@pulumi/azuread
Version:
A Pulumi package for creating and managing Azure Active Directory (Azure AD) cloud resources.
219 lines • 9.13 kB
JavaScript
;
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.ApplicationCertificate = void 0;
const pulumi = __importStar(require("@pulumi/pulumi"));
const utilities = __importStar(require("./utilities"));
/**
* Manages a certificate associated with an application within Azure Active Directory. These are also referred to as client certificates during authentication.
*
* ## API Permissions
*
* The following API permissions are required in order to use this resource.
*
* When authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.OwnedBy` or `Application.ReadWrite.All`
*
* > When using the `Application.ReadWrite.OwnedBy` application role, the principal being used to run Terraform must be an owner of the application.
*
* When authenticated with a user principal, this resource may require one of the following directory roles: `Application Administrator` or `Global Administrator`
*
* ## Example Usage
*
* *Using a PEM certificate*
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
* import * as std from "@pulumi/std";
*
* const example = new azuread.ApplicationRegistration("example", {displayName: "example"});
* const exampleApplicationCertificate = new azuread.ApplicationCertificate("example", {
* applicationId: example.id,
* type: "AsymmetricX509Cert",
* value: std.file({
* input: "cert.pem",
* }).then(invoke => invoke.result),
* endDate: "2021-05-01T01:02:03Z",
* });
* ```
*
* *Using a DER certificate*
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
* import * as std from "@pulumi/std";
*
* const example = new azuread.ApplicationRegistration("example", {displayName: "example"});
* const exampleApplicationCertificate = new azuread.ApplicationCertificate("example", {
* applicationId: example.id,
* type: "AsymmetricX509Cert",
* encoding: "base64",
* value: std.file({
* input: "cert.der",
* }).then(invoke => std.base64encode({
* input: invoke.result,
* })).then(invoke => invoke.result),
* endDate: "2021-05-01T01:02:03Z",
* });
* ```
*
* ### Using a certificate from Azure Key Vault
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
* import * as azurerm from "@pulumi/azurerm";
*
* const exampleApplication = new azuread.Application("example", {displayName: "example"});
* const example = new azurerm.index.KeyVaultCertificate("example", {
* name: "generated-cert",
* keyVaultId: exampleAzurermKeyVault.id,
* certificatePolicy: [{
* issuerParameters: [{
* name: "Self",
* }],
* keyProperties: [{
* exportable: true,
* keySize: 2048,
* keyType: "RSA",
* reuseKey: true,
* }],
* lifetimeAction: [{
* action: [{
* actionType: "AutoRenew",
* }],
* trigger: [{
* daysBeforeExpiry: 30,
* }],
* }],
* secretProperties: [{
* contentType: "application/x-pkcs12",
* }],
* x509CertificateProperties: [{
* extendedKeyUsage: ["1.3.6.1.5.5.7.3.2"],
* keyUsage: [
* "dataEncipherment",
* "digitalSignature",
* "keyCertSign",
* "keyEncipherment",
* ],
* subjectAlternativeNames: [{
* dnsNames: [
* "internal.contoso.com",
* "domain.hello.world",
* ],
* }],
* subject: `CN=${exampleApplication.name}`,
* validityInMonths: 12,
* }],
* }],
* });
* const exampleApplicationCertificate = new azuread.ApplicationCertificate("example", {
* applicationId: exampleApplication.id,
* type: "AsymmetricX509Cert",
* encoding: "hex",
* value: example.certificateData,
* endDate: example.certificateAttribute[0].expires,
* startDate: example.certificateAttribute[0].notBefore,
* });
* ```
*
* ## Import
*
* Certificates can be imported using the object ID of the associated application and the key ID of the certificate credential, e.g.
*
* ```sh
* $ pulumi import azuread:index/applicationCertificate:ApplicationCertificate example 00000000-0000-0000-0000-000000000000/certificate/11111111-1111-1111-1111-111111111111
* ```
*
* > This ID format is unique to Terraform and is composed of the application's object ID, the string "certificate" and the certificate's key ID in the format `{ObjectId}/certificate/{CertificateKeyId}`.
*/
class ApplicationCertificate extends pulumi.CustomResource {
/**
* Get an existing ApplicationCertificate resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new ApplicationCertificate(name, state, { ...opts, id: id });
}
/** @internal */
static __pulumiType = 'azuread:index/applicationCertificate:ApplicationCertificate';
/**
* Returns true if the given object is an instance of ApplicationCertificate. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === ApplicationCertificate.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["applicationId"] = state?.applicationId;
resourceInputs["encoding"] = state?.encoding;
resourceInputs["endDate"] = state?.endDate;
resourceInputs["endDateRelative"] = state?.endDateRelative;
resourceInputs["keyId"] = state?.keyId;
resourceInputs["startDate"] = state?.startDate;
resourceInputs["type"] = state?.type;
resourceInputs["value"] = state?.value;
}
else {
const args = argsOrState;
if (args?.applicationId === undefined && !opts.urn) {
throw new Error("Missing required property 'applicationId'");
}
if (args?.value === undefined && !opts.urn) {
throw new Error("Missing required property 'value'");
}
resourceInputs["applicationId"] = args?.applicationId;
resourceInputs["encoding"] = args?.encoding;
resourceInputs["endDate"] = args?.endDate;
resourceInputs["endDateRelative"] = args?.endDateRelative;
resourceInputs["keyId"] = args?.keyId;
resourceInputs["startDate"] = args?.startDate;
resourceInputs["type"] = args?.type;
resourceInputs["value"] = args?.value ? pulumi.secret(args.value) : undefined;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
const secretOpts = { additionalSecretOutputs: ["value"] };
opts = pulumi.mergeOptions(opts, secretOpts);
super(ApplicationCertificate.__pulumiType, name, resourceInputs, opts);
}
}
exports.ApplicationCertificate = ApplicationCertificate;
//# sourceMappingURL=applicationCertificate.js.map