role

package
v5.86.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 5, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Assignment deprecated 

type Assignment struct {
	pulumi.CustomResourceState

	// The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.
	Condition pulumi.StringPtrOutput `pulumi:"condition"`
	// The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.
	ConditionVersion pulumi.StringPtrOutput `pulumi:"conditionVersion"`
	// The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.
	//
	// > **NOTE:** this field is only used in cross tenant scenario.
	DelegatedManagedIdentityResourceId pulumi.StringPtrOutput `pulumi:"delegatedManagedIdentityResourceId"`
	// The description for this Role Assignment. Changing this forces a new resource to be created.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
	//
	// > **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications).
	PrincipalId pulumi.StringOutput `pulumi:"principalId"`
	// The type of the `principalId`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.
	//
	// > **NOTE:** If one of `condition` or `conditionVersion` is set both fields must be present.
	PrincipalType pulumi.StringOutput `pulumi:"principalType"`
	// The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`.
	RoleDefinitionId pulumi.StringOutput `pulumi:"roleDefinitionId"`
	// The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`.
	RoleDefinitionName pulumi.StringOutput `pulumi:"roleDefinitionName"`
	// The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
	Scope pulumi.StringOutput `pulumi:"scope"`
	// If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. Defaults to `false`.
	//
	// > **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail.
	SkipServicePrincipalAadCheck pulumi.BoolOutput `pulumi:"skipServicePrincipalAadCheck"`
}

Assigns a given Principal (User or Group) to a given Role.

## Example Usage

### Using A Built-In Role)

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		example, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
			Scope:              pulumi.String(primary.Id),
			RoleDefinitionName: pulumi.String("Reader"),
			PrincipalId:        pulumi.String(example.ObjectId),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

### Custom Role & Service Principal)

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		example, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{
			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
			Name:             pulumi.String("my-custom-role-definition"),
			Scope:            pulumi.String(primary.Id),
			Permissions: authorization.RoleDefinitionPermissionArray{
				&authorization.RoleDefinitionPermissionArgs{
					Actions: pulumi.StringArray{
						pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
					},
					NotActions: pulumi.StringArray{},
				},
			},
			AssignableScopes: pulumi.StringArray{
				pulumi.String(primary.Id),
			},
		})
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
			Name:             pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.String(primary.Id),
			RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
			PrincipalId:      pulumi.String(example.ObjectId),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

### Custom Role & User)

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		example, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{
			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
			Name:             pulumi.String("my-custom-role-definition"),
			Scope:            pulumi.String(primary.Id),
			Permissions: authorization.RoleDefinitionPermissionArray{
				&authorization.RoleDefinitionPermissionArgs{
					Actions: pulumi.StringArray{
						pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
					},
					NotActions: pulumi.StringArray{},
				},
			},
			AssignableScopes: pulumi.StringArray{
				pulumi.String(primary.Id),
			},
		})
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
			Name:             pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.String(primary.Id),
			RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
			PrincipalId:      pulumi.String(example.ObjectId),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

### Custom Role & Management Group)

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/management"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		example, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = management.LookupGroup(ctx, &management.LookupGroupArgs{
			Name: pulumi.StringRef("00000000-0000-0000-0000-000000000000"),
		}, nil)
		if err != nil {
			return err
		}
		exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{
			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
			Name:             pulumi.String("my-custom-role-definition"),
			Scope:            pulumi.String(primary.Id),
			Permissions: authorization.RoleDefinitionPermissionArray{
				&authorization.RoleDefinitionPermissionArgs{
					Actions: pulumi.StringArray{
						pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
					},
					NotActions: pulumi.StringArray{},
				},
			},
			AssignableScopes: pulumi.StringArray{
				pulumi.String(primary.Id),
			},
		})
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
			Name:             pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.Any(primaryAzurermManagementGroup.Id),
			RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
			PrincipalId:      pulumi.String(example.ObjectId),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

### ABAC Condition)

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		example, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		builtin, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
			Name: pulumi.StringRef("Reader"),
		}, nil)
		if err != nil {
			return err
		}
		invokeBasename, err := std.Basename(ctx, &std.BasenameArgs{
			Input: builtin.RoleDefinitionId,
		}, nil)
		if err != nil {
			return err
		}
		invokeBasename1, err := std.Basename(ctx, &std.BasenameArgs{
			Input: builtin.RoleDefinitionId,
		}, nil)
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
			RoleDefinitionName: pulumi.String("Role Based Access Control Administrator"),
			Scope:              pulumi.String(primary.Id),
			PrincipalId:        pulumi.String(example.ObjectId),
			PrincipalType:      pulumi.String("ServicePrincipal"),
			Description:        pulumi.String("Role Based Access Control Administrator role assignment with ABAC Condition."),
			ConditionVersion:   pulumi.String("2.0"),
			Condition: pulumi.String(fmt.Sprintf(`(
 (
  !(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})
 )
 OR
 (
  @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {%v}
 )

) AND ( 

(
 !(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})
)
OR
(
 @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {%v}
)

) `, invokeBasename.Result, invokeBasename1.Result)), 

		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Role Assignments can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:role/assignment:Assignment example /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000 ```

* for scope `Subscription`, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000`

* for scope `Resource Group`, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000`

* for scope referencing a Key Vault, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.KeyVault/vaults/vaultname/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000`

text

/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000|00000000-0000-0000-0000-000000000000

Deprecated: azure.role.Assignment has been deprecated in favor of azure.authorization.Assignment

func GetAssignment 

func GetAssignment(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AssignmentState, opts ...pulumi.ResourceOption) (*Assignment, error)

GetAssignment gets an existing Assignment resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAssignment 

func NewAssignment(ctx *pulumi.Context,
	name string, args *AssignmentArgs, opts ...pulumi.ResourceOption) (*Assignment, error)

NewAssignment registers a new resource with the given unique name, arguments, and options.

func (*Assignment) ElementType 

func (*Assignment) ElementType() reflect.Type

func (*Assignment) ToAssignmentOutput 

func (i *Assignment) ToAssignmentOutput() AssignmentOutput

func (*Assignment) ToAssignmentOutputWithContext 

func (i *Assignment) ToAssignmentOutputWithContext(ctx context.Context) AssignmentOutput

type AssignmentArgs 

type AssignmentArgs struct {
	// The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.
	Condition pulumi.StringPtrInput
	// The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.
	ConditionVersion pulumi.StringPtrInput
	// The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.
	//
	// > **NOTE:** this field is only used in cross tenant scenario.
	DelegatedManagedIdentityResourceId pulumi.StringPtrInput
	// The description for this Role Assignment. Changing this forces a new resource to be created.
	Description pulumi.StringPtrInput
	// A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
	Name pulumi.StringPtrInput
	// The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
	//
	// > **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications).
	PrincipalId pulumi.StringInput
	// The type of the `principalId`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.
	//
	// > **NOTE:** If one of `condition` or `conditionVersion` is set both fields must be present.
	PrincipalType pulumi.StringPtrInput
	// The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`.
	RoleDefinitionId pulumi.StringPtrInput
	// The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`.
	RoleDefinitionName pulumi.StringPtrInput
	// The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
	Scope pulumi.StringInput
	// If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. Defaults to `false`.
	//
	// > **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail.
	SkipServicePrincipalAadCheck pulumi.BoolPtrInput
}

The set of arguments for constructing a Assignment resource.

func (AssignmentArgs) ElementType 

func (AssignmentArgs) ElementType() reflect.Type

type AssignmentArray 

type AssignmentArray []AssignmentInput

func (AssignmentArray) ElementType 

func (AssignmentArray) ElementType() reflect.Type

func (AssignmentArray) ToAssignmentArrayOutput 

func (i AssignmentArray) ToAssignmentArrayOutput() AssignmentArrayOutput

func (AssignmentArray) ToAssignmentArrayOutputWithContext 

func (i AssignmentArray) ToAssignmentArrayOutputWithContext(ctx context.Context) AssignmentArrayOutput

type AssignmentArrayInput 

type AssignmentArrayInput interface {
	pulumi.Input

	ToAssignmentArrayOutput() AssignmentArrayOutput
	ToAssignmentArrayOutputWithContext(context.Context) AssignmentArrayOutput
}

AssignmentArrayInput is an input type that accepts AssignmentArray and AssignmentArrayOutput values. You can construct a concrete instance of `AssignmentArrayInput` via: 

AssignmentArray{ AssignmentArgs{...} }

type AssignmentArrayOutput 

type AssignmentArrayOutput struct{ *pulumi.OutputState }

func (AssignmentArrayOutput) ElementType 

func (AssignmentArrayOutput) ElementType() reflect.Type

func (AssignmentArrayOutput) Index 

func (o AssignmentArrayOutput) Index(i pulumi.IntInput) AssignmentOutput

func (AssignmentArrayOutput) ToAssignmentArrayOutput 

func (o AssignmentArrayOutput) ToAssignmentArrayOutput() AssignmentArrayOutput

func (AssignmentArrayOutput) ToAssignmentArrayOutputWithContext 

func (o AssignmentArrayOutput) ToAssignmentArrayOutputWithContext(ctx context.Context) AssignmentArrayOutput

type AssignmentInput 

type AssignmentInput interface {
	pulumi.Input

	ToAssignmentOutput() AssignmentOutput
	ToAssignmentOutputWithContext(ctx context.Context) AssignmentOutput
}

type AssignmentMap 

type AssignmentMap map[string]AssignmentInput

func (AssignmentMap) ElementType 

func (AssignmentMap) ElementType() reflect.Type

func (AssignmentMap) ToAssignmentMapOutput 

func (i AssignmentMap) ToAssignmentMapOutput() AssignmentMapOutput

func (AssignmentMap) ToAssignmentMapOutputWithContext 

func (i AssignmentMap) ToAssignmentMapOutputWithContext(ctx context.Context) AssignmentMapOutput

type AssignmentMapInput 

type AssignmentMapInput interface {
	pulumi.Input

	ToAssignmentMapOutput() AssignmentMapOutput
	ToAssignmentMapOutputWithContext(context.Context) AssignmentMapOutput
}

AssignmentMapInput is an input type that accepts AssignmentMap and AssignmentMapOutput values. You can construct a concrete instance of `AssignmentMapInput` via: 

AssignmentMap{ "key": AssignmentArgs{...} }

type AssignmentMapOutput 

type AssignmentMapOutput struct{ *pulumi.OutputState }

func (AssignmentMapOutput) ElementType 

func (AssignmentMapOutput) ElementType() reflect.Type

func (AssignmentMapOutput) MapIndex 

func (o AssignmentMapOutput) MapIndex(k pulumi.StringInput) AssignmentOutput

func (AssignmentMapOutput) ToAssignmentMapOutput 

func (o AssignmentMapOutput) ToAssignmentMapOutput() AssignmentMapOutput

func (AssignmentMapOutput) ToAssignmentMapOutputWithContext 

func (o AssignmentMapOutput) ToAssignmentMapOutputWithContext(ctx context.Context) AssignmentMapOutput

type AssignmentOutput 

type AssignmentOutput struct{ *pulumi.OutputState }

func (AssignmentOutput) Condition added in v5.5.0 

func (o AssignmentOutput) Condition() pulumi.StringPtrOutput

The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.

func (AssignmentOutput) ConditionVersion added in v5.5.0 

func (o AssignmentOutput) ConditionVersion() pulumi.StringPtrOutput

The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.

func (AssignmentOutput) DelegatedManagedIdentityResourceId added in v5.5.0 

func (o AssignmentOutput) DelegatedManagedIdentityResourceId() pulumi.StringPtrOutput

The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.

> **NOTE:** this field is only used in cross tenant scenario.

func (AssignmentOutput) Description added in v5.5.0 

func (o AssignmentOutput) Description() pulumi.StringPtrOutput

The description for this Role Assignment. Changing this forces a new resource to be created.

func (AssignmentOutput) ElementType 

func (AssignmentOutput) ElementType() reflect.Type

func (AssignmentOutput) Name added in v5.5.0 

func (o AssignmentOutput) Name() pulumi.StringOutput

A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.

func (AssignmentOutput) PrincipalId added in v5.5.0 

func (o AssignmentOutput) PrincipalId() pulumi.StringOutput

The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.

> **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications).

func (AssignmentOutput) PrincipalType added in v5.5.0 

func (o AssignmentOutput) PrincipalType() pulumi.StringOutput

The type of the `principalId`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.

> **NOTE:** If one of `condition` or `conditionVersion` is set both fields must be present.

func (AssignmentOutput) RoleDefinitionId added in v5.5.0 

func (o AssignmentOutput) RoleDefinitionId() pulumi.StringOutput

The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`.

func (AssignmentOutput) RoleDefinitionName added in v5.5.0 

func (o AssignmentOutput) RoleDefinitionName() pulumi.StringOutput

The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`.

func (AssignmentOutput) Scope added in v5.5.0 

func (o AssignmentOutput) Scope() pulumi.StringOutput

The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.

func (AssignmentOutput) SkipServicePrincipalAadCheck added in v5.5.0 

func (o AssignmentOutput) SkipServicePrincipalAadCheck() pulumi.BoolOutput

If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. Defaults to `false`.

> **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail.

func (AssignmentOutput) ToAssignmentOutput 

func (o AssignmentOutput) ToAssignmentOutput() AssignmentOutput

func (AssignmentOutput) ToAssignmentOutputWithContext 

func (o AssignmentOutput) ToAssignmentOutputWithContext(ctx context.Context) AssignmentOutput

type AssignmentState 

type AssignmentState struct {
	// The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.
	Condition pulumi.StringPtrInput
	// The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.
	ConditionVersion pulumi.StringPtrInput
	// The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.
	//
	// > **NOTE:** this field is only used in cross tenant scenario.
	DelegatedManagedIdentityResourceId pulumi.StringPtrInput
	// The description for this Role Assignment. Changing this forces a new resource to be created.
	Description pulumi.StringPtrInput
	// A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
	Name pulumi.StringPtrInput
	// The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
	//
	// > **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications).
	PrincipalId pulumi.StringPtrInput
	// The type of the `principalId`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.
	//
	// > **NOTE:** If one of `condition` or `conditionVersion` is set both fields must be present.
	PrincipalType pulumi.StringPtrInput
	// The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`.
	RoleDefinitionId pulumi.StringPtrInput
	// The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`.
	RoleDefinitionName pulumi.StringPtrInput
	// The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
	Scope pulumi.StringPtrInput
	// If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. Defaults to `false`.
	//
	// > **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail.
	SkipServicePrincipalAadCheck pulumi.BoolPtrInput
}

func (AssignmentState) ElementType 

func (AssignmentState) ElementType() reflect.Type

type Definition deprecated 

type Definition struct {
	pulumi.CustomResourceState

	// One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
	//
	// > **NOTE:** The value for `scope` is automatically included in this list if no other values supplied.
	AssignableScopes pulumi.StringArrayOutput `pulumi:"assignableScopes"`
	// A description of the Role Definition.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The name of the Role Definition.
	Name pulumi.StringOutput `pulumi:"name"`
	// A `permissions` block as defined below.
	Permissions DefinitionPermissionArrayOutput `pulumi:"permissions"`
	// A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.
	RoleDefinitionId pulumi.StringOutput `pulumi:"roleDefinitionId"`
	// The Azure Resource Manager ID for the resource.
	RoleDefinitionResourceId pulumi.StringOutput `pulumi:"roleDefinitionResourceId"`
	// The scope at which the Role Definition applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created.
	Scope pulumi.StringOutput `pulumi:"scope"`
}

Manages a custom Role Definition, used to assign Roles to Users/Principals. See ['Understand role definitions'](https://docs.microsoft.com/azure/role-based-access-control/role-definitions) in the Azure documentation for more details.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{
			Name:        pulumi.String("my-custom-role"),
			Scope:       pulumi.String(primary.Id),
			Description: pulumi.String("This is a custom role created"),
			Permissions: authorization.RoleDefinitionPermissionArray{
				&authorization.RoleDefinitionPermissionArgs{
					Actions: pulumi.StringArray{
						pulumi.String("*"),
					},
					NotActions: pulumi.StringArray{},
				},
			},
			AssignableScopes: pulumi.StringArray{
				pulumi.String(primary.Id),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Role Definitions can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:role/definition:Definition example "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000|/subscriptions/00000000-0000-0000-0000-000000000000" ```

Deprecated: azure.role.Definition has been deprecated in favor of azure.authorization.RoleDefinition

func GetDefinition 

func GetDefinition(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DefinitionState, opts ...pulumi.ResourceOption) (*Definition, error)

GetDefinition gets an existing Definition resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDefinition 

func NewDefinition(ctx *pulumi.Context,
	name string, args *DefinitionArgs, opts ...pulumi.ResourceOption) (*Definition, error)

NewDefinition registers a new resource with the given unique name, arguments, and options.

func (*Definition) ElementType 

func (*Definition) ElementType() reflect.Type

func (*Definition) ToDefinitionOutput 

func (i *Definition) ToDefinitionOutput() DefinitionOutput

func (*Definition) ToDefinitionOutputWithContext 

func (i *Definition) ToDefinitionOutputWithContext(ctx context.Context) DefinitionOutput

type DefinitionArgs 

type DefinitionArgs struct {
	// One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
	//
	// > **NOTE:** The value for `scope` is automatically included in this list if no other values supplied.
	AssignableScopes pulumi.StringArrayInput
	// A description of the Role Definition.
	Description pulumi.StringPtrInput
	// The name of the Role Definition.
	Name pulumi.StringPtrInput
	// A `permissions` block as defined below.
	Permissions DefinitionPermissionArrayInput
	// A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.
	RoleDefinitionId pulumi.StringPtrInput
	// The scope at which the Role Definition applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created.
	Scope pulumi.StringInput
}

The set of arguments for constructing a Definition resource.

func (DefinitionArgs) ElementType 

func (DefinitionArgs) ElementType() reflect.Type

type DefinitionArray 

type DefinitionArray []DefinitionInput

func (DefinitionArray) ElementType 

func (DefinitionArray) ElementType() reflect.Type

func (DefinitionArray) ToDefinitionArrayOutput 

func (i DefinitionArray) ToDefinitionArrayOutput() DefinitionArrayOutput

func (DefinitionArray) ToDefinitionArrayOutputWithContext 

func (i DefinitionArray) ToDefinitionArrayOutputWithContext(ctx context.Context) DefinitionArrayOutput

type DefinitionArrayInput 

type DefinitionArrayInput interface {
	pulumi.Input

	ToDefinitionArrayOutput() DefinitionArrayOutput
	ToDefinitionArrayOutputWithContext(context.Context) DefinitionArrayOutput
}

DefinitionArrayInput is an input type that accepts DefinitionArray and DefinitionArrayOutput values. You can construct a concrete instance of `DefinitionArrayInput` via: 

DefinitionArray{ DefinitionArgs{...} }

type DefinitionArrayOutput 

type DefinitionArrayOutput struct{ *pulumi.OutputState }

func (DefinitionArrayOutput) ElementType 

func (DefinitionArrayOutput) ElementType() reflect.Type

func (DefinitionArrayOutput) Index 

func (o DefinitionArrayOutput) Index(i pulumi.IntInput) DefinitionOutput

func (DefinitionArrayOutput) ToDefinitionArrayOutput 

func (o DefinitionArrayOutput) ToDefinitionArrayOutput() DefinitionArrayOutput

func (DefinitionArrayOutput) ToDefinitionArrayOutputWithContext 

func (o DefinitionArrayOutput) ToDefinitionArrayOutputWithContext(ctx context.Context) DefinitionArrayOutput

type DefinitionInput 

type DefinitionInput interface {
	pulumi.Input

	ToDefinitionOutput() DefinitionOutput
	ToDefinitionOutputWithContext(ctx context.Context) DefinitionOutput
}

type DefinitionMap 

type DefinitionMap map[string]DefinitionInput

func (DefinitionMap) ElementType 

func (DefinitionMap) ElementType() reflect.Type

func (DefinitionMap) ToDefinitionMapOutput 

func (i DefinitionMap) ToDefinitionMapOutput() DefinitionMapOutput

func (DefinitionMap) ToDefinitionMapOutputWithContext 

func (i DefinitionMap) ToDefinitionMapOutputWithContext(ctx context.Context) DefinitionMapOutput

type DefinitionMapInput 

type DefinitionMapInput interface {
	pulumi.Input

	ToDefinitionMapOutput() DefinitionMapOutput
	ToDefinitionMapOutputWithContext(context.Context) DefinitionMapOutput
}

DefinitionMapInput is an input type that accepts DefinitionMap and DefinitionMapOutput values. You can construct a concrete instance of `DefinitionMapInput` via: 

DefinitionMap{ "key": DefinitionArgs{...} }

type DefinitionMapOutput 

type DefinitionMapOutput struct{ *pulumi.OutputState }

func (DefinitionMapOutput) ElementType 

func (DefinitionMapOutput) ElementType() reflect.Type

func (DefinitionMapOutput) MapIndex 

func (o DefinitionMapOutput) MapIndex(k pulumi.StringInput) DefinitionOutput

func (DefinitionMapOutput) ToDefinitionMapOutput 

func (o DefinitionMapOutput) ToDefinitionMapOutput() DefinitionMapOutput

func (DefinitionMapOutput) ToDefinitionMapOutputWithContext 

func (o DefinitionMapOutput) ToDefinitionMapOutputWithContext(ctx context.Context) DefinitionMapOutput

type DefinitionOutput 

type DefinitionOutput struct{ *pulumi.OutputState }

func (DefinitionOutput) AssignableScopes added in v5.5.0 

func (o DefinitionOutput) AssignableScopes() pulumi.StringArrayOutput

One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.

> **NOTE:** The value for `scope` is automatically included in this list if no other values supplied.

func (DefinitionOutput) Description added in v5.5.0 

func (o DefinitionOutput) Description() pulumi.StringPtrOutput

A description of the Role Definition.

func (DefinitionOutput) ElementType 

func (DefinitionOutput) ElementType() reflect.Type

func (DefinitionOutput) Name added in v5.5.0 

func (o DefinitionOutput) Name() pulumi.StringOutput

The name of the Role Definition.

func (DefinitionOutput) Permissions added in v5.5.0 

func (o DefinitionOutput) Permissions() DefinitionPermissionArrayOutput

A `permissions` block as defined below.

func (DefinitionOutput) RoleDefinitionId added in v5.5.0 

func (o DefinitionOutput) RoleDefinitionId() pulumi.StringOutput

A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.

func (DefinitionOutput) RoleDefinitionResourceId added in v5.5.0 

func (o DefinitionOutput) RoleDefinitionResourceId() pulumi.StringOutput

The Azure Resource Manager ID for the resource.

func (DefinitionOutput) Scope added in v5.5.0 

func (o DefinitionOutput) Scope() pulumi.StringOutput

The scope at which the Role Definition applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created.

func (DefinitionOutput) ToDefinitionOutput 

func (o DefinitionOutput) ToDefinitionOutput() DefinitionOutput

func (DefinitionOutput) ToDefinitionOutputWithContext 

func (o DefinitionOutput) ToDefinitionOutputWithContext(ctx context.Context) DefinitionOutput

type DefinitionPermission 

type DefinitionPermission struct {
	// One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
	Actions []string `pulumi:"actions"`
	// One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
	DataActions []string `pulumi:"dataActions"`
	// One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
	NotActions []string `pulumi:"notActions"`
	// One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
	NotDataActions []string `pulumi:"notDataActions"`
}

type DefinitionPermissionArgs 

type DefinitionPermissionArgs struct {
	// One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
	Actions pulumi.StringArrayInput `pulumi:"actions"`
	// One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
	DataActions pulumi.StringArrayInput `pulumi:"dataActions"`
	// One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
	NotActions pulumi.StringArrayInput `pulumi:"notActions"`
	// One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
	NotDataActions pulumi.StringArrayInput `pulumi:"notDataActions"`
}

func (DefinitionPermissionArgs) ElementType 

func (DefinitionPermissionArgs) ElementType() reflect.Type

func (DefinitionPermissionArgs) ToDefinitionPermissionOutput 

func (i DefinitionPermissionArgs) ToDefinitionPermissionOutput() DefinitionPermissionOutput

func (DefinitionPermissionArgs) ToDefinitionPermissionOutputWithContext 

func (i DefinitionPermissionArgs) ToDefinitionPermissionOutputWithContext(ctx context.Context) DefinitionPermissionOutput

type DefinitionPermissionArray 

type DefinitionPermissionArray []DefinitionPermissionInput

func (DefinitionPermissionArray) ElementType 

func (DefinitionPermissionArray) ElementType() reflect.Type

func (DefinitionPermissionArray) ToDefinitionPermissionArrayOutput 

func (i DefinitionPermissionArray) ToDefinitionPermissionArrayOutput() DefinitionPermissionArrayOutput

func (DefinitionPermissionArray) ToDefinitionPermissionArrayOutputWithContext 

func (i DefinitionPermissionArray) ToDefinitionPermissionArrayOutputWithContext(ctx context.Context) DefinitionPermissionArrayOutput

type DefinitionPermissionArrayInput 

type DefinitionPermissionArrayInput interface {
	pulumi.Input

	ToDefinitionPermissionArrayOutput() DefinitionPermissionArrayOutput
	ToDefinitionPermissionArrayOutputWithContext(context.Context) DefinitionPermissionArrayOutput
}

DefinitionPermissionArrayInput is an input type that accepts DefinitionPermissionArray and DefinitionPermissionArrayOutput values. You can construct a concrete instance of `DefinitionPermissionArrayInput` via: 

DefinitionPermissionArray{ DefinitionPermissionArgs{...} }

type DefinitionPermissionArrayOutput 

type DefinitionPermissionArrayOutput struct{ *pulumi.OutputState }

func (DefinitionPermissionArrayOutput) ElementType 

func (DefinitionPermissionArrayOutput) ElementType() reflect.Type

func (DefinitionPermissionArrayOutput) Index 

func (o DefinitionPermissionArrayOutput) Index(i pulumi.IntInput) DefinitionPermissionOutput

func (DefinitionPermissionArrayOutput) ToDefinitionPermissionArrayOutput 

func (o DefinitionPermissionArrayOutput) ToDefinitionPermissionArrayOutput() DefinitionPermissionArrayOutput

func (DefinitionPermissionArrayOutput) ToDefinitionPermissionArrayOutputWithContext 

func (o DefinitionPermissionArrayOutput) ToDefinitionPermissionArrayOutputWithContext(ctx context.Context) DefinitionPermissionArrayOutput

type DefinitionPermissionInput 

type DefinitionPermissionInput interface {
	pulumi.Input

	ToDefinitionPermissionOutput() DefinitionPermissionOutput
	ToDefinitionPermissionOutputWithContext(context.Context) DefinitionPermissionOutput
}

DefinitionPermissionInput is an input type that accepts DefinitionPermissionArgs and DefinitionPermissionOutput values. You can construct a concrete instance of `DefinitionPermissionInput` via: 

DefinitionPermissionArgs{...}

type DefinitionPermissionOutput 

type DefinitionPermissionOutput struct{ *pulumi.OutputState }

func (DefinitionPermissionOutput) Actions 

func (o DefinitionPermissionOutput) Actions() pulumi.StringArrayOutput

One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.

func (DefinitionPermissionOutput) DataActions 

func (o DefinitionPermissionOutput) DataActions() pulumi.StringArrayOutput

One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.

func (DefinitionPermissionOutput) ElementType 

func (DefinitionPermissionOutput) ElementType() reflect.Type

func (DefinitionPermissionOutput) NotActions 

func (o DefinitionPermissionOutput) NotActions() pulumi.StringArrayOutput

One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.

func (DefinitionPermissionOutput) NotDataActions 

func (o DefinitionPermissionOutput) NotDataActions() pulumi.StringArrayOutput

One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.

func (DefinitionPermissionOutput) ToDefinitionPermissionOutput 

func (o DefinitionPermissionOutput) ToDefinitionPermissionOutput() DefinitionPermissionOutput

func (DefinitionPermissionOutput) ToDefinitionPermissionOutputWithContext 

func (o DefinitionPermissionOutput) ToDefinitionPermissionOutputWithContext(ctx context.Context) DefinitionPermissionOutput

type DefinitionState 

type DefinitionState struct {
	// One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
	//
	// > **NOTE:** The value for `scope` is automatically included in this list if no other values supplied.
	AssignableScopes pulumi.StringArrayInput
	// A description of the Role Definition.
	Description pulumi.StringPtrInput
	// The name of the Role Definition.
	Name pulumi.StringPtrInput
	// A `permissions` block as defined below.
	Permissions DefinitionPermissionArrayInput
	// A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.
	RoleDefinitionId pulumi.StringPtrInput
	// The Azure Resource Manager ID for the resource.
	RoleDefinitionResourceId pulumi.StringPtrInput
	// The scope at which the Role Definition applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created.
	Scope pulumi.StringPtrInput
}

func (DefinitionState) ElementType 

func (DefinitionState) ElementType() reflect.Type

type GetRoleDefinitionArgs 

type GetRoleDefinitionArgs struct {
	// Specifies the Name of either a built-in or custom Role Definition.
	//
	// > You can also use this for built-in roles such as `Contributor`, `Owner`, `Reader` and `Virtual Machine Contributor`
	Name *string `pulumi:"name"`
	// Specifies the ID of the Role Definition as a UUID/GUID.
	RoleDefinitionId *string `pulumi:"roleDefinitionId"`
	// Specifies the Scope at which the Custom Role Definition exists.
	//
	// > **Note:** One of `name` or `roleDefinitionId` must be specified.
	Scope *string `pulumi:"scope"`
}

A collection of arguments for invoking getRoleDefinition.

type GetRoleDefinitionOutputArgs 

type GetRoleDefinitionOutputArgs struct {
	// Specifies the Name of either a built-in or custom Role Definition.
	//
	// > You can also use this for built-in roles such as `Contributor`, `Owner`, `Reader` and `Virtual Machine Contributor`
	Name pulumi.StringPtrInput `pulumi:"name"`
	// Specifies the ID of the Role Definition as a UUID/GUID.
	RoleDefinitionId pulumi.StringPtrInput `pulumi:"roleDefinitionId"`
	// Specifies the Scope at which the Custom Role Definition exists.
	//
	// > **Note:** One of `name` or `roleDefinitionId` must be specified.
	Scope pulumi.StringPtrInput `pulumi:"scope"`
}

A collection of arguments for invoking getRoleDefinition.

func (GetRoleDefinitionOutputArgs) ElementType 

func (GetRoleDefinitionOutputArgs) ElementType() reflect.Type

type GetRoleDefinitionPermission 

type GetRoleDefinitionPermission struct {
	// A list of actions supported by this role.
	Actions []string `pulumi:"actions"`
	// The conditions on this role definition, which limits the resources it can be assigned to.
	Condition string `pulumi:"condition"`
	// The version of the condition.
	ConditionVersion string `pulumi:"conditionVersion"`
	// A list of data actions allowed by this role.
	DataActions []string `pulumi:"dataActions"`
	// A list of actions which are denied by this role.
	NotActions []string `pulumi:"notActions"`
	// A list of data actions which are denied by this role.
	NotDataActions []string `pulumi:"notDataActions"`
}

type GetRoleDefinitionPermissionArgs 

type GetRoleDefinitionPermissionArgs struct {
	// A list of actions supported by this role.
	Actions pulumi.StringArrayInput `pulumi:"actions"`
	// The conditions on this role definition, which limits the resources it can be assigned to.
	Condition pulumi.StringInput `pulumi:"condition"`
	// The version of the condition.
	ConditionVersion pulumi.StringInput `pulumi:"conditionVersion"`
	// A list of data actions allowed by this role.
	DataActions pulumi.StringArrayInput `pulumi:"dataActions"`
	// A list of actions which are denied by this role.
	NotActions pulumi.StringArrayInput `pulumi:"notActions"`
	// A list of data actions which are denied by this role.
	NotDataActions pulumi.StringArrayInput `pulumi:"notDataActions"`
}

func (GetRoleDefinitionPermissionArgs) ElementType 

func (GetRoleDefinitionPermissionArgs) ElementType() reflect.Type

func (GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutput 

func (i GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput

func (GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutputWithContext 

func (i GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionOutput

type GetRoleDefinitionPermissionArray 

type GetRoleDefinitionPermissionArray []GetRoleDefinitionPermissionInput

func (GetRoleDefinitionPermissionArray) ElementType 

func (GetRoleDefinitionPermissionArray) ElementType() reflect.Type

func (GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutput 

func (i GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput

func (GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutputWithContext 

func (i GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionArrayOutput

type GetRoleDefinitionPermissionArrayInput 

type GetRoleDefinitionPermissionArrayInput interface {
	pulumi.Input

	ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput
	ToGetRoleDefinitionPermissionArrayOutputWithContext(context.Context) GetRoleDefinitionPermissionArrayOutput
}

GetRoleDefinitionPermissionArrayInput is an input type that accepts GetRoleDefinitionPermissionArray and GetRoleDefinitionPermissionArrayOutput values. You can construct a concrete instance of `GetRoleDefinitionPermissionArrayInput` via: 

GetRoleDefinitionPermissionArray{ GetRoleDefinitionPermissionArgs{...} }

type GetRoleDefinitionPermissionArrayOutput 

type GetRoleDefinitionPermissionArrayOutput struct{ *pulumi.OutputState }

func (GetRoleDefinitionPermissionArrayOutput) ElementType 

func (GetRoleDefinitionPermissionArrayOutput) ElementType() reflect.Type

func (GetRoleDefinitionPermissionArrayOutput) Index 

func (o GetRoleDefinitionPermissionArrayOutput) Index(i pulumi.IntInput) GetRoleDefinitionPermissionOutput

func (GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutput 

func (o GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput

func (GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutputWithContext 

func (o GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionArrayOutput

type GetRoleDefinitionPermissionInput 

type GetRoleDefinitionPermissionInput interface {
	pulumi.Input

	ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput
	ToGetRoleDefinitionPermissionOutputWithContext(context.Context) GetRoleDefinitionPermissionOutput
}

GetRoleDefinitionPermissionInput is an input type that accepts GetRoleDefinitionPermissionArgs and GetRoleDefinitionPermissionOutput values. You can construct a concrete instance of `GetRoleDefinitionPermissionInput` via: 

GetRoleDefinitionPermissionArgs{...}

type GetRoleDefinitionPermissionOutput 

type GetRoleDefinitionPermissionOutput struct{ *pulumi.OutputState }

func (GetRoleDefinitionPermissionOutput) Actions 

func (o GetRoleDefinitionPermissionOutput) Actions() pulumi.StringArrayOutput

A list of actions supported by this role.

func (GetRoleDefinitionPermissionOutput) Condition added in v5.69.0 

func (o GetRoleDefinitionPermissionOutput) Condition() pulumi.StringOutput

The conditions on this role definition, which limits the resources it can be assigned to.

func (GetRoleDefinitionPermissionOutput) ConditionVersion added in v5.69.0 

func (o GetRoleDefinitionPermissionOutput) ConditionVersion() pulumi.StringOutput

The version of the condition.

func (GetRoleDefinitionPermissionOutput) DataActions 

func (o GetRoleDefinitionPermissionOutput) DataActions() pulumi.StringArrayOutput

A list of data actions allowed by this role.

func (GetRoleDefinitionPermissionOutput) ElementType 

func (GetRoleDefinitionPermissionOutput) ElementType() reflect.Type

func (GetRoleDefinitionPermissionOutput) NotActions 

func (o GetRoleDefinitionPermissionOutput) NotActions() pulumi.StringArrayOutput

A list of actions which are denied by this role.

func (GetRoleDefinitionPermissionOutput) NotDataActions 

func (o GetRoleDefinitionPermissionOutput) NotDataActions() pulumi.StringArrayOutput

A list of data actions which are denied by this role.

func (GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutput 

func (o GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput

func (GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutputWithContext 

func (o GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionOutput

type GetRoleDefinitionResult 

type GetRoleDefinitionResult struct {
	// One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
	AssignableScopes []string `pulumi:"assignableScopes"`
	// The Description of the built-in Role.
	Description string `pulumi:"description"`
	// The provider-assigned unique ID for this managed resource.
	Id   string `pulumi:"id"`
	Name string `pulumi:"name"`
	// A `permissions` block as documented below.
	Permissions      []GetRoleDefinitionPermission `pulumi:"permissions"`
	RoleDefinitionId string                        `pulumi:"roleDefinitionId"`
	Scope            *string                       `pulumi:"scope"`
	// The Type of the Role.
	Type string `pulumi:"type"`
}

A collection of values returned by getRoleDefinition.

func GetRoleDefinition deprecated 

func GetRoleDefinition(ctx *pulumi.Context, args *GetRoleDefinitionArgs, opts ...pulumi.InvokeOption) (*GetRoleDefinitionResult, error)

Use this data source to access information about an existing Role Definition.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		customRoleDefinition, err := authorization.NewRoleDefinition(ctx, "custom", &authorization.RoleDefinitionArgs{
			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
			Name:             pulumi.String("CustomRoleDef"),
			Scope:            pulumi.String(primary.Id),
		})
		if err != nil {
			return err
		}
		custom := customRoleDefinition.RoleDefinitionId.ApplyT(func(roleDefinitionId string) (authorization.GetRoleDefinitionResult, error) {
			return authorization.GetRoleDefinitionResult(interface{}(authorization.LookupRoleDefinitionOutput(ctx, authorization.GetRoleDefinitionOutputArgs{
				RoleDefinitionId: roleDefinitionId,
				Scope:            primary.Id,
			}, nil))), nil
		}).(authorization.GetRoleDefinitionResultOutput)
		_ = customRoleDefinition.Name.ApplyT(func(name string) (authorization.GetRoleDefinitionResult, error) {
			return authorization.GetRoleDefinitionResult(interface{}(authorization.LookupRoleDefinitionOutput(ctx, authorization.GetRoleDefinitionOutputArgs{
				Name:  name,
				Scope: primary.Id,
			}, nil))), nil
		}).(authorization.GetRoleDefinitionResultOutput)
		builtin, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
			Name: pulumi.StringRef("Contributor"),
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("customRoleDefinitionId", custom.ApplyT(func(custom authorization.GetRoleDefinitionResult) (*string, error) {
			return &custom.Id, nil
		}).(pulumi.StringPtrOutput))
		ctx.Export("contributorRoleDefinitionId", builtin.Id)
		return nil
	})
}

```

Deprecated: azure.role.getRoleDefinition has been deprecated in favor of azure.authorization.getRoleDefinition

type GetRoleDefinitionResultOutput 

type GetRoleDefinitionResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getRoleDefinition.

func GetRoleDefinitionOutput 

func GetRoleDefinitionOutput(ctx *pulumi.Context, args GetRoleDefinitionOutputArgs, opts ...pulumi.InvokeOption) GetRoleDefinitionResultOutput

func (GetRoleDefinitionResultOutput) AssignableScopes 

func (o GetRoleDefinitionResultOutput) AssignableScopes() pulumi.StringArrayOutput

One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.

func (GetRoleDefinitionResultOutput) Description 

func (o GetRoleDefinitionResultOutput) Description() pulumi.StringOutput

The Description of the built-in Role.

func (GetRoleDefinitionResultOutput) ElementType 

func (GetRoleDefinitionResultOutput) ElementType() reflect.Type

func (GetRoleDefinitionResultOutput) Id 

func (o GetRoleDefinitionResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetRoleDefinitionResultOutput) Name 

func (o GetRoleDefinitionResultOutput) Name() pulumi.StringOutput

func (GetRoleDefinitionResultOutput) Permissions 

func (o GetRoleDefinitionResultOutput) Permissions() GetRoleDefinitionPermissionArrayOutput

A `permissions` block as documented below.

func (GetRoleDefinitionResultOutput) RoleDefinitionId 

func (o GetRoleDefinitionResultOutput) RoleDefinitionId() pulumi.StringOutput

func (GetRoleDefinitionResultOutput) Scope 

func (o GetRoleDefinitionResultOutput) Scope() pulumi.StringPtrOutput

func (GetRoleDefinitionResultOutput) ToGetRoleDefinitionResultOutput 

func (o GetRoleDefinitionResultOutput) ToGetRoleDefinitionResultOutput() GetRoleDefinitionResultOutput

func (GetRoleDefinitionResultOutput) ToGetRoleDefinitionResultOutputWithContext 

func (o GetRoleDefinitionResultOutput) ToGetRoleDefinitionResultOutputWithContext(ctx context.Context) GetRoleDefinitionResultOutput

func (GetRoleDefinitionResultOutput) Type 

func (o GetRoleDefinitionResultOutput) Type() pulumi.StringOutput

The Type of the Role.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.