@pulumi/azuread
Version:
A Pulumi package for creating and managing Azure Active Directory (Azure AD) cloud resources.
223 lines • 10.8 kB
JavaScript
;
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.Group = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("./utilities");
/**
* Manages a group within Azure Active Directory.
*
* ## API Permissions
*
* The following API permissions are required in order to use this resource.
*
* When authenticated with a service principal, this resource requires one of the following application roles: `Group.ReadWrite.All` or `Directory.ReadWrite.All`.
*
* Alternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`.
*
* If using the `assignableToRole` property, this resource additionally requires the `RoleManagement.ReadWrite.Directory` application role.
*
* If specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All`
*
* When authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator`
*
* When creating this resource in administrative units exclusively, the directory role `Groups Administrator` is required to be scoped on any administrative unit used. Additionally, it must be possible to read the administrative units being used, which can be granted through the `AdministrativeUnit.Read.All` or `Directory.Read.All` application roles.
*
* The `externalSendersAllowed`, `autoSubscribeNewMembers`, `hideFromAddressLists` and `hideFromOutlookClients` properties can only be configured when authenticating as a user and cannot be configured when authenticating as a service principal. Additionally, the user being used for authentication must be a Member of the tenant where the group is being managed and _not_ a Guest. This is a known API issue; please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) official documentation.
*
* ## Example Usage
*
* *Basic example*
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const current = azuread.getClientConfig({});
* const example = new azuread.Group("example", {
* displayName: "example",
* owners: [current.then(current => current.objectId)],
* securityEnabled: true,
* });
* ```
*
* *Microsoft 365 group*
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const current = azuread.getClientConfig({});
* const groupOwner = new azuread.User("group_owner", {
* userPrincipalName: "example-group-owner@example.com",
* displayName: "Group Owner",
* mailNickname: "example-group-owner",
* password: "SecretP@sswd99!",
* });
* const example = new azuread.Group("example", {
* displayName: "example",
* mailEnabled: true,
* mailNickname: "ExampleGroup",
* securityEnabled: true,
* types: ["Unified"],
* owners: [
* current.then(current => current.objectId),
* groupOwner.objectId,
* ],
* });
* ```
*
* *Group with members*
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const current = azuread.getClientConfig({});
* const example = new azuread.User("example", {
* displayName: "J Doe",
* owners: [current.then(current => current.objectId)],
* password: "notSecure123",
* userPrincipalName: "jdoe@example.com",
* });
* const exampleGroup = new azuread.Group("example", {
* displayName: "MyGroup",
* owners: [current.then(current => current.objectId)],
* securityEnabled: true,
* members: [example.objectId],
* });
* ```
*
* *Group with dynamic membership*
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const current = azuread.getClientConfig({});
* const example = new azuread.Group("example", {
* displayName: "MyGroup",
* owners: [current.then(current => current.objectId)],
* securityEnabled: true,
* types: ["DynamicMembership"],
* dynamicMembership: {
* enabled: true,
* rule: "user.department -eq \"Sales\"",
* },
* });
* ```
*
* ## Import
*
* Groups can be imported using their object ID, e.g.
*
* ```sh
* $ pulumi import azuread:index/group:Group my_group /groups/00000000-0000-0000-0000-000000000000
* ```
*/
class Group extends pulumi.CustomResource {
/**
* Get an existing Group resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new Group(name, state, { ...opts, id: id });
}
/**
* Returns true if the given object is an instance of Group. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === Group.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["administrativeUnitIds"] = state?.administrativeUnitIds;
resourceInputs["assignableToRole"] = state?.assignableToRole;
resourceInputs["autoSubscribeNewMembers"] = state?.autoSubscribeNewMembers;
resourceInputs["behaviors"] = state?.behaviors;
resourceInputs["description"] = state?.description;
resourceInputs["displayName"] = state?.displayName;
resourceInputs["dynamicMembership"] = state?.dynamicMembership;
resourceInputs["externalSendersAllowed"] = state?.externalSendersAllowed;
resourceInputs["hideFromAddressLists"] = state?.hideFromAddressLists;
resourceInputs["hideFromOutlookClients"] = state?.hideFromOutlookClients;
resourceInputs["mail"] = state?.mail;
resourceInputs["mailEnabled"] = state?.mailEnabled;
resourceInputs["mailNickname"] = state?.mailNickname;
resourceInputs["members"] = state?.members;
resourceInputs["objectId"] = state?.objectId;
resourceInputs["onpremisesDomainName"] = state?.onpremisesDomainName;
resourceInputs["onpremisesGroupType"] = state?.onpremisesGroupType;
resourceInputs["onpremisesNetbiosName"] = state?.onpremisesNetbiosName;
resourceInputs["onpremisesSamAccountName"] = state?.onpremisesSamAccountName;
resourceInputs["onpremisesSecurityIdentifier"] = state?.onpremisesSecurityIdentifier;
resourceInputs["onpremisesSyncEnabled"] = state?.onpremisesSyncEnabled;
resourceInputs["owners"] = state?.owners;
resourceInputs["preferredLanguage"] = state?.preferredLanguage;
resourceInputs["preventDuplicateNames"] = state?.preventDuplicateNames;
resourceInputs["provisioningOptions"] = state?.provisioningOptions;
resourceInputs["proxyAddresses"] = state?.proxyAddresses;
resourceInputs["securityEnabled"] = state?.securityEnabled;
resourceInputs["theme"] = state?.theme;
resourceInputs["types"] = state?.types;
resourceInputs["visibility"] = state?.visibility;
resourceInputs["writebackEnabled"] = state?.writebackEnabled;
}
else {
const args = argsOrState;
if (args?.displayName === undefined && !opts.urn) {
throw new Error("Missing required property 'displayName'");
}
resourceInputs["administrativeUnitIds"] = args?.administrativeUnitIds;
resourceInputs["assignableToRole"] = args?.assignableToRole;
resourceInputs["autoSubscribeNewMembers"] = args?.autoSubscribeNewMembers;
resourceInputs["behaviors"] = args?.behaviors;
resourceInputs["description"] = args?.description;
resourceInputs["displayName"] = args?.displayName;
resourceInputs["dynamicMembership"] = args?.dynamicMembership;
resourceInputs["externalSendersAllowed"] = args?.externalSendersAllowed;
resourceInputs["hideFromAddressLists"] = args?.hideFromAddressLists;
resourceInputs["hideFromOutlookClients"] = args?.hideFromOutlookClients;
resourceInputs["mailEnabled"] = args?.mailEnabled;
resourceInputs["mailNickname"] = args?.mailNickname;
resourceInputs["members"] = args?.members;
resourceInputs["onpremisesGroupType"] = args?.onpremisesGroupType;
resourceInputs["owners"] = args?.owners;
resourceInputs["preventDuplicateNames"] = args?.preventDuplicateNames;
resourceInputs["provisioningOptions"] = args?.provisioningOptions;
resourceInputs["securityEnabled"] = args?.securityEnabled;
resourceInputs["theme"] = args?.theme;
resourceInputs["types"] = args?.types;
resourceInputs["visibility"] = args?.visibility;
resourceInputs["writebackEnabled"] = args?.writebackEnabled;
resourceInputs["mail"] = undefined /*out*/;
resourceInputs["objectId"] = undefined /*out*/;
resourceInputs["onpremisesDomainName"] = undefined /*out*/;
resourceInputs["onpremisesNetbiosName"] = undefined /*out*/;
resourceInputs["onpremisesSamAccountName"] = undefined /*out*/;
resourceInputs["onpremisesSecurityIdentifier"] = undefined /*out*/;
resourceInputs["onpremisesSyncEnabled"] = undefined /*out*/;
resourceInputs["preferredLanguage"] = undefined /*out*/;
resourceInputs["proxyAddresses"] = undefined /*out*/;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(Group.__pulumiType, name, resourceInputs, opts);
}
}
exports.Group = Group;
/** @internal */
Group.__pulumiType = 'azuread:index/group:Group';
//# sourceMappingURL=group.js.map