@pulumi/azuread

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * Manage a role policy for an Azure AD group. * * ## API Permissions * * The following API permissions are required in order to use this resource. * * When authenticated with a service principal, this resource requires the `RoleManagementPolicy.ReadWrite.AzureADGroup` Microsoft Graph API permissions. * * When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * * const example = new azuread.Group("example", { * displayName: "group-name", * securityEnabled: true, * }); * const member = new azuread.User("member", { * userPrincipalName: "jdoe@example.com", * displayName: "J. Doe", * mailNickname: "jdoe", * password: "SecretP@sswd99!", * }); * const exampleGroupRoleManagementPolicy = new azuread.GroupRoleManagementPolicy("example", { * groupId: example.id, * roleId: "member", * activeAssignmentRules: { * expireAfter: "P365D", * }, * eligibleAssignmentRules: { * expirationRequired: false, * }, * notificationRules: { * eligibleAssignments: { * approverNotifications: { * notificationLevel: "Critical", * defaultRecipients: false, * additionalRecipients: [ * "someone@example.com", * "someone.else@example.com", * ], * }, * }, * }, * }); * ``` * * ## Import * * Because these policies are created automatically by Entra ID, they will auto-import on first use. */ export declare class GroupRoleManagementPolicy extends pulumi.CustomResource { /** * Get an existing GroupRoleManagementPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupRoleManagementPolicyState, opts?: pulumi.CustomResourceOptions): GroupRoleManagementPolicy; /** * Returns true if the given object is an instance of GroupRoleManagementPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is GroupRoleManagementPolicy; /** * An `activationRules` block as defined below. */ readonly activationRules: pulumi.Output<outputs.GroupRoleManagementPolicyActivationRules>; /** * An `activeAssignmentRules` block as defined below. */ readonly activeAssignmentRules: pulumi.Output<outputs.GroupRoleManagementPolicyActiveAssignmentRules>; /** * (String) The description of this policy. */ readonly description: pulumi.Output<string>; /** * (String) The display name of this policy. */ readonly displayName: pulumi.Output<string>; /** * An `eligibleAssignmentRules` block as defined below. */ readonly eligibleAssignmentRules: pulumi.Output<outputs.GroupRoleManagementPolicyEligibleAssignmentRules>; /** * The ID of the Azure AD group for which the policy applies. */ readonly groupId: pulumi.Output<string>; /** * A `notificationRules` block as defined below. */ readonly notificationRules: pulumi.Output<outputs.GroupRoleManagementPolicyNotificationRules>; /** * The type of assignment this policy coveres. Can be either `member` or `owner`. */ readonly roleId: pulumi.Output<string>; /** * Create a GroupRoleManagementPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: GroupRoleManagementPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering GroupRoleManagementPolicy resources. */ export interface GroupRoleManagementPolicyState { /** * An `activationRules` block as defined below. */ activationRules?: pulumi.Input<inputs.GroupRoleManagementPolicyActivationRules>; /** * An `activeAssignmentRules` block as defined below. */ activeAssignmentRules?: pulumi.Input<inputs.GroupRoleManagementPolicyActiveAssignmentRules>; /** * (String) The description of this policy. */ description?: pulumi.Input<string>; /** * (String) The display name of this policy. */ displayName?: pulumi.Input<string>; /** * An `eligibleAssignmentRules` block as defined below. */ eligibleAssignmentRules?: pulumi.Input<inputs.GroupRoleManagementPolicyEligibleAssignmentRules>; /** * The ID of the Azure AD group for which the policy applies. */ groupId?: pulumi.Input<string>; /** * A `notificationRules` block as defined below. */ notificationRules?: pulumi.Input<inputs.GroupRoleManagementPolicyNotificationRules>; /** * The type of assignment this policy coveres. Can be either `member` or `owner`. */ roleId?: pulumi.Input<string>; } /** * The set of arguments for constructing a GroupRoleManagementPolicy resource. */ export interface GroupRoleManagementPolicyArgs { /** * An `activationRules` block as defined below. */ activationRules?: pulumi.Input<inputs.GroupRoleManagementPolicyActivationRules>; /** * An `activeAssignmentRules` block as defined below. */ activeAssignmentRules?: pulumi.Input<inputs.GroupRoleManagementPolicyActiveAssignmentRules>; /** * An `eligibleAssignmentRules` block as defined below. */ eligibleAssignmentRules?: pulumi.Input<inputs.GroupRoleManagementPolicyEligibleAssignmentRules>; /** * The ID of the Azure AD group for which the policy applies. */ groupId: pulumi.Input<string>; /** * A `notificationRules` block as defined below. */ notificationRules?: pulumi.Input<inputs.GroupRoleManagementPolicyNotificationRules>; /** * The type of assignment this policy coveres. Can be either `member` or `owner`. */ roleId: pulumi.Input<string>; }