@pulumi/azuread

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * Manages a Custom Directory Role within Azure Active Directory. * * This resource is for managing custom directory roles. For management of built-in roles, see the azuread.DirectoryRole resource. * * ## API Permissions * * The following API permissions are required in order to use this resource. * * When authenticated with a service principal, this resource requires one of the following application roles: `RoleManagement.ReadWrite.Directory` or `Directory.ReadWrite.All` * * When authenticated with a user principal, this resource requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator` * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * * const example = new azuread.CustomDirectoryRole("example", { * displayName: "My Custom Role", * description: "Allows reading applications and updating groups", * enabled: true, * version: "1.0", * permissions: [ * { * allowedResourceActions: [ * "microsoft.directory/applications/basic/update", * "microsoft.directory/applications/create", * "microsoft.directory/applications/standard/read", * ], * }, * { * allowedResourceActions: [ * "microsoft.directory/groups/allProperties/read", * "microsoft.directory/groups/allProperties/read", * "microsoft.directory/groups/basic/update", * "microsoft.directory/groups/create", * "microsoft.directory/groups/delete", * ], * }, * ], * }); * ``` * * ## Import * * This resource does not support importing. */ export declare class CustomDirectoryRole extends pulumi.CustomResource { /** * Get an existing CustomDirectoryRole resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CustomDirectoryRoleState, opts?: pulumi.CustomResourceOptions): CustomDirectoryRole; /** * Returns true if the given object is an instance of CustomDirectoryRole. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is CustomDirectoryRole; /** * The description of the custom directory role. */ readonly description: pulumi.Output<string | undefined>; /** * The display name of the custom directory role. */ readonly displayName: pulumi.Output<string>; /** * Indicates whether the role is enabled for assignment. */ readonly enabled: pulumi.Output<boolean>; /** * The object ID of the custom directory role. */ readonly objectId: pulumi.Output<string>; /** * A collection of `permissions` blocks as documented below. */ readonly permissions: pulumi.Output<outputs.CustomDirectoryRolePermission[]>; /** * Custom template identifier that is typically used if one needs an identifier to be the same across different directories. Changing this forces a new resource to be created. */ readonly templateId: pulumi.Output<string>; /** * The version of the role definition. This can be any arbitrary string between 1-128 characters. */ readonly version: pulumi.Output<string>; /** * Create a CustomDirectoryRole resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: CustomDirectoryRoleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering CustomDirectoryRole resources. */ export interface CustomDirectoryRoleState { /** * The description of the custom directory role. */ description?: pulumi.Input<string>; /** * The display name of the custom directory role. */ displayName?: pulumi.Input<string>; /** * Indicates whether the role is enabled for assignment. */ enabled?: pulumi.Input<boolean>; /** * The object ID of the custom directory role. */ objectId?: pulumi.Input<string>; /** * A collection of `permissions` blocks as documented below. */ permissions?: pulumi.Input<pulumi.Input<inputs.CustomDirectoryRolePermission>[]>; /** * Custom template identifier that is typically used if one needs an identifier to be the same across different directories. Changing this forces a new resource to be created. */ templateId?: pulumi.Input<string>; /** * The version of the role definition. This can be any arbitrary string between 1-128 characters. */ version?: pulumi.Input<string>; } /** * The set of arguments for constructing a CustomDirectoryRole resource. */ export interface CustomDirectoryRoleArgs { /** * The description of the custom directory role. */ description?: pulumi.Input<string>; /** * The display name of the custom directory role. */ displayName: pulumi.Input<string>; /** * Indicates whether the role is enabled for assignment. */ enabled: pulumi.Input<boolean>; /** * A collection of `permissions` blocks as documented below. */ permissions: pulumi.Input<pulumi.Input<inputs.CustomDirectoryRolePermission>[]>; /** * Custom template identifier that is typically used if one needs an identifier to be the same across different directories. Changing this forces a new resource to be created. */ templateId?: pulumi.Input<string>; /** * The version of the role definition. This can be any arbitrary string between 1-128 characters. */ version: pulumi.Input<string>; }