UNPKG

@pulumi/azuread

Version:

A Pulumi package for creating and managing Azure Active Directory (Azure AD) cloud resources.

pulumi.io

pulumi/pulumi-azuread

112 lines (111 loc) 5.42 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
import * as pulumi from "@pulumi/pulumi"; /** * Manages a single directory role assignment scoped to an administrative unit within Azure Active Directory. * * ## API Permissions * * The following API permissions are required in order to use this resource. * * When authenticated with a service principal, this resource requires one of the following application roles: `AdministrativeUnit.ReadWrite.All` and `RoleManagement.ReadWrite.Directory`, or `Directory.ReadWrite.All` * * When authenticated with a user principal, this resource requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator` * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * * const example = azuread.getUser({ * userPrincipalName: "jdoe@example.com", * }); * const exampleAdministrativeUnit = new azuread.AdministrativeUnit("example", {displayName: "Example-AU"}); * const exampleDirectoryRole = new azuread.DirectoryRole("example", {displayName: "Security administrator"}); * const exampleAdministrativeUnitRoleMember = new azuread.AdministrativeUnitRoleMember("example", { * roleObjectId: exampleDirectoryRole.objectId, * administrativeUnitObjectId: exampleAdministrativeUnit.objectId, * memberObjectId: example.then(example => example.objectId), * }); * ``` * * ## Import * * Administrative unit role members can be imported using the object ID of the administrative unit and the unique ID of the role assignment, e.g. * * ```sh * $ pulumi import azuread:index/administrativeUnitRoleMember:AdministrativeUnitRoleMember example * ``` * * /directory/administrativeUnits/00000000-0000-0000-0000-000000000000/scopedRoleMembers/zX37MRLyF0uvE-xf2WH4B7x-6CPLfudNnxFGj800htpBXqkxW7bITqGb6Rj4kuTuS */ export declare class AdministrativeUnitRoleMember extends pulumi.CustomResource { /** * Get an existing AdministrativeUnitRoleMember resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AdministrativeUnitRoleMemberState, opts?: pulumi.CustomResourceOptions): AdministrativeUnitRoleMember; /** * Returns true if the given object is an instance of AdministrativeUnitRoleMember. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is AdministrativeUnitRoleMember; /** * The object ID of the administrative unit you want to add the member to. Changing this forces a new resource to be created. */ readonly administrativeUnitObjectId: pulumi.Output<string>; /** * The object ID of the user, group or service principal you want to add as a member of the administrative unit. Changing this forces a new resource to be created. */ readonly memberObjectId: pulumi.Output<string>; /** * The object ID of the directory role you want to assign. Changing this forces a new resource to be created. */ readonly roleObjectId: pulumi.Output<string>; /** * Create a AdministrativeUnitRoleMember resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: AdministrativeUnitRoleMemberArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering AdministrativeUnitRoleMember resources. */ export interface AdministrativeUnitRoleMemberState { /** * The object ID of the administrative unit you want to add the member to. Changing this forces a new resource to be created. */ administrativeUnitObjectId?: pulumi.Input<string>; /** * The object ID of the user, group or service principal you want to add as a member of the administrative unit. Changing this forces a new resource to be created. */ memberObjectId?: pulumi.Input<string>; /** * The object ID of the directory role you want to assign. Changing this forces a new resource to be created. */ roleObjectId?: pulumi.Input<string>; } /** * The set of arguments for constructing a AdministrativeUnitRoleMember resource. */ export interface AdministrativeUnitRoleMemberArgs { /** * The object ID of the administrative unit you want to add the member to. Changing this forces a new resource to be created. */ administrativeUnitObjectId: pulumi.Input<string>; /** * The object ID of the user, group or service principal you want to add as a member of the administrative unit. Changing this forces a new resource to be created. */ memberObjectId: pulumi.Input<string>; /** * The object ID of the directory role you want to assign. Changing this forces a new resource to be created. */ roleObjectId: pulumi.Input<string>; }