@pulumi/azuread

import * as pulumi from "@pulumi/pulumi"; /** * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * import * as random from "@pulumi/random"; * * const example = new azuread.ApplicationRegistration("example", {displayName: "example"}); * const exampleAdminister = new random.RandomUuid("example_administer", {}); * const exampleApplicationPermissionScope = new azuread.ApplicationPermissionScope("example", { * applicationId: test.id, * scopeId: exampleAdminister.id, * value: "administer", * adminConsentDescription: "Administer the application", * adminConsentDisplayName: "Administer", * }); * ``` * * > **Tip** For managing more permissions scopes, create additional instances of this resource * * *Usage with azuread.Application resource* * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * * const example = new azuread.Application("example", {displayName: "example"}); * const exampleApplicationPermissionScope = new azuread.ApplicationPermissionScope("example", {applicationId: example.id}); * ``` * * ## Import * * Application App Roles can be imported using the object ID of the application and the ID of the permission scope, in the following format. * * ```sh * $ pulumi import azuread:index/applicationPermissionScope:ApplicationPermissionScope example /applications/00000000-0000-0000-0000-000000000000/permissionScopes/11111111-1111-1111-1111-111111111111 * ``` */ export declare class ApplicationPermissionScope extends pulumi.CustomResource { /** * Get an existing ApplicationPermissionScope resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ApplicationPermissionScopeState, opts?: pulumi.CustomResourceOptions): ApplicationPermissionScope; /** * Returns true if the given object is an instance of ApplicationPermissionScope. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ApplicationPermissionScope; /** * Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users. */ readonly adminConsentDescription: pulumi.Output<string>; /** * Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users. */ readonly adminConsentDisplayName: pulumi.Output<string>; /** * The resource ID of the application registration. Changing this forces a new resource to be created. */ readonly applicationId: pulumi.Output<string>; /** * The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created. */ readonly scopeId: pulumi.Output<string>; /** * Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. */ readonly type: pulumi.Output<string | undefined>; /** * Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf. */ readonly userConsentDescription: pulumi.Output<string | undefined>; /** * Display name for the delegated permission that appears in the end user consent experience */ readonly userConsentDisplayName: pulumi.Output<string | undefined>; /** * The value that is used for the `scp` claim in OAuth access tokens. * * > **Roles and Permission Scopes** In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values. */ readonly value: pulumi.Output<string>; /** * Create a ApplicationPermissionScope resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ApplicationPermissionScopeArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ApplicationPermissionScope resources. */ export interface ApplicationPermissionScopeState { /** * Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users. */ adminConsentDescription?: pulumi.Input<string>; /** * Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users. */ adminConsentDisplayName?: pulumi.Input<string>; /** * The resource ID of the application registration. Changing this forces a new resource to be created. */ applicationId?: pulumi.Input<string>; /** * The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created. */ scopeId?: pulumi.Input<string>; /** * Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. */ type?: pulumi.Input<string>; /** * Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf. */ userConsentDescription?: pulumi.Input<string>; /** * Display name for the delegated permission that appears in the end user consent experience */ userConsentDisplayName?: pulumi.Input<string>; /** * The value that is used for the `scp` claim in OAuth access tokens. * * > **Roles and Permission Scopes** In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values. */ value?: pulumi.Input<string>; } /** * The set of arguments for constructing a ApplicationPermissionScope resource. */ export interface ApplicationPermissionScopeArgs { /** * Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users. */ adminConsentDescription: pulumi.Input<string>; /** * Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users. */ adminConsentDisplayName: pulumi.Input<string>; /** * The resource ID of the application registration. Changing this forces a new resource to be created. */ applicationId: pulumi.Input<string>; /** * The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created. */ scopeId: pulumi.Input<string>; /** * Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. */ type?: pulumi.Input<string>; /** * Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf. */ userConsentDescription?: pulumi.Input<string>; /** * Display name for the delegated permission that appears in the end user consent experience */ userConsentDisplayName?: pulumi.Input<string>; /** * The value that is used for the `scp` claim in OAuth access tokens. * * > **Roles and Permission Scopes** In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values. */ value: pulumi.Input<string>; }