@pulumi/azuread
Version:
A Pulumi package for creating and managing Azure Active Directory (Azure AD) cloud resources.
185 lines • 10.7 kB
JavaScript
;
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.Group = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("./utilities");
/**
* Manages a group within Azure Active Directory.
*
* ## API Permissions
*
* The following API permissions are required in order to use this resource.
*
* When authenticated with a service principal, this resource requires one of the following application roles: `Group.ReadWrite.All` or `Directory.ReadWrite.All`.
*
* Alternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`.
*
* If using the `assignableToRole` property, this resource additionally requires the `RoleManagement.ReadWrite.Directory` application role.
*
* If specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All`
*
* When authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator`
*
* When creating this resource in administrative units exclusively, the directory role `Groups Administrator` is required to be scoped on any administrative unit used. Additionally, it must be possible to read the administrative units being used, which can be granted through the `AdministrativeUnit.Read.All` or `Directory.Read.All` application roles.
*
* The `externalSendersAllowed`, `autoSubscribeNewMembers`, `hideFromAddressLists` and `hideFromOutlookClients` properties can only be configured when authenticating as a user and cannot be configured when authenticating as a service principal. Additionally, the user being used for authentication must be a Member of the tenant where the group is being managed and _not_ a Guest. This is a known API issue; please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) official documentation.
*
* ## Example Usage
*
* *Basic example*
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const current = azuread.getClientConfig({});
* const example = new azuread.Group("example", {
* displayName: "example",
* owners: [current.then(current => current.objectId)],
* securityEnabled: true,
* });
* ```
*
* *Microsoft 365 group*
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const current = azuread.getClientConfig({});
* const groupOwner = new azuread.User("group_owner", {
* userPrincipalName: "example-group-owner@example.com",
* displayName: "Group Owner",
* mailNickname: "example-group-owner",
* password: "SecretP@sswd99!",
* });
* const example = new azuread.Group("example", {
* displayName: "example",
* mailEnabled: true,
* mailNickname: "ExampleGroup",
* securityEnabled: true,
* types: ["Unified"],
* owners: [
* current.then(current => current.objectId),
* groupOwner.objectId,
* ],
* });
* ```
*
* *Group with members*
*
* ## Import
*
* Groups can be imported using their object ID, e.g.
*
* ```sh
* $ pulumi import azuread:index/group:Group my_group /groups/00000000-0000-0000-0000-000000000000
* ```
*/
class Group extends pulumi.CustomResource {
/**
* Get an existing Group resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new Group(name, state, Object.assign(Object.assign({}, opts), { id: id }));
}
/**
* Returns true if the given object is an instance of Group. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === Group.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["administrativeUnitIds"] = state ? state.administrativeUnitIds : undefined;
resourceInputs["assignableToRole"] = state ? state.assignableToRole : undefined;
resourceInputs["autoSubscribeNewMembers"] = state ? state.autoSubscribeNewMembers : undefined;
resourceInputs["behaviors"] = state ? state.behaviors : undefined;
resourceInputs["description"] = state ? state.description : undefined;
resourceInputs["displayName"] = state ? state.displayName : undefined;
resourceInputs["dynamicMembership"] = state ? state.dynamicMembership : undefined;
resourceInputs["externalSendersAllowed"] = state ? state.externalSendersAllowed : undefined;
resourceInputs["hideFromAddressLists"] = state ? state.hideFromAddressLists : undefined;
resourceInputs["hideFromOutlookClients"] = state ? state.hideFromOutlookClients : undefined;
resourceInputs["mail"] = state ? state.mail : undefined;
resourceInputs["mailEnabled"] = state ? state.mailEnabled : undefined;
resourceInputs["mailNickname"] = state ? state.mailNickname : undefined;
resourceInputs["members"] = state ? state.members : undefined;
resourceInputs["objectId"] = state ? state.objectId : undefined;
resourceInputs["onpremisesDomainName"] = state ? state.onpremisesDomainName : undefined;
resourceInputs["onpremisesGroupType"] = state ? state.onpremisesGroupType : undefined;
resourceInputs["onpremisesNetbiosName"] = state ? state.onpremisesNetbiosName : undefined;
resourceInputs["onpremisesSamAccountName"] = state ? state.onpremisesSamAccountName : undefined;
resourceInputs["onpremisesSecurityIdentifier"] = state ? state.onpremisesSecurityIdentifier : undefined;
resourceInputs["onpremisesSyncEnabled"] = state ? state.onpremisesSyncEnabled : undefined;
resourceInputs["owners"] = state ? state.owners : undefined;
resourceInputs["preferredLanguage"] = state ? state.preferredLanguage : undefined;
resourceInputs["preventDuplicateNames"] = state ? state.preventDuplicateNames : undefined;
resourceInputs["provisioningOptions"] = state ? state.provisioningOptions : undefined;
resourceInputs["proxyAddresses"] = state ? state.proxyAddresses : undefined;
resourceInputs["securityEnabled"] = state ? state.securityEnabled : undefined;
resourceInputs["theme"] = state ? state.theme : undefined;
resourceInputs["types"] = state ? state.types : undefined;
resourceInputs["visibility"] = state ? state.visibility : undefined;
resourceInputs["writebackEnabled"] = state ? state.writebackEnabled : undefined;
}
else {
const args = argsOrState;
if ((!args || args.displayName === undefined) && !opts.urn) {
throw new Error("Missing required property 'displayName'");
}
resourceInputs["administrativeUnitIds"] = args ? args.administrativeUnitIds : undefined;
resourceInputs["assignableToRole"] = args ? args.assignableToRole : undefined;
resourceInputs["autoSubscribeNewMembers"] = args ? args.autoSubscribeNewMembers : undefined;
resourceInputs["behaviors"] = args ? args.behaviors : undefined;
resourceInputs["description"] = args ? args.description : undefined;
resourceInputs["displayName"] = args ? args.displayName : undefined;
resourceInputs["dynamicMembership"] = args ? args.dynamicMembership : undefined;
resourceInputs["externalSendersAllowed"] = args ? args.externalSendersAllowed : undefined;
resourceInputs["hideFromAddressLists"] = args ? args.hideFromAddressLists : undefined;
resourceInputs["hideFromOutlookClients"] = args ? args.hideFromOutlookClients : undefined;
resourceInputs["mailEnabled"] = args ? args.mailEnabled : undefined;
resourceInputs["mailNickname"] = args ? args.mailNickname : undefined;
resourceInputs["members"] = args ? args.members : undefined;
resourceInputs["onpremisesGroupType"] = args ? args.onpremisesGroupType : undefined;
resourceInputs["owners"] = args ? args.owners : undefined;
resourceInputs["preventDuplicateNames"] = args ? args.preventDuplicateNames : undefined;
resourceInputs["provisioningOptions"] = args ? args.provisioningOptions : undefined;
resourceInputs["securityEnabled"] = args ? args.securityEnabled : undefined;
resourceInputs["theme"] = args ? args.theme : undefined;
resourceInputs["types"] = args ? args.types : undefined;
resourceInputs["visibility"] = args ? args.visibility : undefined;
resourceInputs["writebackEnabled"] = args ? args.writebackEnabled : undefined;
resourceInputs["mail"] = undefined /*out*/;
resourceInputs["objectId"] = undefined /*out*/;
resourceInputs["onpremisesDomainName"] = undefined /*out*/;
resourceInputs["onpremisesNetbiosName"] = undefined /*out*/;
resourceInputs["onpremisesSamAccountName"] = undefined /*out*/;
resourceInputs["onpremisesSecurityIdentifier"] = undefined /*out*/;
resourceInputs["onpremisesSyncEnabled"] = undefined /*out*/;
resourceInputs["preferredLanguage"] = undefined /*out*/;
resourceInputs["proxyAddresses"] = undefined /*out*/;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(Group.__pulumiType, name, resourceInputs, opts);
}
}
exports.Group = Group;
/** @internal */
Group.__pulumiType = 'azuread:index/group:Group';
//# sourceMappingURL=group.js.map