UNPKG

@pulumi/azuread

Version:

A Pulumi package for creating and managing Azure Active Directory (Azure AD) cloud resources.

pulumi.io

pulumi/pulumi-azuread

255 lines (254 loc) • 9.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
import * as pulumi from "@pulumi/pulumi"; import * as outputs from "./types/output"; /** * Gets information about an existing service principal associated with an application within Azure Active Directory. * * ## API Permissions * * The following API permissions are required in order to use this data source. * * When authenticated with a service principal, this data source requires one of the following application roles: `Application.Read.All` or `Directory.Read.All` * * When authenticated with a user principal, this data source does not require any additional roles. * * ## Example Usage * * *Look up by application display name* * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * * const example = azuread.getServicePrincipal({ * displayName: "my-awesome-application", * }); * ``` * * *Look up by client ID* * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * * const example = azuread.getServicePrincipal({ * clientId: "00000000-0000-0000-0000-000000000000", * }); * ``` * * *Look up by service principal object ID* * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * * const example = azuread.getServicePrincipal({ * objectId: "00000000-0000-0000-0000-000000000000", * }); * ``` */ export declare function getServicePrincipal(args?: GetServicePrincipalArgs, opts?: pulumi.InvokeOptions): Promise<GetServicePrincipalResult>; /** * A collection of arguments for invoking getServicePrincipal. */ export interface GetServicePrincipalArgs { /** * The client ID of the application associated with this service principal. */ clientId?: string; /** * The display name of the application associated with this service principal. */ displayName?: string; /** * The object ID of the service principal. * * > One of `clientId`, `displayName` or `objectId` must be specified. */ objectId?: string; } /** * A collection of values returned by getServicePrincipal. */ export interface GetServicePrincipalResult { /** * Whether the service principal account is enabled. */ readonly accountEnabled: boolean; /** * A list of alternative names, used to retrieve service principals by subscription, identify resource group and full resource ids for managed identities. */ readonly alternativeNames: string[]; /** * Whether this service principal requires an app role assignment to a user or group before Azure AD will issue a user or access token to the application. */ readonly appRoleAssignmentRequired: boolean; /** * A mapping of app role values to app role IDs, as published by the associated application, intended to be useful when referencing app roles in other resources in your configuration. */ readonly appRoleIds: { [key: string]: string; }; /** * A list of app roles published by the associated application, as documented below. For more information [official documentation](https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles). */ readonly appRoles: outputs.GetServicePrincipalAppRole[]; /** * The tenant ID where the associated application is registered. */ readonly applicationTenantId: string; /** * The client ID of the application associated with this service principal. */ readonly clientId: string; /** * Permission help text that appears in the admin app assignment and consent experiences. */ readonly description: string; /** * Display name for the permission that appears in the admin consent and app assignment experiences. */ readonly displayName: string; readonly featureTags: outputs.GetServicePrincipalFeatureTag[]; /** * A `features` block as described below. * * @deprecated This block has been renamed to `featureTags` and will be removed in version 3.0 of the provider */ readonly features: outputs.GetServicePrincipalFeature[]; /** * Home page or landing page of the associated application. */ readonly homepageUrl: string; /** * The provider-assigned unique ID for this managed resource. */ readonly id: string; /** * The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. */ readonly loginUrl: string; /** * The URL that will be used by Microsoft's authorization service to logout an user using OpenId Connect front-channel, back-channel or SAML logout protocols, taken from the associated application. */ readonly logoutUrl: string; /** * A free text field to capture information about the service principal, typically used for operational purposes. */ readonly notes: string; /** * A list of email addresses where Azure AD sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery applications. */ readonly notificationEmailAddresses: string[]; /** * A mapping of OAuth2.0 permission scope values to scope IDs, as exposed by the associated application, intended to be useful when referencing permission scopes in other resources in your configuration. */ readonly oauth2PermissionScopeIds: { [key: string]: string; }; /** * A collection of OAuth 2.0 delegated permissions exposed by the associated application. Each permission is covered by an `oauth2PermissionScopes` block as documented below. */ readonly oauth2PermissionScopes: outputs.GetServicePrincipalOauth2PermissionScope[]; /** * The object ID of the service principal. */ readonly objectId: string; /** * The single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. */ readonly preferredSingleSignOnMode: string; /** * A list of URLs where user tokens are sent for sign-in with the associated application, or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent for the associated application. */ readonly redirectUris: string[]; /** * The URL where the service exposes SAML metadata for federation. */ readonly samlMetadataUrl: string; /** * A `samlSingleSignOn` block as documented below. */ readonly samlSingleSignOns: outputs.GetServicePrincipalSamlSingleSignOn[]; /** * A list of identifier URI(s), copied over from the associated application. */ readonly servicePrincipalNames: string[]; /** * The Microsoft account types that are supported for the associated application. Possible values include `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` or `PersonalMicrosoftAccount`. */ readonly signInAudience: string; /** * A list of tags applied to the service principal. */ readonly tags: string[]; /** * Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions. Possible values are `User` or `Admin`. */ readonly type: string; } /** * Gets information about an existing service principal associated with an application within Azure Active Directory. * * ## API Permissions * * The following API permissions are required in order to use this data source. * * When authenticated with a service principal, this data source requires one of the following application roles: `Application.Read.All` or `Directory.Read.All` * * When authenticated with a user principal, this data source does not require any additional roles. * * ## Example Usage * * *Look up by application display name* * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * * const example = azuread.getServicePrincipal({ * displayName: "my-awesome-application", * }); * ``` * * *Look up by client ID* * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * * const example = azuread.getServicePrincipal({ * clientId: "00000000-0000-0000-0000-000000000000", * }); * ``` * * *Look up by service principal object ID* * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * * const example = azuread.getServicePrincipal({ * objectId: "00000000-0000-0000-0000-000000000000", * }); * ``` */ export declare function getServicePrincipalOutput(args?: GetServicePrincipalOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetServicePrincipalResult>; /** * A collection of arguments for invoking getServicePrincipal. */ export interface GetServicePrincipalOutputArgs { /** * The client ID of the application associated with this service principal. */ clientId?: pulumi.Input<string>; /** * The display name of the application associated with this service principal. */ displayName?: pulumi.Input<string>; /** * The object ID of the service principal. * * > One of `clientId`, `displayName` or `objectId` must be specified. */ objectId?: pulumi.Input<string>; }