UNPKG

@pulumi/azuread

Version:

A Pulumi package for creating and managing Azure Active Directory (Azure AD) cloud resources.

pulumi.io

pulumi/pulumi-azuread

205 lines (204 loc) 11.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
import * as pulumi from "@pulumi/pulumi"; /** * ## Example Usage * * *Using a PEM certificate* * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * import * as std from "@pulumi/std"; * * const example = new azuread.Application("example", {displayName: "example"}); * const exampleServicePrincipal = new azuread.ServicePrincipal("example", {clientId: example.clientId}); * const exampleServicePrincipalCertificate = new azuread.ServicePrincipalCertificate("example", { * servicePrincipalId: exampleServicePrincipal.id, * type: "AsymmetricX509Cert", * value: std.file({ * input: "cert.pem", * }).then(invoke => invoke.result), * endDate: "2021-05-01T01:02:03Z", * }); * ``` * * *Using a DER certificate* * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * import * as std from "@pulumi/std"; * * const example = new azuread.Application("example", {displayName: "example"}); * const exampleServicePrincipal = new azuread.ServicePrincipal("example", {clientId: example.clientId}); * const exampleServicePrincipalCertificate = new azuread.ServicePrincipalCertificate("example", { * servicePrincipalId: exampleServicePrincipal.id, * type: "AsymmetricX509Cert", * encoding: "base64", * value: std.file({ * input: "cert.der", * }).then(invoke => std.base64encode({ * input: invoke.result, * })).then(invoke => invoke.result), * endDate: "2021-05-01T01:02:03Z", * }); * ``` * * ## Import * * Certificates can be imported using the object ID of the associated service principal and the key ID of the certificate credential, e.g. * * ```sh * $ pulumi import azuread:index/servicePrincipalCertificate:ServicePrincipalCertificate example 00000000-0000-0000-0000-000000000000/certificate/11111111-1111-1111-1111-111111111111 * ``` * * -> This ID format is unique to Terraform and is composed of the service principal's object ID, the string "certificate" and the certificate's key ID in the format `{ServicePrincipalObjectId}/certificate/{CertificateKeyId}`. */ export declare class ServicePrincipalCertificate extends pulumi.CustomResource { /** * Get an existing ServicePrincipalCertificate resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServicePrincipalCertificateState, opts?: pulumi.CustomResourceOptions): ServicePrincipalCertificate; /** * Returns true if the given object is an instance of ServicePrincipalCertificate. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ServicePrincipalCertificate; /** * Specifies the encoding used for the supplied certificate data. Must be one of `pem`, `base64` or `hex`. Defaults to `pem`. * * > **Tip for Azure Key Vault** The `hex` encoding option is useful for consuming certificate data from the azurermKeyVaultCertificate resource. */ readonly encoding: pulumi.Output<string | undefined>; /** * The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created. */ readonly endDate: pulumi.Output<string>; /** * A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created. * * > One of `endDate` or `endDateRelative` must be set. The maximum duration is determined by Azure AD. * * @deprecated The `endDateRelative` property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the `endDate` property. */ readonly endDateRelative: pulumi.Output<string | undefined>; /** * A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created. */ readonly keyId: pulumi.Output<string>; /** * The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created. */ readonly servicePrincipalId: pulumi.Output<string>; /** * The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. */ readonly startDate: pulumi.Output<string>; /** * The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created. */ readonly type: pulumi.Output<string | undefined>; /** * The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument. */ readonly value: pulumi.Output<string>; /** * Create a ServicePrincipalCertificate resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ServicePrincipalCertificateArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ServicePrincipalCertificate resources. */ export interface ServicePrincipalCertificateState { /** * Specifies the encoding used for the supplied certificate data. Must be one of `pem`, `base64` or `hex`. Defaults to `pem`. * * > **Tip for Azure Key Vault** The `hex` encoding option is useful for consuming certificate data from the azurermKeyVaultCertificate resource. */ encoding?: pulumi.Input<string>; /** * The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created. */ endDate?: pulumi.Input<string>; /** * A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created. * * > One of `endDate` or `endDateRelative` must be set. The maximum duration is determined by Azure AD. * * @deprecated The `endDateRelative` property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the `endDate` property. */ endDateRelative?: pulumi.Input<string>; /** * A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created. */ keyId?: pulumi.Input<string>; /** * The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created. */ servicePrincipalId?: pulumi.Input<string>; /** * The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. */ startDate?: pulumi.Input<string>; /** * The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created. */ type?: pulumi.Input<string>; /** * The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument. */ value?: pulumi.Input<string>; } /** * The set of arguments for constructing a ServicePrincipalCertificate resource. */ export interface ServicePrincipalCertificateArgs { /** * Specifies the encoding used for the supplied certificate data. Must be one of `pem`, `base64` or `hex`. Defaults to `pem`. * * > **Tip for Azure Key Vault** The `hex` encoding option is useful for consuming certificate data from the azurermKeyVaultCertificate resource. */ encoding?: pulumi.Input<string>; /** * The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Changing this field forces a new resource to be created. */ endDate?: pulumi.Input<string>; /** * A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Changing this field forces a new resource to be created. * * > One of `endDate` or `endDateRelative` must be set. The maximum duration is determined by Azure AD. * * @deprecated The `endDateRelative` property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the `endDate` property. */ endDateRelative?: pulumi.Input<string>; /** * A UUID used to uniquely identify this certificate. If not specified a UUID will be automatically generated. Changing this field forces a new resource to be created. */ keyId?: pulumi.Input<string>; /** * The ID of the service principal for which this certificate should be created. Changing this field forces a new resource to be created. */ servicePrincipalId: pulumi.Input<string>; /** * The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. */ startDate?: pulumi.Input<string>; /** * The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created. */ type?: pulumi.Input<string>; /** * The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument. */ value: pulumi.Input<string>; }