@pulumi/azuread
Version:
A Pulumi package for creating and managing Azure Active Directory (Azure AD) cloud resources.
234 lines (233 loc) • 8.16 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
/**
* Gets Object IDs or Display Names for multiple Azure Active Directory groups.
*
* ## API Permissions
*
* The following API permissions are required in order to use this data source.
*
* When authenticated with a service principal, this data source requires one of the following application roles: `Group.Read.All` or `Directory.Read.All`
*
* When authenticated with a user principal, this data source does not require any additional roles.
*
* ## Example Usage
*
* *Look up by group name*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const example = azuread.getGroups({
* displayNames: [
* "group-a",
* "group-b",
* ],
* });
* ```
*
* *Look up by display name prefix*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const sales = azuread.getGroups({
* displayNamePrefix: "sales-",
* });
* ```
*
* *Look up all groups*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const all = azuread.getGroups({
* returnAll: true,
* });
* ```
*
* *Look up all mail-enabled groups*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const mailEnabled = azuread.getGroups({
* mailEnabled: true,
* returnAll: true,
* });
* ```
*
* *Look up all security-enabled groups that are not mail-enabled*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const securityOnly = azuread.getGroups({
* mailEnabled: false,
* returnAll: true,
* securityEnabled: true,
* });
* ```
*/
export declare function getGroups(args?: GetGroupsArgs, opts?: pulumi.InvokeOptions): Promise<GetGroupsResult>;
/**
* A collection of arguments for invoking getGroups.
*/
export interface GetGroupsArgs {
/**
* A common display name prefix to match when returning groups.
*/
displayNamePrefix?: string;
/**
* The display names of the groups.
*/
displayNames?: string[];
/**
* Ignore missing groups and return groups that were found. The data source will still fail if no groups are found. Cannot be specified with `returnAll`. Defaults to `false`.
*/
ignoreMissing?: boolean;
/**
* Whether the returned groups should be mail-enabled. By itself this does not exclude security-enabled groups. Setting this to `true` ensures all groups are mail-enabled, and setting to `false` ensures that all groups are _not_ mail-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with `objectIds`.
*/
mailEnabled?: boolean;
/**
* The object IDs of the groups.
*/
objectIds?: string[];
/**
* A flag to denote if all groups should be fetched and returned. Cannot be specified wth `ignoreMissing`. Defaults to `false`.
*/
returnAll?: boolean;
/**
* Whether the returned groups should be security-enabled. By itself this does not exclude mail-enabled groups. Setting this to `true` ensures all groups are security-enabled, and setting to `false` ensures that all groups are _not_ security-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with `objectIds`.
*
* > One of `displayNames`, `displayNamePrefix`, `objectIds` or `returnAll` should be specified. Either `displayName` or `objectIds` _may_ be specified as an empty list, in which case no results will be returned.
*/
securityEnabled?: boolean;
}
/**
* A collection of values returned by getGroups.
*/
export interface GetGroupsResult {
readonly displayNamePrefix: string;
/**
* The display names of the groups.
*/
readonly displayNames: string[];
/**
* The provider-assigned unique ID for this managed resource.
*/
readonly id: string;
readonly ignoreMissing?: boolean;
readonly mailEnabled: boolean;
/**
* The object IDs of the groups.
*/
readonly objectIds: string[];
readonly returnAll?: boolean;
readonly securityEnabled: boolean;
}
/**
* Gets Object IDs or Display Names for multiple Azure Active Directory groups.
*
* ## API Permissions
*
* The following API permissions are required in order to use this data source.
*
* When authenticated with a service principal, this data source requires one of the following application roles: `Group.Read.All` or `Directory.Read.All`
*
* When authenticated with a user principal, this data source does not require any additional roles.
*
* ## Example Usage
*
* *Look up by group name*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const example = azuread.getGroups({
* displayNames: [
* "group-a",
* "group-b",
* ],
* });
* ```
*
* *Look up by display name prefix*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const sales = azuread.getGroups({
* displayNamePrefix: "sales-",
* });
* ```
*
* *Look up all groups*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const all = azuread.getGroups({
* returnAll: true,
* });
* ```
*
* *Look up all mail-enabled groups*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const mailEnabled = azuread.getGroups({
* mailEnabled: true,
* returnAll: true,
* });
* ```
*
* *Look up all security-enabled groups that are not mail-enabled*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const securityOnly = azuread.getGroups({
* mailEnabled: false,
* returnAll: true,
* securityEnabled: true,
* });
* ```
*/
export declare function getGroupsOutput(args?: GetGroupsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetGroupsResult>;
/**
* A collection of arguments for invoking getGroups.
*/
export interface GetGroupsOutputArgs {
/**
* A common display name prefix to match when returning groups.
*/
displayNamePrefix?: pulumi.Input<string>;
/**
* The display names of the groups.
*/
displayNames?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Ignore missing groups and return groups that were found. The data source will still fail if no groups are found. Cannot be specified with `returnAll`. Defaults to `false`.
*/
ignoreMissing?: pulumi.Input<boolean>;
/**
* Whether the returned groups should be mail-enabled. By itself this does not exclude security-enabled groups. Setting this to `true` ensures all groups are mail-enabled, and setting to `false` ensures that all groups are _not_ mail-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with `objectIds`.
*/
mailEnabled?: pulumi.Input<boolean>;
/**
* The object IDs of the groups.
*/
objectIds?: pulumi.Input<pulumi.Input<string>[]>;
/**
* A flag to denote if all groups should be fetched and returned. Cannot be specified wth `ignoreMissing`. Defaults to `false`.
*/
returnAll?: pulumi.Input<boolean>;
/**
* Whether the returned groups should be security-enabled. By itself this does not exclude mail-enabled groups. Setting this to `true` ensures all groups are security-enabled, and setting to `false` ensures that all groups are _not_ security-enabled. To ignore this filter, omit the property or set it to null. Cannot be specified together with `objectIds`.
*
* > One of `displayNames`, `displayNamePrefix`, `objectIds` or `returnAll` should be specified. Either `displayName` or `objectIds` _may_ be specified as an empty list, in which case no results will be returned.
*/
securityEnabled?: pulumi.Input<boolean>;
}