UNPKG

@pulumi/azuread

Version:

A Pulumi package for creating and managing Azure Active Directory (Azure AD) cloud resources.

pulumi.io

pulumi/pulumi-azuread

124 lines (123 loc) 5.96 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
import * as pulumi from "@pulumi/pulumi"; /** * Manages a single directory role eligibility schedule request within Azure Active Directory. * * ## API Permissions * * The following API permissions are required in order to use this resource. * * The calling principal requires one of the following application roles: `RoleEligibilitySchedule.ReadWrite.Directory` or `RoleManagement.ReadWrite.Directory`. * * The calling principal requires one of the following directory roles: `Privileged Role Administrator` or `Global Administrator`. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * * const example = azuread.getUser({ * userPrincipalName: "jdoe@example.com", * }); * const exampleDirectoryRole = new azuread.DirectoryRole("example", {displayName: "Application Administrator"}); * const exampleDirectoryRoleEligibilityScheduleRequest = new azuread.DirectoryRoleEligibilityScheduleRequest("example", { * roleDefinitionId: exampleDirectoryRole.templateId, * principalId: example.then(example => example.objectId), * directoryScopeId: "/", * justification: "Example", * }); * ``` * * > Note the use of the `templateId` attribute when referencing built-in roles. * * ## Import * * Directory role eligibility schedule requests can be imported using the ID of the assignment, e.g. * * ```sh * $ pulumi import azuread:index/directoryRoleEligibilityScheduleRequest:DirectoryRoleEligibilityScheduleRequest example 822ec710-4c9f-4f71-a27a-451759cc7522 * ``` */ export declare class DirectoryRoleEligibilityScheduleRequest extends pulumi.CustomResource { /** * Get an existing DirectoryRoleEligibilityScheduleRequest resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DirectoryRoleEligibilityScheduleRequestState, opts?: pulumi.CustomResourceOptions): DirectoryRoleEligibilityScheduleRequest; /** * Returns true if the given object is an instance of DirectoryRoleEligibilityScheduleRequest. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is DirectoryRoleEligibilityScheduleRequest; /** * Identifier of the directory object representing the scope of the role eligibility. Changing this forces a new resource to be created. */ readonly directoryScopeId: pulumi.Output<string>; /** * Justification for why the principal is granted the role eligibility. Changing this forces a new resource to be created. */ readonly justification: pulumi.Output<string>; /** * The object ID of the principal to granted the role eligibility. Changing this forces a new resource to be created. */ readonly principalId: pulumi.Output<string>; /** * The template ID (in the case of built-in roles) or object ID (in the case of custom roles) of the directory role you want to assign. Changing this forces a new resource to be created. */ readonly roleDefinitionId: pulumi.Output<string>; /** * Create a DirectoryRoleEligibilityScheduleRequest resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: DirectoryRoleEligibilityScheduleRequestArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering DirectoryRoleEligibilityScheduleRequest resources. */ export interface DirectoryRoleEligibilityScheduleRequestState { /** * Identifier of the directory object representing the scope of the role eligibility. Changing this forces a new resource to be created. */ directoryScopeId?: pulumi.Input<string>; /** * Justification for why the principal is granted the role eligibility. Changing this forces a new resource to be created. */ justification?: pulumi.Input<string>; /** * The object ID of the principal to granted the role eligibility. Changing this forces a new resource to be created. */ principalId?: pulumi.Input<string>; /** * The template ID (in the case of built-in roles) or object ID (in the case of custom roles) of the directory role you want to assign. Changing this forces a new resource to be created. */ roleDefinitionId?: pulumi.Input<string>; } /** * The set of arguments for constructing a DirectoryRoleEligibilityScheduleRequest resource. */ export interface DirectoryRoleEligibilityScheduleRequestArgs { /** * Identifier of the directory object representing the scope of the role eligibility. Changing this forces a new resource to be created. */ directoryScopeId: pulumi.Input<string>; /** * Justification for why the principal is granted the role eligibility. Changing this forces a new resource to be created. */ justification: pulumi.Input<string>; /** * The object ID of the principal to granted the role eligibility. Changing this forces a new resource to be created. */ principalId: pulumi.Input<string>; /** * The template ID (in the case of built-in roles) or object ID (in the case of custom roles) of the directory role you want to assign. Changing this forces a new resource to be created. */ roleDefinitionId: pulumi.Input<string>; }