UNPKG

@pulumi/azuread

Version:

A Pulumi package for creating and managing Azure Active Directory (Azure AD) cloud resources.

pulumi.io

pulumi/pulumi-azuread

289 lines (288 loc) • 12.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
import * as pulumi from "@pulumi/pulumi"; /** * Manages an application registration within Azure Active Directory. * * For a more comprehensive alternative, please see the azuread.Application resource. Please note that this resource should not be used together with the `azuread.Application` resource when managing the same application. * * ## API Permissions * * The following API permissions are required in order to use this resource. * * When authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All` * * When authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator` * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * * const example = new azuread.ApplicationRegistration("example", { * displayName: "Example Application", * description: "My example application", * signInAudience: "AzureADMyOrg", * homepageUrl: "https://app.example.com/", * logoutUrl: "https://app.example.com/logout", * marketingUrl: "https://example.com/", * privacyStatementUrl: "https://example.com/privacy", * supportUrl: "https://support.example.com/", * termsOfServiceUrl: "https://example.com/terms", * }); * ``` * * ## Import * * Application Registrations can be imported using the object ID of the application, in the following format. * * ```sh * $ pulumi import azuread:index/applicationRegistration:ApplicationRegistration example /applications/00000000-0000-0000-0000-000000000000 * ``` */ export declare class ApplicationRegistration extends pulumi.CustomResource { /** * Get an existing ApplicationRegistration resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ApplicationRegistrationState, opts?: pulumi.CustomResourceOptions): ApplicationRegistration; /** * Returns true if the given object is an instance of ApplicationRegistration. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ApplicationRegistration; /** * The Client ID for the application, which is globally unique. */ readonly clientId: pulumi.Output<string>; /** * A description of the application, as shown to end users. */ readonly description: pulumi.Output<string | undefined>; /** * Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. `DisabledDueToViolationOfServicesAgreement` */ readonly disabledByMicrosoft: pulumi.Output<string>; /** * The display name for the application. */ readonly displayName: pulumi.Output<string>; /** * Configures the `groups` claim issued in a user or OAuth access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. */ readonly groupMembershipClaims: pulumi.Output<string[] | undefined>; /** * Home page or landing page of the application. */ readonly homepageUrl: pulumi.Output<string | undefined>; /** * Whether this web application can request an access token using OAuth implicit flow. */ readonly implicitAccessTokenIssuanceEnabled: pulumi.Output<boolean | undefined>; /** * Whether this web application can request an ID token using OAuth implicit flow. */ readonly implicitIdTokenIssuanceEnabled: pulumi.Output<boolean | undefined>; /** * The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols. */ readonly logoutUrl: pulumi.Output<string | undefined>; /** * URL of the marketing page for the application. */ readonly marketingUrl: pulumi.Output<string | undefined>; /** * User-specified notes relevant for the management of the application. */ readonly notes: pulumi.Output<string | undefined>; /** * The object ID of the application within the tenant. */ readonly objectId: pulumi.Output<string>; /** * URL of the privacy statement for the application. */ readonly privacyStatementUrl: pulumi.Output<string | undefined>; /** * The verified publisher domain for the application. */ readonly publisherDomain: pulumi.Output<string>; /** * The access token version expected by this resource. Must be one of `1` or `2`, and must be `2` when `signInAudience` is either `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount` Defaults to `2`. */ readonly requestedAccessTokenVersion: pulumi.Output<number | undefined>; /** * References application context information from a Service or Asset Management database. */ readonly serviceManagementReference: pulumi.Output<string | undefined>; /** * The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`. */ readonly signInAudience: pulumi.Output<string | undefined>; /** * URL of the support page for the application. */ readonly supportUrl: pulumi.Output<string | undefined>; /** * URL of the terms of service statement for the application. */ readonly termsOfServiceUrl: pulumi.Output<string | undefined>; /** * Create a ApplicationRegistration resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ApplicationRegistrationArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ApplicationRegistration resources. */ export interface ApplicationRegistrationState { /** * The Client ID for the application, which is globally unique. */ clientId?: pulumi.Input<string>; /** * A description of the application, as shown to end users. */ description?: pulumi.Input<string>; /** * Whether Microsoft has disabled the registered application. If the application is disabled, this will be a string indicating the status/reason, e.g. `DisabledDueToViolationOfServicesAgreement` */ disabledByMicrosoft?: pulumi.Input<string>; /** * The display name for the application. */ displayName?: pulumi.Input<string>; /** * Configures the `groups` claim issued in a user or OAuth access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. */ groupMembershipClaims?: pulumi.Input<pulumi.Input<string>[]>; /** * Home page or landing page of the application. */ homepageUrl?: pulumi.Input<string>; /** * Whether this web application can request an access token using OAuth implicit flow. */ implicitAccessTokenIssuanceEnabled?: pulumi.Input<boolean>; /** * Whether this web application can request an ID token using OAuth implicit flow. */ implicitIdTokenIssuanceEnabled?: pulumi.Input<boolean>; /** * The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols. */ logoutUrl?: pulumi.Input<string>; /** * URL of the marketing page for the application. */ marketingUrl?: pulumi.Input<string>; /** * User-specified notes relevant for the management of the application. */ notes?: pulumi.Input<string>; /** * The object ID of the application within the tenant. */ objectId?: pulumi.Input<string>; /** * URL of the privacy statement for the application. */ privacyStatementUrl?: pulumi.Input<string>; /** * The verified publisher domain for the application. */ publisherDomain?: pulumi.Input<string>; /** * The access token version expected by this resource. Must be one of `1` or `2`, and must be `2` when `signInAudience` is either `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount` Defaults to `2`. */ requestedAccessTokenVersion?: pulumi.Input<number>; /** * References application context information from a Service or Asset Management database. */ serviceManagementReference?: pulumi.Input<string>; /** * The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`. */ signInAudience?: pulumi.Input<string>; /** * URL of the support page for the application. */ supportUrl?: pulumi.Input<string>; /** * URL of the terms of service statement for the application. */ termsOfServiceUrl?: pulumi.Input<string>; } /** * The set of arguments for constructing a ApplicationRegistration resource. */ export interface ApplicationRegistrationArgs { /** * A description of the application, as shown to end users. */ description?: pulumi.Input<string>; /** * The display name for the application. */ displayName: pulumi.Input<string>; /** * Configures the `groups` claim issued in a user or OAuth access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. */ groupMembershipClaims?: pulumi.Input<pulumi.Input<string>[]>; /** * Home page or landing page of the application. */ homepageUrl?: pulumi.Input<string>; /** * Whether this web application can request an access token using OAuth implicit flow. */ implicitAccessTokenIssuanceEnabled?: pulumi.Input<boolean>; /** * Whether this web application can request an ID token using OAuth implicit flow. */ implicitIdTokenIssuanceEnabled?: pulumi.Input<boolean>; /** * The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols. */ logoutUrl?: pulumi.Input<string>; /** * URL of the marketing page for the application. */ marketingUrl?: pulumi.Input<string>; /** * User-specified notes relevant for the management of the application. */ notes?: pulumi.Input<string>; /** * URL of the privacy statement for the application. */ privacyStatementUrl?: pulumi.Input<string>; /** * The access token version expected by this resource. Must be one of `1` or `2`, and must be `2` when `signInAudience` is either `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount` Defaults to `2`. */ requestedAccessTokenVersion?: pulumi.Input<number>; /** * References application context information from a Service or Asset Management database. */ serviceManagementReference?: pulumi.Input<string>; /** * The Microsoft account types that are supported for the current application. Must be one of `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. Defaults to `AzureADMyOrg`. */ signInAudience?: pulumi.Input<string>; /** * URL of the support page for the application. */ supportUrl?: pulumi.Input<string>; /** * URL of the terms of service statement for the application. */ termsOfServiceUrl?: pulumi.Input<string>; }