UNPKG

@pulumi/azuread

Version:

A Pulumi package for creating and managing Azure Active Directory (Azure AD) cloud resources.

pulumi.io

pulumi/pulumi-azuread

155 lines (154 loc) 7.18 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
import * as pulumi from "@pulumi/pulumi"; /** * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * import * as random from "@pulumi/random"; * * const example = new azuread.ApplicationRegistration("example", {displayName: "example"}); * const exampleAdministrator = new random.index.Uuid("example_administrator", {}); * const exampleAdminister = new azuread.ApplicationAppRole("example_administer", { * applicationId: example.id, * roleId: exampleAdministrator.id, * allowedMemberTypes: ["User"], * description: "My role description", * displayName: "Administer", * value: "admin", * }); * ``` * * > **Tip** For managing more app roles, create additional instances of this resource * * *Usage with azuread.Application resource* * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * * const example = new azuread.Application("example", {displayName: "example"}); * const exampleAdminister = new azuread.ApplicationAppRole("example_administer", {applicationId: example.id}); * ``` * * ## Import * * Application App Roles can be imported using the object ID of the application and the ID of the app role, in the following format. * * ```sh * $ pulumi import azuread:index/applicationAppRole:ApplicationAppRole example /applications/00000000-0000-0000-0000-000000000000/appRoles/11111111-1111-1111-1111-111111111111 * ``` */ export declare class ApplicationAppRole extends pulumi.CustomResource { /** * Get an existing ApplicationAppRole resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ApplicationAppRoleState, opts?: pulumi.CustomResourceOptions): ApplicationAppRole; /** * Returns true if the given object is an instance of ApplicationAppRole. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ApplicationAppRole; /** * A set of values to specify whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications by setting to `Application`, or to both. */ readonly allowedMemberTypes: pulumi.Output<string[]>; /** * The resource ID of the application registration. Changing this forces a new resource to be created. */ readonly applicationId: pulumi.Output<string>; /** * Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences. */ readonly description: pulumi.Output<string>; /** * Display name for the app role that appears during app role assignment and in consent experiences. */ readonly displayName: pulumi.Output<string>; /** * The unique identifier of the app role */ readonly roleId: pulumi.Output<string>; /** * The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal. * * > **Roles and Permission Scopes** In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values. */ readonly value: pulumi.Output<string | undefined>; /** * Create a ApplicationAppRole resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ApplicationAppRoleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ApplicationAppRole resources. */ export interface ApplicationAppRoleState { /** * A set of values to specify whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications by setting to `Application`, or to both. */ allowedMemberTypes?: pulumi.Input<pulumi.Input<string>[]>; /** * The resource ID of the application registration. Changing this forces a new resource to be created. */ applicationId?: pulumi.Input<string>; /** * Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences. */ description?: pulumi.Input<string>; /** * Display name for the app role that appears during app role assignment and in consent experiences. */ displayName?: pulumi.Input<string>; /** * The unique identifier of the app role */ roleId?: pulumi.Input<string>; /** * The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal. * * > **Roles and Permission Scopes** In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values. */ value?: pulumi.Input<string>; } /** * The set of arguments for constructing a ApplicationAppRole resource. */ export interface ApplicationAppRoleArgs { /** * A set of values to specify whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications by setting to `Application`, or to both. */ allowedMemberTypes: pulumi.Input<pulumi.Input<string>[]>; /** * The resource ID of the application registration. Changing this forces a new resource to be created. */ applicationId: pulumi.Input<string>; /** * Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences. */ description: pulumi.Input<string>; /** * Display name for the app role that appears during app role assignment and in consent experiences. */ displayName: pulumi.Input<string>; /** * The unique identifier of the app role */ roleId: pulumi.Input<string>; /** * The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal. * * > **Roles and Permission Scopes** In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values. */ value?: pulumi.Input<string>; }