authorization

package
v3.30.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 12, 2020 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Assignment 

type Assignment struct {
	pulumi.CustomResourceState

	// A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
	PrincipalId pulumi.StringOutput `pulumi:"principalId"`
	// The type of the `principalId`, e.g. User, Group, Service Principal, Application, etc.
	PrincipalType pulumi.StringOutput `pulumi:"principalType"`
	// The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`.
	RoleDefinitionId pulumi.StringOutput `pulumi:"roleDefinitionId"`
	// The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`.
	RoleDefinitionName pulumi.StringOutput `pulumi:"roleDefinitionName"`
	// The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
	Scope pulumi.StringOutput `pulumi:"scope"`
	// If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. If it is not a `Service Principal` identity it will cause the role assignment to fail. Defaults to `false`.
	SkipServicePrincipalAadCheck pulumi.BoolOutput `pulumi:"skipServicePrincipalAadCheck"`
}

Assigns a given Principal (User or Group) to a given Role.

## Example Usage ### Using A Built-In Role)

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/core"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.GetSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleClientConfig, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "exampleAssignment", &authorization.AssignmentArgs{
			Scope:              pulumi.String(primary.Id),
			RoleDefinitionName: pulumi.String("Reader"),
			PrincipalId:        pulumi.String(exampleClientConfig.ObjectId),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Custom Role & Service Principal)

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/core"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.GetSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleClientConfig, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "exampleRoleDefinition", &authorization.RoleDefinitionArgs{
			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.String(primary.Id),
			Permissions: authorization.RoleDefinitionPermissionArray{
				&authorization.RoleDefinitionPermissionArgs{
					Actions: pulumi.StringArray{
						pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
					},
					NotActions: []interface{}{},
				},
			},
			AssignableScopes: pulumi.StringArray{
				pulumi.String(primary.Id),
			},
		})
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "exampleAssignment", &authorization.AssignmentArgs{
			Name:             pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.String(primary.Id),
			RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
			PrincipalId:      pulumi.String(exampleClientConfig.ObjectId),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Custom Role & User)

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/core"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.GetSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleClientConfig, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "exampleRoleDefinition", &authorization.RoleDefinitionArgs{
			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.String(primary.Id),
			Permissions: authorization.RoleDefinitionPermissionArray{
				&authorization.RoleDefinitionPermissionArgs{
					Actions: pulumi.StringArray{
						pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
					},
					NotActions: []interface{}{},
				},
			},
			AssignableScopes: pulumi.StringArray{
				pulumi.String(primary.Id),
			},
		})
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "exampleAssignment", &authorization.AssignmentArgs{
			Name:             pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.String(primary.Id),
			RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
			PrincipalId:      pulumi.String(exampleClientConfig.ObjectId),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Custom Role & Management Group)

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/management"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.GetSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleClientConfig, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = management.LookupGroup(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "exampleRoleDefinition", &authorization.RoleDefinitionArgs{
			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.String(primary.Id),
			Permissions: authorization.RoleDefinitionPermissionArray{
				&authorization.RoleDefinitionPermissionArgs{
					Actions: pulumi.StringArray{
						pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
					},
					NotActions: []interface{}{},
				},
			},
			AssignableScopes: pulumi.StringArray{
				pulumi.String(primary.Id),
			},
		})
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "exampleAssignment", &authorization.AssignmentArgs{
			Name:             pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.Any(data.Azurerm_management_group.Primary.Id),
			RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
			PrincipalId:      pulumi.String(exampleClientConfig.ObjectId),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetAssignment 

func GetAssignment(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AssignmentState, opts ...pulumi.ResourceOption) (*Assignment, error)

GetAssignment gets an existing Assignment resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAssignment 

func NewAssignment(ctx *pulumi.Context,
	name string, args *AssignmentArgs, opts ...pulumi.ResourceOption) (*Assignment, error)

NewAssignment registers a new resource with the given unique name, arguments, and options.

type AssignmentArgs 

type AssignmentArgs struct {
	// A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
	Name pulumi.StringPtrInput
	// The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
	PrincipalId pulumi.StringInput
	// The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`.
	RoleDefinitionId pulumi.StringPtrInput
	// The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`.
	RoleDefinitionName pulumi.StringPtrInput
	// The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
	Scope pulumi.StringInput
	// If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. If it is not a `Service Principal` identity it will cause the role assignment to fail. Defaults to `false`.
	SkipServicePrincipalAadCheck pulumi.BoolPtrInput
}

The set of arguments for constructing a Assignment resource.

func (AssignmentArgs) ElementType 

func (AssignmentArgs) ElementType() reflect.Type

type AssignmentState 

type AssignmentState struct {
	// A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
	Name pulumi.StringPtrInput
	// The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
	PrincipalId pulumi.StringPtrInput
	// The type of the `principalId`, e.g. User, Group, Service Principal, Application, etc.
	PrincipalType pulumi.StringPtrInput
	// The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`.
	RoleDefinitionId pulumi.StringPtrInput
	// The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`.
	RoleDefinitionName pulumi.StringPtrInput
	// The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
	Scope pulumi.StringPtrInput
	// If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. If it is not a `Service Principal` identity it will cause the role assignment to fail. Defaults to `false`.
	SkipServicePrincipalAadCheck pulumi.BoolPtrInput
}

func (AssignmentState) ElementType 

func (AssignmentState) ElementType() reflect.Type

type GetRoleDefinitionPermission 

type GetRoleDefinitionPermission struct {
	// a list of actions supported by this role
	Actions     []string `pulumi:"actions"`
	DataActions []string `pulumi:"dataActions"`
	// a list of actions which are denied by this role
	NotActions     []string `pulumi:"notActions"`
	NotDataActions []string `pulumi:"notDataActions"`
}

type GetRoleDefinitionPermissionArgs 

type GetRoleDefinitionPermissionArgs struct {
	// a list of actions supported by this role
	Actions     pulumi.StringArrayInput `pulumi:"actions"`
	DataActions pulumi.StringArrayInput `pulumi:"dataActions"`
	// a list of actions which are denied by this role
	NotActions     pulumi.StringArrayInput `pulumi:"notActions"`
	NotDataActions pulumi.StringArrayInput `pulumi:"notDataActions"`
}

func (GetRoleDefinitionPermissionArgs) ElementType 

func (GetRoleDefinitionPermissionArgs) ElementType() reflect.Type

func (GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutput 

func (i GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput

func (GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutputWithContext 

func (i GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionOutput

type GetRoleDefinitionPermissionArray 

type GetRoleDefinitionPermissionArray []GetRoleDefinitionPermissionInput

func (GetRoleDefinitionPermissionArray) ElementType 

func (GetRoleDefinitionPermissionArray) ElementType() reflect.Type

func (GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutput 

func (i GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput

func (GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutputWithContext 

func (i GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionArrayOutput

type GetRoleDefinitionPermissionArrayInput 

type GetRoleDefinitionPermissionArrayInput interface {
	pulumi.Input

	ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput
	ToGetRoleDefinitionPermissionArrayOutputWithContext(context.Context) GetRoleDefinitionPermissionArrayOutput
}

GetRoleDefinitionPermissionArrayInput is an input type that accepts GetRoleDefinitionPermissionArray and GetRoleDefinitionPermissionArrayOutput values. You can construct a concrete instance of `GetRoleDefinitionPermissionArrayInput` via: 

GetRoleDefinitionPermissionArray{ GetRoleDefinitionPermissionArgs{...} }

type GetRoleDefinitionPermissionArrayOutput 

type GetRoleDefinitionPermissionArrayOutput struct{ *pulumi.OutputState }

func (GetRoleDefinitionPermissionArrayOutput) ElementType 

func (GetRoleDefinitionPermissionArrayOutput) ElementType() reflect.Type

func (GetRoleDefinitionPermissionArrayOutput) Index 

func (o GetRoleDefinitionPermissionArrayOutput) Index(i pulumi.IntInput) GetRoleDefinitionPermissionOutput

func (GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutput 

func (o GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput

func (GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutputWithContext 

func (o GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionArrayOutput

type GetRoleDefinitionPermissionInput 

type GetRoleDefinitionPermissionInput interface {
	pulumi.Input

	ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput
	ToGetRoleDefinitionPermissionOutputWithContext(context.Context) GetRoleDefinitionPermissionOutput
}

GetRoleDefinitionPermissionInput is an input type that accepts GetRoleDefinitionPermissionArgs and GetRoleDefinitionPermissionOutput values. You can construct a concrete instance of `GetRoleDefinitionPermissionInput` via: 

GetRoleDefinitionPermissionArgs{...}

type GetRoleDefinitionPermissionOutput 

type GetRoleDefinitionPermissionOutput struct{ *pulumi.OutputState }

func (GetRoleDefinitionPermissionOutput) Actions 

func (o GetRoleDefinitionPermissionOutput) Actions() pulumi.StringArrayOutput

a list of actions supported by this role

func (GetRoleDefinitionPermissionOutput) DataActions 

func (o GetRoleDefinitionPermissionOutput) DataActions() pulumi.StringArrayOutput

func (GetRoleDefinitionPermissionOutput) ElementType 

func (GetRoleDefinitionPermissionOutput) ElementType() reflect.Type

func (GetRoleDefinitionPermissionOutput) NotActions 

func (o GetRoleDefinitionPermissionOutput) NotActions() pulumi.StringArrayOutput

a list of actions which are denied by this role

func (GetRoleDefinitionPermissionOutput) NotDataActions 

func (o GetRoleDefinitionPermissionOutput) NotDataActions() pulumi.StringArrayOutput

func (GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutput 

func (o GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput

func (GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutputWithContext 

func (o GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionOutput

type LookupRoleDefinitionArgs 

type LookupRoleDefinitionArgs struct {
	// Specifies the Name of either a built-in or custom Role Definition.
	Name *string `pulumi:"name"`
	// Specifies the ID of the Role Definition as a UUID/GUID.
	RoleDefinitionId *string `pulumi:"roleDefinitionId"`
	// Specifies the Scope at which the Custom Role Definition exists.
	Scope *string `pulumi:"scope"`
}

A collection of arguments for invoking getRoleDefinition.

type LookupRoleDefinitionResult 

type LookupRoleDefinitionResult struct {
	// One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
	AssignableScopes []string `pulumi:"assignableScopes"`
	// the Description of the built-in Role.
	Description string `pulumi:"description"`
	// The provider-assigned unique ID for this managed resource.
	Id   string `pulumi:"id"`
	Name string `pulumi:"name"`
	// a `permissions` block as documented below.
	Permissions      []GetRoleDefinitionPermission `pulumi:"permissions"`
	RoleDefinitionId string                        `pulumi:"roleDefinitionId"`
	Scope            *string                       `pulumi:"scope"`
	// the Type of the Role.
	Type string `pulumi:"type"`
}

A collection of values returned by getRoleDefinition.

func LookupRoleDefinition 

func LookupRoleDefinition(ctx *pulumi.Context, args *LookupRoleDefinitionArgs, opts ...pulumi.InvokeOption) (*LookupRoleDefinitionResult, error)

Use this data source to access information about an existing Role Definition.

type LookupUserAssignedIdentityArgs 

type LookupUserAssignedIdentityArgs struct {
	// The name of the User Assigned Identity.
	Name string `pulumi:"name"`
	// The name of the Resource Group in which the User Assigned Identity exists.
	ResourceGroupName string `pulumi:"resourceGroupName"`
}

A collection of arguments for invoking getUserAssignedIdentity.

type LookupUserAssignedIdentityResult 

type LookupUserAssignedIdentityResult struct {
	// The Client ID of the User Assigned Identity.
	ClientId string `pulumi:"clientId"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The Azure location where the User Assigned Identity exists.
	Location string `pulumi:"location"`
	Name     string `pulumi:"name"`
	// The Service Principal ID of the User Assigned Identity.
	PrincipalId       string `pulumi:"principalId"`
	ResourceGroupName string `pulumi:"resourceGroupName"`
	// A mapping of tags assigned to the User Assigned Identity.
	Tags map[string]string `pulumi:"tags"`
}

A collection of values returned by getUserAssignedIdentity.

func LookupUserAssignedIdentity 

func LookupUserAssignedIdentity(ctx *pulumi.Context, args *LookupUserAssignedIdentityArgs, opts ...pulumi.InvokeOption) (*LookupUserAssignedIdentityResult, error)

Use this data source to access information about an existing User Assigned Identity.

## Example Usage ### Reference An Existing)

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/authorization"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := authorization.LookupUserAssignedIdentity(ctx, &authorization.LookupUserAssignedIdentityArgs{
			Name:              "name_of_user_assigned_identity",
			ResourceGroupName: "name_of_resource_group",
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("uaiClientId", example.ClientId)
		ctx.Export("uaiPrincipalId", example.PrincipalId)
		return nil
	})
}

```

type RoleDefinition 

type RoleDefinition struct {
	pulumi.CustomResourceState

	// One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
	AssignableScopes pulumi.StringArrayOutput `pulumi:"assignableScopes"`
	// A description of the Role Definition.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The name of the Role Definition. Changing this forces a new resource to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// A `permissions` block as defined below.
	Permissions RoleDefinitionPermissionArrayOutput `pulumi:"permissions"`
	// A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.
	RoleDefinitionId pulumi.StringOutput `pulumi:"roleDefinitionId"`
	// The Azure Resource Manager ID for the resource.
	RoleDefinitionResourceId pulumi.StringOutput `pulumi:"roleDefinitionResourceId"`
	// The scope at which the Role Definition applies too, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created.
	Scope pulumi.StringOutput `pulumi:"scope"`
}

Manages a custom Role Definition, used to assign Roles to Users/Principals. See ['Understand role definitions'](https://docs.microsoft.com/en-us/azure/role-based-access-control/role-definitions) in the Azure documentation for more details.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/core"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.GetSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{
			Scope:       pulumi.String(primary.Id),
			Description: pulumi.String("This is a custom role created"),
			Permissions: authorization.RoleDefinitionPermissionArray{
				&authorization.RoleDefinitionPermissionArgs{
					Actions: pulumi.StringArray{
						pulumi.String("*"),
					},
					NotActions: []interface{}{},
				},
			},
			AssignableScopes: pulumi.StringArray{
				pulumi.String(primary.Id),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetRoleDefinition 

func GetRoleDefinition(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RoleDefinitionState, opts ...pulumi.ResourceOption) (*RoleDefinition, error)

GetRoleDefinition gets an existing RoleDefinition resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRoleDefinition 

func NewRoleDefinition(ctx *pulumi.Context,
	name string, args *RoleDefinitionArgs, opts ...pulumi.ResourceOption) (*RoleDefinition, error)

NewRoleDefinition registers a new resource with the given unique name, arguments, and options.

type RoleDefinitionArgs 

type RoleDefinitionArgs struct {
	// One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
	AssignableScopes pulumi.StringArrayInput
	// A description of the Role Definition.
	Description pulumi.StringPtrInput
	// The name of the Role Definition. Changing this forces a new resource to be created.
	Name pulumi.StringPtrInput
	// A `permissions` block as defined below.
	Permissions RoleDefinitionPermissionArrayInput
	// A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.
	RoleDefinitionId pulumi.StringPtrInput
	// The scope at which the Role Definition applies too, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created.
	Scope pulumi.StringInput
}

The set of arguments for constructing a RoleDefinition resource.

func (RoleDefinitionArgs) ElementType 

func (RoleDefinitionArgs) ElementType() reflect.Type

type RoleDefinitionPermission 

type RoleDefinitionPermission struct {
	// One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.
	Actions []string `pulumi:"actions"`
	// One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.
	DataActions []string `pulumi:"dataActions"`
	// One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.
	NotActions []string `pulumi:"notActions"`
	// One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.
	NotDataActions []string `pulumi:"notDataActions"`
}

type RoleDefinitionPermissionArgs 

type RoleDefinitionPermissionArgs struct {
	// One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.
	Actions pulumi.StringArrayInput `pulumi:"actions"`
	// One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.
	DataActions pulumi.StringArrayInput `pulumi:"dataActions"`
	// One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.
	NotActions pulumi.StringArrayInput `pulumi:"notActions"`
	// One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.
	NotDataActions pulumi.StringArrayInput `pulumi:"notDataActions"`
}

func (RoleDefinitionPermissionArgs) ElementType 

func (RoleDefinitionPermissionArgs) ElementType() reflect.Type

func (RoleDefinitionPermissionArgs) ToRoleDefinitionPermissionOutput 

func (i RoleDefinitionPermissionArgs) ToRoleDefinitionPermissionOutput() RoleDefinitionPermissionOutput

func (RoleDefinitionPermissionArgs) ToRoleDefinitionPermissionOutputWithContext 

func (i RoleDefinitionPermissionArgs) ToRoleDefinitionPermissionOutputWithContext(ctx context.Context) RoleDefinitionPermissionOutput

type RoleDefinitionPermissionArray 

type RoleDefinitionPermissionArray []RoleDefinitionPermissionInput

func (RoleDefinitionPermissionArray) ElementType 

func (RoleDefinitionPermissionArray) ElementType() reflect.Type

func (RoleDefinitionPermissionArray) ToRoleDefinitionPermissionArrayOutput 

func (i RoleDefinitionPermissionArray) ToRoleDefinitionPermissionArrayOutput() RoleDefinitionPermissionArrayOutput

func (RoleDefinitionPermissionArray) ToRoleDefinitionPermissionArrayOutputWithContext 

func (i RoleDefinitionPermissionArray) ToRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) RoleDefinitionPermissionArrayOutput

type RoleDefinitionPermissionArrayInput 

type RoleDefinitionPermissionArrayInput interface {
	pulumi.Input

	ToRoleDefinitionPermissionArrayOutput() RoleDefinitionPermissionArrayOutput
	ToRoleDefinitionPermissionArrayOutputWithContext(context.Context) RoleDefinitionPermissionArrayOutput
}

RoleDefinitionPermissionArrayInput is an input type that accepts RoleDefinitionPermissionArray and RoleDefinitionPermissionArrayOutput values. You can construct a concrete instance of `RoleDefinitionPermissionArrayInput` via: 

RoleDefinitionPermissionArray{ RoleDefinitionPermissionArgs{...} }

type RoleDefinitionPermissionArrayOutput 

type RoleDefinitionPermissionArrayOutput struct{ *pulumi.OutputState }

func (RoleDefinitionPermissionArrayOutput) ElementType 

func (RoleDefinitionPermissionArrayOutput) ElementType() reflect.Type

func (RoleDefinitionPermissionArrayOutput) Index 

func (o RoleDefinitionPermissionArrayOutput) Index(i pulumi.IntInput) RoleDefinitionPermissionOutput

func (RoleDefinitionPermissionArrayOutput) ToRoleDefinitionPermissionArrayOutput 

func (o RoleDefinitionPermissionArrayOutput) ToRoleDefinitionPermissionArrayOutput() RoleDefinitionPermissionArrayOutput

func (RoleDefinitionPermissionArrayOutput) ToRoleDefinitionPermissionArrayOutputWithContext 

func (o RoleDefinitionPermissionArrayOutput) ToRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) RoleDefinitionPermissionArrayOutput

type RoleDefinitionPermissionInput 

type RoleDefinitionPermissionInput interface {
	pulumi.Input

	ToRoleDefinitionPermissionOutput() RoleDefinitionPermissionOutput
	ToRoleDefinitionPermissionOutputWithContext(context.Context) RoleDefinitionPermissionOutput
}

RoleDefinitionPermissionInput is an input type that accepts RoleDefinitionPermissionArgs and RoleDefinitionPermissionOutput values. You can construct a concrete instance of `RoleDefinitionPermissionInput` via: 

RoleDefinitionPermissionArgs{...}

type RoleDefinitionPermissionOutput 

type RoleDefinitionPermissionOutput struct{ *pulumi.OutputState }

func (RoleDefinitionPermissionOutput) Actions 

func (o RoleDefinitionPermissionOutput) Actions() pulumi.StringArrayOutput

One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.

func (RoleDefinitionPermissionOutput) DataActions 

func (o RoleDefinitionPermissionOutput) DataActions() pulumi.StringArrayOutput

One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.

func (RoleDefinitionPermissionOutput) ElementType 

func (RoleDefinitionPermissionOutput) ElementType() reflect.Type

func (RoleDefinitionPermissionOutput) NotActions 

func (o RoleDefinitionPermissionOutput) NotActions() pulumi.StringArrayOutput

One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.

func (RoleDefinitionPermissionOutput) NotDataActions 

func (o RoleDefinitionPermissionOutput) NotDataActions() pulumi.StringArrayOutput

One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.

func (RoleDefinitionPermissionOutput) ToRoleDefinitionPermissionOutput 

func (o RoleDefinitionPermissionOutput) ToRoleDefinitionPermissionOutput() RoleDefinitionPermissionOutput

func (RoleDefinitionPermissionOutput) ToRoleDefinitionPermissionOutputWithContext 

func (o RoleDefinitionPermissionOutput) ToRoleDefinitionPermissionOutputWithContext(ctx context.Context) RoleDefinitionPermissionOutput

type RoleDefinitionState 

type RoleDefinitionState struct {
	// One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
	AssignableScopes pulumi.StringArrayInput
	// A description of the Role Definition.
	Description pulumi.StringPtrInput
	// The name of the Role Definition. Changing this forces a new resource to be created.
	Name pulumi.StringPtrInput
	// A `permissions` block as defined below.
	Permissions RoleDefinitionPermissionArrayInput
	// A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.
	RoleDefinitionId pulumi.StringPtrInput
	// The Azure Resource Manager ID for the resource.
	RoleDefinitionResourceId pulumi.StringPtrInput
	// The scope at which the Role Definition applies too, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created.
	Scope pulumi.StringPtrInput
}

func (RoleDefinitionState) ElementType 

func (RoleDefinitionState) ElementType() reflect.Type

type UserAssignedIdentity 

type UserAssignedIdentity struct {
	pulumi.CustomResourceState

	// Client ID associated with the user assigned identity.
	ClientId pulumi.StringOutput `pulumi:"clientId"`
	// The location/region where the user assigned identity is
	// created.
	Location pulumi.StringOutput `pulumi:"location"`
	// The name of the user assigned identity. Changing this forces a
	// new identity to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// Service Principal ID associated with the user assigned identity.
	PrincipalId pulumi.StringOutput `pulumi:"principalId"`
	// The name of the resource group in which to
	// create the user assigned identity.
	ResourceGroupName pulumi.StringOutput `pulumi:"resourceGroupName"`
	// A mapping of tags to assign to the resource.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
}

Manages a user assigned identity.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/core"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("eastus"),
		})
		if err != nil {
			return err
		}
		_, err = authorization.NewUserAssignedIdentity(ctx, "exampleUserAssignedIdentity", &authorization.UserAssignedIdentityArgs{
			ResourceGroupName: exampleResourceGroup.Name,
			Location:          exampleResourceGroup.Location,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetUserAssignedIdentity 

func GetUserAssignedIdentity(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *UserAssignedIdentityState, opts ...pulumi.ResourceOption) (*UserAssignedIdentity, error)

GetUserAssignedIdentity gets an existing UserAssignedIdentity resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewUserAssignedIdentity 

func NewUserAssignedIdentity(ctx *pulumi.Context,
	name string, args *UserAssignedIdentityArgs, opts ...pulumi.ResourceOption) (*UserAssignedIdentity, error)

NewUserAssignedIdentity registers a new resource with the given unique name, arguments, and options.

type UserAssignedIdentityArgs 

type UserAssignedIdentityArgs struct {
	// The location/region where the user assigned identity is
	// created.
	Location pulumi.StringPtrInput
	// The name of the user assigned identity. Changing this forces a
	// new identity to be created.
	Name pulumi.StringPtrInput
	// The name of the resource group in which to
	// create the user assigned identity.
	ResourceGroupName pulumi.StringInput
	// A mapping of tags to assign to the resource.
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a UserAssignedIdentity resource.

func (UserAssignedIdentityArgs) ElementType 

func (UserAssignedIdentityArgs) ElementType() reflect.Type

type UserAssignedIdentityState 

type UserAssignedIdentityState struct {
	// Client ID associated with the user assigned identity.
	ClientId pulumi.StringPtrInput
	// The location/region where the user assigned identity is
	// created.
	Location pulumi.StringPtrInput
	// The name of the user assigned identity. Changing this forces a
	// new identity to be created.
	Name pulumi.StringPtrInput
	// Service Principal ID associated with the user assigned identity.
	PrincipalId pulumi.StringPtrInput
	// The name of the resource group in which to
	// create the user assigned identity.
	ResourceGroupName pulumi.StringPtrInput
	// A mapping of tags to assign to the resource.
	Tags pulumi.StringMapInput
}

func (UserAssignedIdentityState) ElementType 

func (UserAssignedIdentityState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.