, `CreateTokens`, `Delete`, `Describe`, `DescribeConfigs`, `DescribeTokens`, `IdempotentWrite`, `Read` and `Write`. Changing this property forces recreation of the resource.
         :param pulumi.Input[str] pattern_type: Resource pattern used to match specified resources. The possible values are `LITERAL` and `PREFIXED`. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] permission_type: The permission type. The possible values are `ALLOW` and `DENY`. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] principal: Principal is in type:name' format. Maximum length: `256`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] permission_type: Specifies whether the action is explicitly allowed or denied for the principal on the specified resource. The possible values are `ALLOW` and `DENY`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] principal: Identities in `user:name` format that the permissions apply to. The `name` supports wildcards. Maximum length: `256`. Changing this property forces recreation of the resource.
         :param pulumi.Input[str] project: The name of the project this resource belongs to. To set up proper dependencies please refer to this variable as a reference. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] resource_name_: The kafka resource name. Maximum length: `256`. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] resource_type: The kafka resource type. The possible values are `Topic`, `Group`, `Cluster`, `TransactionalId`, `DelegationToken` and `User`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] resource_name_: The name of the Kafka resource the permission applies to, such as the topic name or group ID. Maximum length: `256`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] resource_type: The type of Kafka resource. The possible values are `Topic`, `Group`, `Cluster`, `TransactionalId`, `DelegationToken` and `User`. Changing this property forces recreation of the resource.
         :param pulumi.Input[str] service_name: The name of the service that this resource belongs to. To set up proper dependencies please refer to this variable as a reference. Changing this property forces recreation of the resource.
         """
         ...
@@ -349,7 +376,34 @@ class KafkaNativeAcl(pulumi.CustomResource):
                  args: KafkaNativeAclArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
-        Manages native acls in [kafka service](https://aiven.io/docs/products/kafka/concepts/acl).
+        Creates and manages Kafka-native [access control lists](https://aiven.io/docs/products/kafka/concepts/acl) (ACLs) for an Aiven for Apache Kafka® service. ACLs control access to Kafka topics, consumer groups,
+        clusters, and Schema Registry.
+
+        Kafka-native ACLs provide advanced resource-level access control with fine-grained permissions, including `ALLOW` and `DENY` rules. For simplified topic-level control you can use Aiven ACLs.
+
+        ## Example Usage
+
+        ```python
+        import pulumi
+        import pulumi_aiven as aiven
+
+        example_acl = aiven.KafkaNativeAcl("example_acl",
+            project=example_project["project"],
+            service_name=example_kafka["serviceName"],
+            resource_type="Topic",
+            resource_name_="example-topic",
+            principal="User:example-user",
+            operation="Read",
+            pattern_type="LITERAL",
+            permission_type="ALLOW",
+            host="198.51.100.0")
+        ```
+
+        ## Import
+
+        ```sh
+        $ pulumi import aiven:index/kafkaNativeAcl:KafkaNativeAcl example_acl PROJECT/SERVICE_NAME/ID
+        ```
 
         :param str resource_name: The name of the resource.
         :param KafkaNativeAclArgs args: The arguments to use to populate this resource's properties.
@@ -435,14 +489,14 @@ class KafkaNativeAcl(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] host: The host or `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] operation: The operation. The possible values are `All`, `Alter`, `AlterConfigs`, `ClusterAction`, `Create`, `CreateTokens`, `Delete`, `Describe`, `DescribeConfigs`, `DescribeTokens`, `IdempotentWrite`, `Read` and `Write`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] host: The IP address from which a principal is allowed or denied access to the resource. Use `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] operation: The action that a principal is allowed or denied on the Kafka resource. The possible values are `All`, `Alter`, `AlterConfigs`, `ClusterAction`, `Create`, `CreateTokens`, `Delete`, `Describe`, `DescribeConfigs`, `DescribeTokens`, `IdempotentWrite`, `Read` and `Write`. Changing this property forces recreation of the resource.
         :param pulumi.Input[str] pattern_type: Resource pattern used to match specified resources. The possible values are `LITERAL` and `PREFIXED`. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] permission_type: The permission type. The possible values are `ALLOW` and `DENY`. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] principal: Principal is in type:name' format. Maximum length: `256`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] permission_type: Specifies whether the action is explicitly allowed or denied for the principal on the specified resource. The possible values are `ALLOW` and `DENY`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] principal: Identities in `user:name` format that the permissions apply to. The `name` supports wildcards. Maximum length: `256`. Changing this property forces recreation of the resource.
         :param pulumi.Input[str] project: The name of the project this resource belongs to. To set up proper dependencies please refer to this variable as a reference. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] resource_name_: The kafka resource name. Maximum length: `256`. Changing this property forces recreation of the resource.
-        :param pulumi.Input[str] resource_type: The kafka resource type. The possible values are `Topic`, `Group`, `Cluster`, `TransactionalId`, `DelegationToken` and `User`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] resource_name_: The name of the Kafka resource the permission applies to, such as the topic name or group ID. Maximum length: `256`. Changing this property forces recreation of the resource.
+        :param pulumi.Input[str] resource_type: The type of Kafka resource. The possible values are `Topic`, `Group`, `Cluster`, `TransactionalId`, `DelegationToken` and `User`. Changing this property forces recreation of the resource.
         :param pulumi.Input[str] service_name: The name of the service that this resource belongs to. To set up proper dependencies please refer to this variable as a reference. Changing this property forces recreation of the resource.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -464,7 +518,7 @@ class KafkaNativeAcl(pulumi.CustomResource):
     @pulumi.getter
     def host(self) -> pulumi.Output[Optional[str]]:
         """
-        The host or `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
+        The IP address from which a principal is allowed or denied access to the resource. Use `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "host")
 
@@ -472,7 +526,7 @@ class KafkaNativeAcl(pulumi.CustomResource):
     @pulumi.getter
     def operation(self) -> pulumi.Output[str]:
         """
-        The operation. The possible values are `All`, `Alter`, `AlterConfigs`, `ClusterAction`, `Create`, `CreateTokens`, `Delete`, `Describe`, `DescribeConfigs`, `DescribeTokens`, `IdempotentWrite`, `Read` and `Write`. Changing this property forces recreation of the resource.
+        The action that a principal is allowed or denied on the Kafka resource. The possible values are `All`, `Alter`, `AlterConfigs`, `ClusterAction`, `Create`, `CreateTokens`, `Delete`, `Describe`, `DescribeConfigs`, `DescribeTokens`, `IdempotentWrite`, `Read` and `Write`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "operation")
 
@@ -488,7 +542,7 @@ class KafkaNativeAcl(pulumi.CustomResource):
     @pulumi.getter(name="permissionType")
     def permission_type(self) -> pulumi.Output[str]:
         """
-        The permission type. The possible values are `ALLOW` and `DENY`. Changing this property forces recreation of the resource.
+        Specifies whether the action is explicitly allowed or denied for the principal on the specified resource. The possible values are `ALLOW` and `DENY`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "permission_type")
 
@@ -496,7 +550,7 @@ class KafkaNativeAcl(pulumi.CustomResource):
     @pulumi.getter
     def principal(self) -> pulumi.Output[str]:
         """
-        Principal is in type:name' format. Maximum length: `256`. Changing this property forces recreation of the resource.
+        Identities in `user:name` format that the permissions apply to. The `name` supports wildcards. Maximum length: `256`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "principal")
 
@@ -512,7 +566,7 @@ class KafkaNativeAcl(pulumi.CustomResource):
     @pulumi.getter(name="resourceName")
     def resource_name(self) -> pulumi.Output[str]:
         """
-        The kafka resource name. Maximum length: `256`. Changing this property forces recreation of the resource.
+        The name of the Kafka resource the permission applies to, such as the topic name or group ID. Maximum length: `256`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "resource_name")
 
@@ -520,7 +574,7 @@ class KafkaNativeAcl(pulumi.CustomResource):
     @pulumi.getter(name="resourceType")
     def resource_type(self) -> pulumi.Output[str]:
         """
-        The kafka resource type. The possible values are `Topic`, `Group`, `Cluster`, `TransactionalId`, `DelegationToken` and `User`. Changing this property forces recreation of the resource.
+        The type of Kafka resource. The possible values are `Topic`, `Group`, `Cluster`, `TransactionalId`, `DelegationToken` and `User`. Changing this property forces recreation of the resource.
         """
         return pulumi.get(self, "resource_type")
 

pulumi_aiven/organization_group_project.py

@@ -29,7 +29,7 @@ class OrganizationGroupProjectArgs:
         The set of arguments for constructing a OrganizationGroupProject resource.
         :param pulumi.Input[str] group_id: The ID of the user group.
         :param pulumi.Input[str] project: The project that the users in the group are members of.
-        :param pulumi.Input[str] role: [Project-level role](https://aiven.io/docs/platform/reference/project-member-privileges) assigned to all users in the group. The possible values are `admin`, `operator`, `developer`, `read_only`, `project:integrations:read`, `project:integrations:write`, `project:networking:read`, `project:networking:write`, `project:permissions:read`, `service:configuration:write`, `service:logs:read`, `project:services:read`, `project:services:write`, `project:audit_logs:read`, `service:data:write`, `service:secrets:read`, `role:services:maintenance`, `role:services:recover`, `organization:billing:read`, `organization:billing:write`, `organization:audit_logs:read`, `organization:projects:read`, `organization:projects:write`, `organization:users:write`, `organization:permissions:read`, `organization:permissions:write`, `organization:app_users:write`, `organization:groups:write`, `organization:idps:write`, `organization:domains:write`, `organization:network:read`, `organization:network:write`, `role:organization:admin` and `service:users:write`.
+        :param pulumi.Input[str] role: [Project-level role](https://aiven.io/docs/platform/reference/project-member-privileges) assigned to all users in the group. The possible values are `admin`, `operator`, `developer`, `read_only`, `project:integrations:read`, `project:integrations:write`, `project:networking:read`, `project:networking:write`, `project:permissions:read`, `service:configuration:write`, `service:logs:read`, `project:services:read`, `project:services:write`, `project:audit_logs:read`, `service:data:write`, `service:secrets:read`, `service:users:write`, `role:services:maintenance`, `role:services:recover`, `organization:audit_logs:read`, `organization:users:write`, `organization:app_users:write`, `organization:groups:write`, `organization:idps:write`, `organization:domains:write` and `role:organization:admin`.
         """
         pulumi.set(__self__, "group_id", group_id)
         pulumi.set(__self__, "project", project)
@@ -65,7 +65,7 @@ class OrganizationGroupProjectArgs:
     @pulumi.getter
     def role(self) -> pulumi.Input[str]:
         """
-        [Project-level role](https://aiven.io/docs/platform/reference/project-member-privileges) assigned to all users in the group. The possible values are `admin`, `operator`, `developer`, `read_only`, `project:integrations:read`, `project:integrations:write`, `project:networking:read`, `project:networking:write`, `project:permissions:read`, `service:configuration:write`, `service:logs:read`, `project:services:read`, `project:services:write`, `project:audit_logs:read`, `service:data:write`, `service:secrets:read`, `role:services:maintenance`, `role:services:recover`, `organization:billing:read`, `organization:billing:write`, `organization:audit_logs:read`, `organization:projects:read`, `organization:projects:write`, `organization:users:write`, `organization:permissions:read`, `organization:permissions:write`, `organization:app_users:write`, `organization:groups:write`, `organization:idps:write`, `organization:domains:write`, `organization:network:read`, `organization:network:write`, `role:organization:admin` and `service:users:write`.
+        [Project-level role](https://aiven.io/docs/platform/reference/project-member-privileges) assigned to all users in the group. The possible values are `admin`, `operator`, `developer`, `read_only`, `project:integrations:read`, `project:integrations:write`, `project:networking:read`, `project:networking:write`, `project:permissions:read`, `service:configuration:write`, `service:logs:read`, `project:services:read`, `project:services:write`, `project:audit_logs:read`, `service:data:write`, `service:secrets:read`, `service:users:write`, `role:services:maintenance`, `role:services:recover`, `organization:audit_logs:read`, `organization:users:write`, `organization:app_users:write`, `organization:groups:write`, `organization:idps:write`, `organization:domains:write` and `role:organization:admin`.
         """
         return pulumi.get(self, "role")
 
@@ -94,7 +94,7 @@ class _OrganizationGroupProjectState:
         Input properties used for looking up and filtering OrganizationGroupProject resources.
         :param pulumi.Input[str] group_id: The ID of the user group.
         :param pulumi.Input[str] project: The project that the users in the group are members of.
-        :param pulumi.Input[str] role: [Project-level role](https://aiven.io/docs/platform/reference/project-member-privileges) assigned to all users in the group. The possible values are `admin`, `operator`, `developer`, `read_only`, `project:integrations:read`, `project:integrations:write`, `project:networking:read`, `project:networking:write`, `project:permissions:read`, `service:configuration:write`, `service:logs:read`, `project:services:read`, `project:services:write`, `project:audit_logs:read`, `service:data:write`, `service:secrets:read`, `role:services:maintenance`, `role:services:recover`, `organization:billing:read`, `organization:billing:write`, `organization:audit_logs:read`, `organization:projects:read`, `organization:projects:write`, `organization:users:write`, `organization:permissions:read`, `organization:permissions:write`, `organization:app_users:write`, `organization:groups:write`, `organization:idps:write`, `organization:domains:write`, `organization:network:read`, `organization:network:write`, `role:organization:admin` and `service:users:write`.
+        :param pulumi.Input[str] role: [Project-level role](https://aiven.io/docs/platform/reference/project-member-privileges) assigned to all users in the group. The possible values are `admin`, `operator`, `developer`, `read_only`, `project:integrations:read`, `project:integrations:write`, `project:networking:read`, `project:networking:write`, `project:permissions:read`, `service:configuration:write`, `service:logs:read`, `project:services:read`, `project:services:write`, `project:audit_logs:read`, `service:data:write`, `service:secrets:read`, `service:users:write`, `role:services:maintenance`, `role:services:recover`, `organization:audit_logs:read`, `organization:users:write`, `organization:app_users:write`, `organization:groups:write`, `organization:idps:write`, `organization:domains:write` and `role:organization:admin`.
         """
         if group_id is not None:
             pulumi.set(__self__, "group_id", group_id)
@@ -133,7 +133,7 @@ class _OrganizationGroupProjectState:
     @pulumi.getter
     def role(self) -> Optional[pulumi.Input[str]]:
         """
-        [Project-level role](https://aiven.io/docs/platform/reference/project-member-privileges) assigned to all users in the group. The possible values are `admin`, `operator`, `developer`, `read_only`, `project:integrations:read`, `project:integrations:write`, `project:networking:read`, `project:networking:write`, `project:permissions:read`, `service:configuration:write`, `service:logs:read`, `project:services:read`, `project:services:write`, `project:audit_logs:read`, `service:data:write`, `service:secrets:read`, `role:services:maintenance`, `role:services:recover`, `organization:billing:read`, `organization:billing:write`, `organization:audit_logs:read`, `organization:projects:read`, `organization:projects:write`, `organization:users:write`, `organization:permissions:read`, `organization:permissions:write`, `organization:app_users:write`, `organization:groups:write`, `organization:idps:write`, `organization:domains:write`, `organization:network:read`, `organization:network:write`, `role:organization:admin` and `service:users:write`.
+        [Project-level role](https://aiven.io/docs/platform/reference/project-member-privileges) assigned to all users in the group. The possible values are `admin`, `operator`, `developer`, `read_only`, `project:integrations:read`, `project:integrations:write`, `project:networking:read`, `project:networking:write`, `project:permissions:read`, `service:configuration:write`, `service:logs:read`, `project:services:read`, `project:services:write`, `project:audit_logs:read`, `service:data:write`, `service:secrets:read`, `service:users:write`, `role:services:maintenance`, `role:services:recover`, `organization:audit_logs:read`, `organization:users:write`, `organization:app_users:write`, `organization:groups:write`, `organization:idps:write`, `organization:domains:write` and `role:organization:admin`.
         """
         return pulumi.get(self, "role")
 
@@ -201,7 +201,7 @@ class OrganizationGroupProject(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] group_id: The ID of the user group.
         :param pulumi.Input[str] project: The project that the users in the group are members of.
-        :param pulumi.Input[str] role: [Project-level role](https://aiven.io/docs/platform/reference/project-member-privileges) assigned to all users in the group. The possible values are `admin`, `operator`, `developer`, `read_only`, `project:integrations:read`, `project:integrations:write`, `project:networking:read`, `project:networking:write`, `project:permissions:read`, `service:configuration:write`, `service:logs:read`, `project:services:read`, `project:services:write`, `project:audit_logs:read`, `service:data:write`, `service:secrets:read`, `role:services:maintenance`, `role:services:recover`, `organization:billing:read`, `organization:billing:write`, `organization:audit_logs:read`, `organization:projects:read`, `organization:projects:write`, `organization:users:write`, `organization:permissions:read`, `organization:permissions:write`, `organization:app_users:write`, `organization:groups:write`, `organization:idps:write`, `organization:domains:write`, `organization:network:read`, `organization:network:write`, `role:organization:admin` and `service:users:write`.
+        :param pulumi.Input[str] role: [Project-level role](https://aiven.io/docs/platform/reference/project-member-privileges) assigned to all users in the group. The possible values are `admin`, `operator`, `developer`, `read_only`, `project:integrations:read`, `project:integrations:write`, `project:networking:read`, `project:networking:write`, `project:permissions:read`, `service:configuration:write`, `service:logs:read`, `project:services:read`, `project:services:write`, `project:audit_logs:read`, `service:data:write`, `service:secrets:read`, `service:users:write`, `role:services:maintenance`, `role:services:recover`, `organization:audit_logs:read`, `organization:users:write`, `organization:app_users:write`, `organization:groups:write`, `organization:idps:write`, `organization:domains:write` and `role:organization:admin`.
         """
         ...
     @overload
@@ -306,7 +306,7 @@ class OrganizationGroupProject(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] group_id: The ID of the user group.
         :param pulumi.Input[str] project: The project that the users in the group are members of.
-        :param pulumi.Input[str] role: [Project-level role](https://aiven.io/docs/platform/reference/project-member-privileges) assigned to all users in the group. The possible values are `admin`, `operator`, `developer`, `read_only`, `project:integrations:read`, `project:integrations:write`, `project:networking:read`, `project:networking:write`, `project:permissions:read`, `service:configuration:write`, `service:logs:read`, `project:services:read`, `project:services:write`, `project:audit_logs:read`, `service:data:write`, `service:secrets:read`, `role:services:maintenance`, `role:services:recover`, `organization:billing:read`, `organization:billing:write`, `organization:audit_logs:read`, `organization:projects:read`, `organization:projects:write`, `organization:users:write`, `organization:permissions:read`, `organization:permissions:write`, `organization:app_users:write`, `organization:groups:write`, `organization:idps:write`, `organization:domains:write`, `organization:network:read`, `organization:network:write`, `role:organization:admin` and `service:users:write`.
+        :param pulumi.Input[str] role: [Project-level role](https://aiven.io/docs/platform/reference/project-member-privileges) assigned to all users in the group. The possible values are `admin`, `operator`, `developer`, `read_only`, `project:integrations:read`, `project:integrations:write`, `project:networking:read`, `project:networking:write`, `project:permissions:read`, `service:configuration:write`, `service:logs:read`, `project:services:read`, `project:services:write`, `project:audit_logs:read`, `service:data:write`, `service:secrets:read`, `service:users:write`, `role:services:maintenance`, `role:services:recover`, `organization:audit_logs:read`, `organization:users:write`, `organization:app_users:write`, `organization:groups:write`, `organization:idps:write`, `organization:domains:write` and `role:organization:admin`.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -338,7 +338,7 @@ class OrganizationGroupProject(pulumi.CustomResource):
     @pulumi.getter
     def role(self) -> pulumi.Output[str]:
         """
-        [Project-level role](https://aiven.io/docs/platform/reference/project-member-privileges) assigned to all users in the group. The possible values are `admin`, `operator`, `developer`, `read_only`, `project:integrations:read`, `project:integrations:write`, `project:networking:read`, `project:networking:write`, `project:permissions:read`, `service:configuration:write`, `service:logs:read`, `project:services:read`, `project:services:write`, `project:audit_logs:read`, `service:data:write`, `service:secrets:read`, `role:services:maintenance`, `role:services:recover`, `organization:billing:read`, `organization:billing:write`, `organization:audit_logs:read`, `organization:projects:read`, `organization:projects:write`, `organization:users:write`, `organization:permissions:read`, `organization:permissions:write`, `organization:app_users:write`, `organization:groups:write`, `organization:idps:write`, `organization:domains:write`, `organization:network:read`, `organization:network:write`, `role:organization:admin` and `service:users:write`.
+        [Project-level role](https://aiven.io/docs/platform/reference/project-member-privileges) assigned to all users in the group. The possible values are `admin`, `operator`, `developer`, `read_only`, `project:integrations:read`, `project:integrations:write`, `project:networking:read`, `project:networking:write`, `project:permissions:read`, `service:configuration:write`, `service:logs:read`, `project:services:read`, `project:services:write`, `project:audit_logs:read`, `service:data:write`, `service:secrets:read`, `service:users:write`, `role:services:maintenance`, `role:services:recover`, `organization:audit_logs:read`, `organization:users:write`, `organization:app_users:write`, `organization:groups:write`, `organization:idps:write`, `organization:domains:write` and `role:organization:admin`.
         """
         return pulumi.get(self, "role")
 

pulumi_aiven/organization_permission.py

@@ -169,7 +169,7 @@ class OrganizationPermission(pulumi.CustomResource):
                  resource_type: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
-        Grants [roles and permissions](https://aiven.io/docs/platform/concepts/permissions) to a principal for a resource.
+        Grants [roles and permissions](https://aiven.io/docs/platform/concepts/permissions) to a principal for a resource. Permissions can be granted at the organization, organizational unit, and project level. Unit-level permissions aren't shown in the Aiven Console.
 
         ## Example Usage
 
@@ -177,7 +177,8 @@ class OrganizationPermission(pulumi.CustomResource):
         import pulumi
         import pulumi_aiven as aiven
 
-        example_permissions = aiven.OrganizationPermission("example_permissions",
+        # Grant access to a specific project
+        example_project_permissions = aiven.OrganizationPermission("example_project_permissions",
             organization_id=main["id"],
             resource_id=example_project["id"],
             resource_type="project",
@@ -193,13 +194,37 @@ class OrganizationPermission(pulumi.CustomResource):
                 {
                     "permissions": [
                         "project:integrations:write",
-                        "project:networking:read",
                         "developer",
                     ],
                     "principal_id": example_group["groupId"],
                     "principal_type": "user_group",
                 },
             ])
+        # Organization-level permissions
+        example_org_permissions = aiven.OrganizationPermission("example_org_permissions",
+            organization_id=main["id"],
+            resource_id=main["id"],
+            resource_type="organization",
+            permissions=[
+                {
+                    "permissions": [
+                        "organization:app_users:write",
+                        "project:audit_logs:read",
+                    ],
+                    "principal_id": "u123a456b7890c",
+                    "principal_type": "user",
+                },
+                {
+                    "permissions": [
+                        "organization:users:write",
+                        "organization:groups:write",
+                        "organization:domains:write",
+                        "organization:idps:write",
+                    ],
+                    "principal_id": example_group_aiven_organization_user_group["groupId"],
+                    "principal_type": "user_group",
+                },
+            ])
         ```
 
         ## Import
@@ -222,7 +247,7 @@ class OrganizationPermission(pulumi.CustomResource):
                  args: OrganizationPermissionArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
-        Grants [roles and permissions](https://aiven.io/docs/platform/concepts/permissions) to a principal for a resource.
+        Grants [roles and permissions](https://aiven.io/docs/platform/concepts/permissions) to a principal for a resource. Permissions can be granted at the organization, organizational unit, and project level. Unit-level permissions aren't shown in the Aiven Console.
 
         ## Example Usage
 
@@ -230,7 +255,8 @@ class OrganizationPermission(pulumi.CustomResource):
         import pulumi
         import pulumi_aiven as aiven
 
-        example_permissions = aiven.OrganizationPermission("example_permissions",
+        # Grant access to a specific project
+        example_project_permissions = aiven.OrganizationPermission("example_project_permissions",
             organization_id=main["id"],
             resource_id=example_project["id"],
             resource_type="project",
@@ -246,13 +272,37 @@ class OrganizationPermission(pulumi.CustomResource):
                 {
                     "permissions": [
                         "project:integrations:write",
-                        "project:networking:read",
                         "developer",
                     ],
                     "principal_id": example_group["groupId"],
                     "principal_type": "user_group",
                 },
             ])
+        # Organization-level permissions
+        example_org_permissions = aiven.OrganizationPermission("example_org_permissions",
+            organization_id=main["id"],
+            resource_id=main["id"],
+            resource_type="organization",
+            permissions=[
+                {
+                    "permissions": [
+                        "organization:app_users:write",
+                        "project:audit_logs:read",
+                    ],
+                    "principal_id": "u123a456b7890c",
+                    "principal_type": "user",
+                },
+                {
+                    "permissions": [
+                        "organization:users:write",
+                        "organization:groups:write",
+                        "organization:domains:write",
+                        "organization:idps:write",
+                    ],
+                    "principal_id": example_group_aiven_organization_user_group["groupId"],
+                    "principal_type": "user_group",
+                },
+            ])
         ```
 
         ## Import