UNPKG

@pulumi/azuread

Version:

A Pulumi package for creating and managing Azure Active Directory (Azure AD) cloud resources.

pulumi.io

pulumi/pulumi-azuread

149 lines (148 loc) 7.03 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
import * as pulumi from "@pulumi/pulumi"; /** * Manages an Administrative Unit within Azure Active Directory. * * ## API Permissions * * The following API permissions are required in order to use this resource. * * When authenticated with a service principal, this resource requires one of the following application roles: `AdministrativeUnit.ReadWrite.All` or `Directory.ReadWrite.All` * * When authenticated with a user principal, this resource requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator` * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * * const example = new azuread.AdministrativeUnit("example", { * displayName: "Example-AU", * description: "Just an example", * hiddenMembershipEnabled: false, * }); * ``` * * ## Import * * Administrative units can be imported using their object ID, e.g. * * ```sh * $ pulumi import azuread:index/administrativeUnit:AdministrativeUnit example /directory/administrativeUnits/00000000-0000-0000-0000-000000000000 * ``` */ export declare class AdministrativeUnit extends pulumi.CustomResource { /** * Get an existing AdministrativeUnit resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AdministrativeUnitState, opts?: pulumi.CustomResourceOptions): AdministrativeUnit; /** * Returns true if the given object is an instance of AdministrativeUnit. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is AdministrativeUnit; /** * The description of the administrative unit. */ readonly description: pulumi.Output<string | undefined>; /** * The display name of the administrative unit. */ readonly displayName: pulumi.Output<string>; /** * Whether the administrative unit and its members are hidden or publicly viewable in the directory. */ readonly hiddenMembershipEnabled: pulumi.Output<boolean | undefined>; /** * A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups. * * > **Caution** When using the `members` property of the azuread.AdministrativeUnit resource, to manage Administrative Unit membership for a group, you will need to use an `ignoreChanges = [administrativeUnitIds]` lifecycle meta argument for the `azuread.Group` resource, in order to avoid a persistent diff. * * !> **Warning** Do not use the `members` property at the same time as the azuread.AdministrativeUnitMember resource for the same administrative unit. Doing so will cause a conflict and administrative unit members will be removed. */ readonly members: pulumi.Output<string[]>; /** * The object ID of the administrative unit. */ readonly objectId: pulumi.Output<string>; /** * If `true`, will return an error if an existing administrative unit is found with the same name */ readonly preventDuplicateNames: pulumi.Output<boolean | undefined>; /** * Create a AdministrativeUnit resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: AdministrativeUnitArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering AdministrativeUnit resources. */ export interface AdministrativeUnitState { /** * The description of the administrative unit. */ description?: pulumi.Input<string>; /** * The display name of the administrative unit. */ displayName?: pulumi.Input<string>; /** * Whether the administrative unit and its members are hidden or publicly viewable in the directory. */ hiddenMembershipEnabled?: pulumi.Input<boolean>; /** * A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups. * * > **Caution** When using the `members` property of the azuread.AdministrativeUnit resource, to manage Administrative Unit membership for a group, you will need to use an `ignoreChanges = [administrativeUnitIds]` lifecycle meta argument for the `azuread.Group` resource, in order to avoid a persistent diff. * * !> **Warning** Do not use the `members` property at the same time as the azuread.AdministrativeUnitMember resource for the same administrative unit. Doing so will cause a conflict and administrative unit members will be removed. */ members?: pulumi.Input<pulumi.Input<string>[]>; /** * The object ID of the administrative unit. */ objectId?: pulumi.Input<string>; /** * If `true`, will return an error if an existing administrative unit is found with the same name */ preventDuplicateNames?: pulumi.Input<boolean>; } /** * The set of arguments for constructing a AdministrativeUnit resource. */ export interface AdministrativeUnitArgs { /** * The description of the administrative unit. */ description?: pulumi.Input<string>; /** * The display name of the administrative unit. */ displayName: pulumi.Input<string>; /** * Whether the administrative unit and its members are hidden or publicly viewable in the directory. */ hiddenMembershipEnabled?: pulumi.Input<boolean>; /** * A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups. * * > **Caution** When using the `members` property of the azuread.AdministrativeUnit resource, to manage Administrative Unit membership for a group, you will need to use an `ignoreChanges = [administrativeUnitIds]` lifecycle meta argument for the `azuread.Group` resource, in order to avoid a persistent diff. * * !> **Warning** Do not use the `members` property at the same time as the azuread.AdministrativeUnitMember resource for the same administrative unit. Doing so will cause a conflict and administrative unit members will be removed. */ members?: pulumi.Input<pulumi.Input<string>[]>; /** * If `true`, will return an error if an existing administrative unit is found with the same name */ preventDuplicateNames?: pulumi.Input<boolean>; }