role

package
v4.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 31, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Assignment deprecated

type Assignment struct {
	pulumi.CustomResourceState

	// The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.
	Condition pulumi.StringPtrOutput `pulumi:"condition"`
	// The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.
	ConditionVersion pulumi.StringPtrOutput `pulumi:"conditionVersion"`
	// The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.
	DelegatedManagedIdentityResourceId pulumi.StringPtrOutput `pulumi:"delegatedManagedIdentityResourceId"`
	// The description for this Role Assignment. Changing this forces a new resource to be created.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
	PrincipalId pulumi.StringOutput `pulumi:"principalId"`
	// The type of the `principalId`, e.g. User, Group, Service Principal, Application, etc.
	PrincipalType pulumi.StringOutput `pulumi:"principalType"`
	// The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`.
	RoleDefinitionId pulumi.StringOutput `pulumi:"roleDefinitionId"`
	// The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`.
	RoleDefinitionName pulumi.StringOutput `pulumi:"roleDefinitionName"`
	// The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
	Scope pulumi.StringOutput `pulumi:"scope"`
	// If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. If it is not a `Service Principal` identity it will cause the role assignment to fail. Defaults to `false`.
	SkipServicePrincipalAadCheck pulumi.BoolOutput `pulumi:"skipServicePrincipalAadCheck"`
}

Assigns a given Principal (User or Group) to a given Role.

## Example Usage ### Using A Built-In Role)

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleClientConfig, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "exampleAssignment", &authorization.AssignmentArgs{
			Scope:              pulumi.String(primary.Id),
			RoleDefinitionName: pulumi.String("Reader"),
			PrincipalId:        pulumi.String(exampleClientConfig.ObjectId),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Custom Role & Service Principal)

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleClientConfig, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "exampleRoleDefinition", &authorization.RoleDefinitionArgs{
			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.String(primary.Id),
			Permissions: authorization.RoleDefinitionPermissionArray{
				&authorization.RoleDefinitionPermissionArgs{
					Actions: pulumi.StringArray{
						pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
					},
					NotActions: pulumi.StringArray{},
				},
			},
			AssignableScopes: pulumi.StringArray{
				pulumi.String(primary.Id),
			},
		})
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "exampleAssignment", &authorization.AssignmentArgs{
			Name:             pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.String(primary.Id),
			RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
			PrincipalId:      pulumi.String(exampleClientConfig.ObjectId),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Custom Role & User)

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleClientConfig, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "exampleRoleDefinition", &authorization.RoleDefinitionArgs{
			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.String(primary.Id),
			Permissions: authorization.RoleDefinitionPermissionArray{
				&authorization.RoleDefinitionPermissionArgs{
					Actions: pulumi.StringArray{
						pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
					},
					NotActions: pulumi.StringArray{},
				},
			},
			AssignableScopes: pulumi.StringArray{
				pulumi.String(primary.Id),
			},
		})
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "exampleAssignment", &authorization.AssignmentArgs{
			Name:             pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.String(primary.Id),
			RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
			PrincipalId:      pulumi.String(exampleClientConfig.ObjectId),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Custom Role & Management Group)

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/management"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleClientConfig, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = management.LookupGroup(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "exampleRoleDefinition", &authorization.RoleDefinitionArgs{
			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.String(primary.Id),
			Permissions: authorization.RoleDefinitionPermissionArray{
				&authorization.RoleDefinitionPermissionArgs{
					Actions: pulumi.StringArray{
						pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
					},
					NotActions: pulumi.StringArray{},
				},
			},
			AssignableScopes: pulumi.StringArray{
				pulumi.String(primary.Id),
			},
		})
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "exampleAssignment", &authorization.AssignmentArgs{
			Name:             pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.Any(data.Azurerm_management_group.Primary.Id),
			RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
			PrincipalId:      pulumi.String(exampleClientConfig.ObjectId),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Role Assignments can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:role/assignment:Assignment example /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000

```

  • for scope `Subscription`, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000` - for scope `Resource Group`, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000` /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000|00000000-0000-0000-0000-000000000000

Deprecated: azure.role.Assignment has been deprecated in favor of azure.authorization.Assignment

func GetAssignment

func GetAssignment(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AssignmentState, opts ...pulumi.ResourceOption) (*Assignment, error)

GetAssignment gets an existing Assignment resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAssignment

func NewAssignment(ctx *pulumi.Context,
	name string, args *AssignmentArgs, opts ...pulumi.ResourceOption) (*Assignment, error)

NewAssignment registers a new resource with the given unique name, arguments, and options.

func (*Assignment) ElementType

func (*Assignment) ElementType() reflect.Type

func (*Assignment) ToAssignmentOutput

func (i *Assignment) ToAssignmentOutput() AssignmentOutput

func (*Assignment) ToAssignmentOutputWithContext

func (i *Assignment) ToAssignmentOutputWithContext(ctx context.Context) AssignmentOutput

func (*Assignment) ToAssignmentPtrOutput

func (i *Assignment) ToAssignmentPtrOutput() AssignmentPtrOutput

func (*Assignment) ToAssignmentPtrOutputWithContext

func (i *Assignment) ToAssignmentPtrOutputWithContext(ctx context.Context) AssignmentPtrOutput

type AssignmentArgs

type AssignmentArgs struct {
	// The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.
	Condition pulumi.StringPtrInput
	// The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.
	ConditionVersion pulumi.StringPtrInput
	// The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.
	DelegatedManagedIdentityResourceId pulumi.StringPtrInput
	// The description for this Role Assignment. Changing this forces a new resource to be created.
	Description pulumi.StringPtrInput
	// A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
	Name pulumi.StringPtrInput
	// The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
	PrincipalId pulumi.StringInput
	// The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`.
	RoleDefinitionId pulumi.StringPtrInput
	// The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`.
	RoleDefinitionName pulumi.StringPtrInput
	// The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
	Scope pulumi.StringInput
	// If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. If it is not a `Service Principal` identity it will cause the role assignment to fail. Defaults to `false`.
	SkipServicePrincipalAadCheck pulumi.BoolPtrInput
}

The set of arguments for constructing a Assignment resource.

func (AssignmentArgs) ElementType

func (AssignmentArgs) ElementType() reflect.Type

type AssignmentArray

type AssignmentArray []AssignmentInput

func (AssignmentArray) ElementType

func (AssignmentArray) ElementType() reflect.Type

func (AssignmentArray) ToAssignmentArrayOutput

func (i AssignmentArray) ToAssignmentArrayOutput() AssignmentArrayOutput

func (AssignmentArray) ToAssignmentArrayOutputWithContext

func (i AssignmentArray) ToAssignmentArrayOutputWithContext(ctx context.Context) AssignmentArrayOutput

type AssignmentArrayInput

type AssignmentArrayInput interface {
	pulumi.Input

	ToAssignmentArrayOutput() AssignmentArrayOutput
	ToAssignmentArrayOutputWithContext(context.Context) AssignmentArrayOutput
}

AssignmentArrayInput is an input type that accepts AssignmentArray and AssignmentArrayOutput values. You can construct a concrete instance of `AssignmentArrayInput` via:

AssignmentArray{ AssignmentArgs{...} }

type AssignmentArrayOutput

type AssignmentArrayOutput struct{ *pulumi.OutputState }

func (AssignmentArrayOutput) ElementType

func (AssignmentArrayOutput) ElementType() reflect.Type

func (AssignmentArrayOutput) Index

func (AssignmentArrayOutput) ToAssignmentArrayOutput

func (o AssignmentArrayOutput) ToAssignmentArrayOutput() AssignmentArrayOutput

func (AssignmentArrayOutput) ToAssignmentArrayOutputWithContext

func (o AssignmentArrayOutput) ToAssignmentArrayOutputWithContext(ctx context.Context) AssignmentArrayOutput

type AssignmentInput

type AssignmentInput interface {
	pulumi.Input

	ToAssignmentOutput() AssignmentOutput
	ToAssignmentOutputWithContext(ctx context.Context) AssignmentOutput
}

type AssignmentMap

type AssignmentMap map[string]AssignmentInput

func (AssignmentMap) ElementType

func (AssignmentMap) ElementType() reflect.Type

func (AssignmentMap) ToAssignmentMapOutput

func (i AssignmentMap) ToAssignmentMapOutput() AssignmentMapOutput

func (AssignmentMap) ToAssignmentMapOutputWithContext

func (i AssignmentMap) ToAssignmentMapOutputWithContext(ctx context.Context) AssignmentMapOutput

type AssignmentMapInput

type AssignmentMapInput interface {
	pulumi.Input

	ToAssignmentMapOutput() AssignmentMapOutput
	ToAssignmentMapOutputWithContext(context.Context) AssignmentMapOutput
}

AssignmentMapInput is an input type that accepts AssignmentMap and AssignmentMapOutput values. You can construct a concrete instance of `AssignmentMapInput` via:

AssignmentMap{ "key": AssignmentArgs{...} }

type AssignmentMapOutput

type AssignmentMapOutput struct{ *pulumi.OutputState }

func (AssignmentMapOutput) ElementType

func (AssignmentMapOutput) ElementType() reflect.Type

func (AssignmentMapOutput) MapIndex

func (AssignmentMapOutput) ToAssignmentMapOutput

func (o AssignmentMapOutput) ToAssignmentMapOutput() AssignmentMapOutput

func (AssignmentMapOutput) ToAssignmentMapOutputWithContext

func (o AssignmentMapOutput) ToAssignmentMapOutputWithContext(ctx context.Context) AssignmentMapOutput

type AssignmentOutput

type AssignmentOutput struct {
	*pulumi.OutputState
}

func (AssignmentOutput) ElementType

func (AssignmentOutput) ElementType() reflect.Type

func (AssignmentOutput) ToAssignmentOutput

func (o AssignmentOutput) ToAssignmentOutput() AssignmentOutput

func (AssignmentOutput) ToAssignmentOutputWithContext

func (o AssignmentOutput) ToAssignmentOutputWithContext(ctx context.Context) AssignmentOutput

func (AssignmentOutput) ToAssignmentPtrOutput

func (o AssignmentOutput) ToAssignmentPtrOutput() AssignmentPtrOutput

func (AssignmentOutput) ToAssignmentPtrOutputWithContext

func (o AssignmentOutput) ToAssignmentPtrOutputWithContext(ctx context.Context) AssignmentPtrOutput

type AssignmentPtrInput

type AssignmentPtrInput interface {
	pulumi.Input

	ToAssignmentPtrOutput() AssignmentPtrOutput
	ToAssignmentPtrOutputWithContext(ctx context.Context) AssignmentPtrOutput
}

type AssignmentPtrOutput

type AssignmentPtrOutput struct {
	*pulumi.OutputState
}

func (AssignmentPtrOutput) ElementType

func (AssignmentPtrOutput) ElementType() reflect.Type

func (AssignmentPtrOutput) ToAssignmentPtrOutput

func (o AssignmentPtrOutput) ToAssignmentPtrOutput() AssignmentPtrOutput

func (AssignmentPtrOutput) ToAssignmentPtrOutputWithContext

func (o AssignmentPtrOutput) ToAssignmentPtrOutputWithContext(ctx context.Context) AssignmentPtrOutput

type AssignmentState

type AssignmentState struct {
	// The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.
	Condition pulumi.StringPtrInput
	// The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.
	ConditionVersion pulumi.StringPtrInput
	// The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.
	DelegatedManagedIdentityResourceId pulumi.StringPtrInput
	// The description for this Role Assignment. Changing this forces a new resource to be created.
	Description pulumi.StringPtrInput
	// A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
	Name pulumi.StringPtrInput
	// The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
	PrincipalId pulumi.StringPtrInput
	// The type of the `principalId`, e.g. User, Group, Service Principal, Application, etc.
	PrincipalType pulumi.StringPtrInput
	// The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`.
	RoleDefinitionId pulumi.StringPtrInput
	// The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`.
	RoleDefinitionName pulumi.StringPtrInput
	// The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
	Scope pulumi.StringPtrInput
	// If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. If it is not a `Service Principal` identity it will cause the role assignment to fail. Defaults to `false`.
	SkipServicePrincipalAadCheck pulumi.BoolPtrInput
}

func (AssignmentState) ElementType

func (AssignmentState) ElementType() reflect.Type

type Definition deprecated

type Definition struct {
	pulumi.CustomResourceState

	// One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
	AssignableScopes pulumi.StringArrayOutput `pulumi:"assignableScopes"`
	// A description of the Role Definition.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The name of the Role Definition. Changing this forces a new resource to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// A `permissions` block as defined below.
	Permissions DefinitionPermissionArrayOutput `pulumi:"permissions"`
	// A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.
	RoleDefinitionId pulumi.StringOutput `pulumi:"roleDefinitionId"`
	// The Azure Resource Manager ID for the resource.
	RoleDefinitionResourceId pulumi.StringOutput `pulumi:"roleDefinitionResourceId"`
	// The scope at which the Role Definition applies too, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created.
	Scope pulumi.StringOutput `pulumi:"scope"`
}

Manages a custom Role Definition, used to assign Roles to Users/Principals. See ['Understand role definitions'](https://docs.microsoft.com/en-us/azure/role-based-access-control/role-definitions) in the Azure documentation for more details.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{
			Scope:       pulumi.String(primary.Id),
			Description: pulumi.String("This is a custom role created"),
			Permissions: authorization.RoleDefinitionPermissionArray{
				&authorization.RoleDefinitionPermissionArgs{
					Actions: pulumi.StringArray{
						pulumi.String("*"),
					},
					NotActions: pulumi.StringArray{},
				},
			},
			AssignableScopes: pulumi.StringArray{
				pulumi.String(primary.Id),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Role Definitions can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:role/definition:Definition example "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000|/subscriptions/00000000-0000-0000-0000-000000000000"

```

Deprecated: azure.role.Definition has been deprecated in favor of azure.authorization.RoleDefinition

func GetDefinition

func GetDefinition(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DefinitionState, opts ...pulumi.ResourceOption) (*Definition, error)

GetDefinition gets an existing Definition resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDefinition

func NewDefinition(ctx *pulumi.Context,
	name string, args *DefinitionArgs, opts ...pulumi.ResourceOption) (*Definition, error)

NewDefinition registers a new resource with the given unique name, arguments, and options.

func (*Definition) ElementType

func (*Definition) ElementType() reflect.Type

func (*Definition) ToDefinitionOutput

func (i *Definition) ToDefinitionOutput() DefinitionOutput

func (*Definition) ToDefinitionOutputWithContext

func (i *Definition) ToDefinitionOutputWithContext(ctx context.Context) DefinitionOutput

func (*Definition) ToDefinitionPtrOutput

func (i *Definition) ToDefinitionPtrOutput() DefinitionPtrOutput

func (*Definition) ToDefinitionPtrOutputWithContext

func (i *Definition) ToDefinitionPtrOutputWithContext(ctx context.Context) DefinitionPtrOutput

type DefinitionArgs

type DefinitionArgs struct {
	// One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
	AssignableScopes pulumi.StringArrayInput
	// A description of the Role Definition.
	Description pulumi.StringPtrInput
	// The name of the Role Definition. Changing this forces a new resource to be created.
	Name pulumi.StringPtrInput
	// A `permissions` block as defined below.
	Permissions DefinitionPermissionArrayInput
	// A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.
	RoleDefinitionId pulumi.StringPtrInput
	// The scope at which the Role Definition applies too, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created.
	Scope pulumi.StringInput
}

The set of arguments for constructing a Definition resource.

func (DefinitionArgs) ElementType

func (DefinitionArgs) ElementType() reflect.Type

type DefinitionArray

type DefinitionArray []DefinitionInput

func (DefinitionArray) ElementType

func (DefinitionArray) ElementType() reflect.Type

func (DefinitionArray) ToDefinitionArrayOutput

func (i DefinitionArray) ToDefinitionArrayOutput() DefinitionArrayOutput

func (DefinitionArray) ToDefinitionArrayOutputWithContext

func (i DefinitionArray) ToDefinitionArrayOutputWithContext(ctx context.Context) DefinitionArrayOutput

type DefinitionArrayInput

type DefinitionArrayInput interface {
	pulumi.Input

	ToDefinitionArrayOutput() DefinitionArrayOutput
	ToDefinitionArrayOutputWithContext(context.Context) DefinitionArrayOutput
}

DefinitionArrayInput is an input type that accepts DefinitionArray and DefinitionArrayOutput values. You can construct a concrete instance of `DefinitionArrayInput` via:

DefinitionArray{ DefinitionArgs{...} }

type DefinitionArrayOutput

type DefinitionArrayOutput struct{ *pulumi.OutputState }

func (DefinitionArrayOutput) ElementType

func (DefinitionArrayOutput) ElementType() reflect.Type

func (DefinitionArrayOutput) Index

func (DefinitionArrayOutput) ToDefinitionArrayOutput

func (o DefinitionArrayOutput) ToDefinitionArrayOutput() DefinitionArrayOutput

func (DefinitionArrayOutput) ToDefinitionArrayOutputWithContext

func (o DefinitionArrayOutput) ToDefinitionArrayOutputWithContext(ctx context.Context) DefinitionArrayOutput

type DefinitionInput

type DefinitionInput interface {
	pulumi.Input

	ToDefinitionOutput() DefinitionOutput
	ToDefinitionOutputWithContext(ctx context.Context) DefinitionOutput
}

type DefinitionMap

type DefinitionMap map[string]DefinitionInput

func (DefinitionMap) ElementType

func (DefinitionMap) ElementType() reflect.Type

func (DefinitionMap) ToDefinitionMapOutput

func (i DefinitionMap) ToDefinitionMapOutput() DefinitionMapOutput

func (DefinitionMap) ToDefinitionMapOutputWithContext

func (i DefinitionMap) ToDefinitionMapOutputWithContext(ctx context.Context) DefinitionMapOutput

type DefinitionMapInput

type DefinitionMapInput interface {
	pulumi.Input

	ToDefinitionMapOutput() DefinitionMapOutput
	ToDefinitionMapOutputWithContext(context.Context) DefinitionMapOutput
}

DefinitionMapInput is an input type that accepts DefinitionMap and DefinitionMapOutput values. You can construct a concrete instance of `DefinitionMapInput` via:

DefinitionMap{ "key": DefinitionArgs{...} }

type DefinitionMapOutput

type DefinitionMapOutput struct{ *pulumi.OutputState }

func (DefinitionMapOutput) ElementType

func (DefinitionMapOutput) ElementType() reflect.Type

func (DefinitionMapOutput) MapIndex

func (DefinitionMapOutput) ToDefinitionMapOutput

func (o DefinitionMapOutput) ToDefinitionMapOutput() DefinitionMapOutput

func (DefinitionMapOutput) ToDefinitionMapOutputWithContext

func (o DefinitionMapOutput) ToDefinitionMapOutputWithContext(ctx context.Context) DefinitionMapOutput

type DefinitionOutput

type DefinitionOutput struct {
	*pulumi.OutputState
}

func (DefinitionOutput) ElementType

func (DefinitionOutput) ElementType() reflect.Type

func (DefinitionOutput) ToDefinitionOutput

func (o DefinitionOutput) ToDefinitionOutput() DefinitionOutput

func (DefinitionOutput) ToDefinitionOutputWithContext

func (o DefinitionOutput) ToDefinitionOutputWithContext(ctx context.Context) DefinitionOutput

func (DefinitionOutput) ToDefinitionPtrOutput

func (o DefinitionOutput) ToDefinitionPtrOutput() DefinitionPtrOutput

func (DefinitionOutput) ToDefinitionPtrOutputWithContext

func (o DefinitionOutput) ToDefinitionPtrOutputWithContext(ctx context.Context) DefinitionPtrOutput

type DefinitionPermission

type DefinitionPermission struct {
	// One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.
	Actions []string `pulumi:"actions"`
	// One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.
	DataActions []string `pulumi:"dataActions"`
	// One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.
	NotActions []string `pulumi:"notActions"`
	// One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.
	NotDataActions []string `pulumi:"notDataActions"`
}

type DefinitionPermissionArgs

type DefinitionPermissionArgs struct {
	// One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.
	Actions pulumi.StringArrayInput `pulumi:"actions"`
	// One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.
	DataActions pulumi.StringArrayInput `pulumi:"dataActions"`
	// One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.
	NotActions pulumi.StringArrayInput `pulumi:"notActions"`
	// One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.
	NotDataActions pulumi.StringArrayInput `pulumi:"notDataActions"`
}

func (DefinitionPermissionArgs) ElementType

func (DefinitionPermissionArgs) ElementType() reflect.Type

func (DefinitionPermissionArgs) ToDefinitionPermissionOutput

func (i DefinitionPermissionArgs) ToDefinitionPermissionOutput() DefinitionPermissionOutput

func (DefinitionPermissionArgs) ToDefinitionPermissionOutputWithContext

func (i DefinitionPermissionArgs) ToDefinitionPermissionOutputWithContext(ctx context.Context) DefinitionPermissionOutput

type DefinitionPermissionArray

type DefinitionPermissionArray []DefinitionPermissionInput

func (DefinitionPermissionArray) ElementType

func (DefinitionPermissionArray) ElementType() reflect.Type

func (DefinitionPermissionArray) ToDefinitionPermissionArrayOutput

func (i DefinitionPermissionArray) ToDefinitionPermissionArrayOutput() DefinitionPermissionArrayOutput

func (DefinitionPermissionArray) ToDefinitionPermissionArrayOutputWithContext

func (i DefinitionPermissionArray) ToDefinitionPermissionArrayOutputWithContext(ctx context.Context) DefinitionPermissionArrayOutput

type DefinitionPermissionArrayInput

type DefinitionPermissionArrayInput interface {
	pulumi.Input

	ToDefinitionPermissionArrayOutput() DefinitionPermissionArrayOutput
	ToDefinitionPermissionArrayOutputWithContext(context.Context) DefinitionPermissionArrayOutput
}

DefinitionPermissionArrayInput is an input type that accepts DefinitionPermissionArray and DefinitionPermissionArrayOutput values. You can construct a concrete instance of `DefinitionPermissionArrayInput` via:

DefinitionPermissionArray{ DefinitionPermissionArgs{...} }

type DefinitionPermissionArrayOutput

type DefinitionPermissionArrayOutput struct{ *pulumi.OutputState }

func (DefinitionPermissionArrayOutput) ElementType

func (DefinitionPermissionArrayOutput) Index

func (DefinitionPermissionArrayOutput) ToDefinitionPermissionArrayOutput

func (o DefinitionPermissionArrayOutput) ToDefinitionPermissionArrayOutput() DefinitionPermissionArrayOutput

func (DefinitionPermissionArrayOutput) ToDefinitionPermissionArrayOutputWithContext

func (o DefinitionPermissionArrayOutput) ToDefinitionPermissionArrayOutputWithContext(ctx context.Context) DefinitionPermissionArrayOutput

type DefinitionPermissionInput

type DefinitionPermissionInput interface {
	pulumi.Input

	ToDefinitionPermissionOutput() DefinitionPermissionOutput
	ToDefinitionPermissionOutputWithContext(context.Context) DefinitionPermissionOutput
}

DefinitionPermissionInput is an input type that accepts DefinitionPermissionArgs and DefinitionPermissionOutput values. You can construct a concrete instance of `DefinitionPermissionInput` via:

DefinitionPermissionArgs{...}

type DefinitionPermissionOutput

type DefinitionPermissionOutput struct{ *pulumi.OutputState }

func (DefinitionPermissionOutput) Actions

One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.

func (DefinitionPermissionOutput) DataActions

One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.

func (DefinitionPermissionOutput) ElementType

func (DefinitionPermissionOutput) ElementType() reflect.Type

func (DefinitionPermissionOutput) NotActions

One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.

func (DefinitionPermissionOutput) NotDataActions

One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations) for details.

func (DefinitionPermissionOutput) ToDefinitionPermissionOutput

func (o DefinitionPermissionOutput) ToDefinitionPermissionOutput() DefinitionPermissionOutput

func (DefinitionPermissionOutput) ToDefinitionPermissionOutputWithContext

func (o DefinitionPermissionOutput) ToDefinitionPermissionOutputWithContext(ctx context.Context) DefinitionPermissionOutput

type DefinitionPtrInput

type DefinitionPtrInput interface {
	pulumi.Input

	ToDefinitionPtrOutput() DefinitionPtrOutput
	ToDefinitionPtrOutputWithContext(ctx context.Context) DefinitionPtrOutput
}

type DefinitionPtrOutput

type DefinitionPtrOutput struct {
	*pulumi.OutputState
}

func (DefinitionPtrOutput) ElementType

func (DefinitionPtrOutput) ElementType() reflect.Type

func (DefinitionPtrOutput) ToDefinitionPtrOutput

func (o DefinitionPtrOutput) ToDefinitionPtrOutput() DefinitionPtrOutput

func (DefinitionPtrOutput) ToDefinitionPtrOutputWithContext

func (o DefinitionPtrOutput) ToDefinitionPtrOutputWithContext(ctx context.Context) DefinitionPtrOutput

type DefinitionState

type DefinitionState struct {
	// One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
	AssignableScopes pulumi.StringArrayInput
	// A description of the Role Definition.
	Description pulumi.StringPtrInput
	// The name of the Role Definition. Changing this forces a new resource to be created.
	Name pulumi.StringPtrInput
	// A `permissions` block as defined below.
	Permissions DefinitionPermissionArrayInput
	// A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.
	RoleDefinitionId pulumi.StringPtrInput
	// The Azure Resource Manager ID for the resource.
	RoleDefinitionResourceId pulumi.StringPtrInput
	// The scope at which the Role Definition applies too, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created.
	Scope pulumi.StringPtrInput
}

func (DefinitionState) ElementType

func (DefinitionState) ElementType() reflect.Type

type GetRoleDefinitionArgs

type GetRoleDefinitionArgs struct {
	Name             *string `pulumi:"name"`
	RoleDefinitionId *string `pulumi:"roleDefinitionId"`
	Scope            *string `pulumi:"scope"`
}

A collection of arguments for invoking getRoleDefinition.

type GetRoleDefinitionPermission

type GetRoleDefinitionPermission struct {
	Actions        []string `pulumi:"actions"`
	DataActions    []string `pulumi:"dataActions"`
	NotActions     []string `pulumi:"notActions"`
	NotDataActions []string `pulumi:"notDataActions"`
}

type GetRoleDefinitionPermissionArgs

type GetRoleDefinitionPermissionArgs struct {
	Actions        pulumi.StringArrayInput `pulumi:"actions"`
	DataActions    pulumi.StringArrayInput `pulumi:"dataActions"`
	NotActions     pulumi.StringArrayInput `pulumi:"notActions"`
	NotDataActions pulumi.StringArrayInput `pulumi:"notDataActions"`
}

func (GetRoleDefinitionPermissionArgs) ElementType

func (GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutput

func (i GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput

func (GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutputWithContext

func (i GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionOutput

type GetRoleDefinitionPermissionArray

type GetRoleDefinitionPermissionArray []GetRoleDefinitionPermissionInput

func (GetRoleDefinitionPermissionArray) ElementType

func (GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutput

func (i GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput

func (GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutputWithContext

func (i GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionArrayOutput

type GetRoleDefinitionPermissionArrayInput

type GetRoleDefinitionPermissionArrayInput interface {
	pulumi.Input

	ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput
	ToGetRoleDefinitionPermissionArrayOutputWithContext(context.Context) GetRoleDefinitionPermissionArrayOutput
}

GetRoleDefinitionPermissionArrayInput is an input type that accepts GetRoleDefinitionPermissionArray and GetRoleDefinitionPermissionArrayOutput values. You can construct a concrete instance of `GetRoleDefinitionPermissionArrayInput` via:

GetRoleDefinitionPermissionArray{ GetRoleDefinitionPermissionArgs{...} }

type GetRoleDefinitionPermissionArrayOutput

type GetRoleDefinitionPermissionArrayOutput struct{ *pulumi.OutputState }

func (GetRoleDefinitionPermissionArrayOutput) ElementType

func (GetRoleDefinitionPermissionArrayOutput) Index

func (GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutput

func (o GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput

func (GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutputWithContext

func (o GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionArrayOutput

type GetRoleDefinitionPermissionInput

type GetRoleDefinitionPermissionInput interface {
	pulumi.Input

	ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput
	ToGetRoleDefinitionPermissionOutputWithContext(context.Context) GetRoleDefinitionPermissionOutput
}

GetRoleDefinitionPermissionInput is an input type that accepts GetRoleDefinitionPermissionArgs and GetRoleDefinitionPermissionOutput values. You can construct a concrete instance of `GetRoleDefinitionPermissionInput` via:

GetRoleDefinitionPermissionArgs{...}

type GetRoleDefinitionPermissionOutput

type GetRoleDefinitionPermissionOutput struct{ *pulumi.OutputState }

func (GetRoleDefinitionPermissionOutput) Actions

func (GetRoleDefinitionPermissionOutput) DataActions

func (GetRoleDefinitionPermissionOutput) ElementType

func (GetRoleDefinitionPermissionOutput) NotActions

func (GetRoleDefinitionPermissionOutput) NotDataActions

func (GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutput

func (o GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput

func (GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutputWithContext

func (o GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionOutput

type GetRoleDefinitionResult

type GetRoleDefinitionResult struct {
	AssignableScopes []string `pulumi:"assignableScopes"`
	Description      string   `pulumi:"description"`
	// The provider-assigned unique ID for this managed resource.
	Id               string                        `pulumi:"id"`
	Name             string                        `pulumi:"name"`
	Permissions      []GetRoleDefinitionPermission `pulumi:"permissions"`
	RoleDefinitionId string                        `pulumi:"roleDefinitionId"`
	Scope            *string                       `pulumi:"scope"`
	Type             string                        `pulumi:"type"`
}

A collection of values returned by getRoleDefinition.

func GetRoleDefinition deprecated

func GetRoleDefinition(ctx *pulumi.Context, args *GetRoleDefinitionArgs, opts ...pulumi.InvokeOption) (*GetRoleDefinitionResult, error)

Deprecated: azure.role.getRoleDefinition has been deprecated in favor of azure.authorization.getRoleDefinition

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL