Documentation ¶
Index ¶
- type Assignment
- type AssignmentArgs
- type AssignmentArray
- type AssignmentArrayInput
- type AssignmentArrayOutput
- func (AssignmentArrayOutput) ElementType() reflect.Type
- func (o AssignmentArrayOutput) Index(i pulumi.IntInput) AssignmentOutput
- func (o AssignmentArrayOutput) ToAssignmentArrayOutput() AssignmentArrayOutput
- func (o AssignmentArrayOutput) ToAssignmentArrayOutputWithContext(ctx context.Context) AssignmentArrayOutput
- type AssignmentInput
- type AssignmentMap
- type AssignmentMapInput
- type AssignmentMapOutput
- func (AssignmentMapOutput) ElementType() reflect.Type
- func (o AssignmentMapOutput) MapIndex(k pulumi.StringInput) AssignmentOutput
- func (o AssignmentMapOutput) ToAssignmentMapOutput() AssignmentMapOutput
- func (o AssignmentMapOutput) ToAssignmentMapOutputWithContext(ctx context.Context) AssignmentMapOutput
- type AssignmentOutput
- func (o AssignmentOutput) Condition() pulumi.StringPtrOutput
- func (o AssignmentOutput) ConditionVersion() pulumi.StringPtrOutput
- func (o AssignmentOutput) DelegatedManagedIdentityResourceId() pulumi.StringPtrOutput
- func (o AssignmentOutput) Description() pulumi.StringPtrOutput
- func (AssignmentOutput) ElementType() reflect.Type
- func (o AssignmentOutput) Name() pulumi.StringOutput
- func (o AssignmentOutput) PrincipalId() pulumi.StringOutput
- func (o AssignmentOutput) PrincipalType() pulumi.StringOutput
- func (o AssignmentOutput) RoleDefinitionId() pulumi.StringOutput
- func (o AssignmentOutput) RoleDefinitionName() pulumi.StringOutput
- func (o AssignmentOutput) Scope() pulumi.StringOutput
- func (o AssignmentOutput) SkipServicePrincipalAadCheck() pulumi.BoolOutput
- func (o AssignmentOutput) ToAssignmentOutput() AssignmentOutput
- func (o AssignmentOutput) ToAssignmentOutputWithContext(ctx context.Context) AssignmentOutput
- type AssignmentState
- type GetRoleDefinitionPermission
- type GetRoleDefinitionPermissionArgs
- func (GetRoleDefinitionPermissionArgs) ElementType() reflect.Type
- func (i GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput
- func (i GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionOutput
- type GetRoleDefinitionPermissionArray
- func (GetRoleDefinitionPermissionArray) ElementType() reflect.Type
- func (i GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput
- func (i GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionArrayOutput
- type GetRoleDefinitionPermissionArrayInput
- type GetRoleDefinitionPermissionArrayOutput
- func (GetRoleDefinitionPermissionArrayOutput) ElementType() reflect.Type
- func (o GetRoleDefinitionPermissionArrayOutput) Index(i pulumi.IntInput) GetRoleDefinitionPermissionOutput
- func (o GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput
- func (o GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionArrayOutput
- type GetRoleDefinitionPermissionInput
- type GetRoleDefinitionPermissionOutput
- func (o GetRoleDefinitionPermissionOutput) Actions() pulumi.StringArrayOutput
- func (o GetRoleDefinitionPermissionOutput) Condition() pulumi.StringOutput
- func (o GetRoleDefinitionPermissionOutput) ConditionVersion() pulumi.StringOutput
- func (o GetRoleDefinitionPermissionOutput) DataActions() pulumi.StringArrayOutput
- func (GetRoleDefinitionPermissionOutput) ElementType() reflect.Type
- func (o GetRoleDefinitionPermissionOutput) NotActions() pulumi.StringArrayOutput
- func (o GetRoleDefinitionPermissionOutput) NotDataActions() pulumi.StringArrayOutput
- func (o GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput
- func (o GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionOutput
- type LookupRoleDefinitionArgs
- type LookupRoleDefinitionOutputArgs
- type LookupRoleDefinitionResult
- type LookupRoleDefinitionResultOutput
- func (o LookupRoleDefinitionResultOutput) AssignableScopes() pulumi.StringArrayOutput
- func (o LookupRoleDefinitionResultOutput) Description() pulumi.StringOutput
- func (LookupRoleDefinitionResultOutput) ElementType() reflect.Type
- func (o LookupRoleDefinitionResultOutput) Id() pulumi.StringOutput
- func (o LookupRoleDefinitionResultOutput) Name() pulumi.StringOutput
- func (o LookupRoleDefinitionResultOutput) Permissions() GetRoleDefinitionPermissionArrayOutput
- func (o LookupRoleDefinitionResultOutput) RoleDefinitionId() pulumi.StringOutput
- func (o LookupRoleDefinitionResultOutput) Scope() pulumi.StringPtrOutput
- func (o LookupRoleDefinitionResultOutput) ToLookupRoleDefinitionResultOutput() LookupRoleDefinitionResultOutput
- func (o LookupRoleDefinitionResultOutput) ToLookupRoleDefinitionResultOutputWithContext(ctx context.Context) LookupRoleDefinitionResultOutput
- func (o LookupRoleDefinitionResultOutput) Type() pulumi.StringOutput
- type LookupUserAssignedIdentityArgs
- type LookupUserAssignedIdentityOutputArgs
- type LookupUserAssignedIdentityResult
- type LookupUserAssignedIdentityResultOutput
- func (o LookupUserAssignedIdentityResultOutput) ClientId() pulumi.StringOutput
- func (LookupUserAssignedIdentityResultOutput) ElementType() reflect.Type
- func (o LookupUserAssignedIdentityResultOutput) Id() pulumi.StringOutput
- func (o LookupUserAssignedIdentityResultOutput) Location() pulumi.StringOutput
- func (o LookupUserAssignedIdentityResultOutput) Name() pulumi.StringOutput
- func (o LookupUserAssignedIdentityResultOutput) PrincipalId() pulumi.StringOutput
- func (o LookupUserAssignedIdentityResultOutput) ResourceGroupName() pulumi.StringOutput
- func (o LookupUserAssignedIdentityResultOutput) Tags() pulumi.StringMapOutput
- func (o LookupUserAssignedIdentityResultOutput) TenantId() pulumi.StringOutput
- func (o LookupUserAssignedIdentityResultOutput) ToLookupUserAssignedIdentityResultOutput() LookupUserAssignedIdentityResultOutput
- func (o LookupUserAssignedIdentityResultOutput) ToLookupUserAssignedIdentityResultOutputWithContext(ctx context.Context) LookupUserAssignedIdentityResultOutput
- type RoleDefinition
- type RoleDefinitionArgs
- type RoleDefinitionArray
- type RoleDefinitionArrayInput
- type RoleDefinitionArrayOutput
- func (RoleDefinitionArrayOutput) ElementType() reflect.Type
- func (o RoleDefinitionArrayOutput) Index(i pulumi.IntInput) RoleDefinitionOutput
- func (o RoleDefinitionArrayOutput) ToRoleDefinitionArrayOutput() RoleDefinitionArrayOutput
- func (o RoleDefinitionArrayOutput) ToRoleDefinitionArrayOutputWithContext(ctx context.Context) RoleDefinitionArrayOutput
- type RoleDefinitionInput
- type RoleDefinitionMap
- type RoleDefinitionMapInput
- type RoleDefinitionMapOutput
- func (RoleDefinitionMapOutput) ElementType() reflect.Type
- func (o RoleDefinitionMapOutput) MapIndex(k pulumi.StringInput) RoleDefinitionOutput
- func (o RoleDefinitionMapOutput) ToRoleDefinitionMapOutput() RoleDefinitionMapOutput
- func (o RoleDefinitionMapOutput) ToRoleDefinitionMapOutputWithContext(ctx context.Context) RoleDefinitionMapOutput
- type RoleDefinitionOutput
- func (o RoleDefinitionOutput) AssignableScopes() pulumi.StringArrayOutput
- func (o RoleDefinitionOutput) Description() pulumi.StringPtrOutput
- func (RoleDefinitionOutput) ElementType() reflect.Type
- func (o RoleDefinitionOutput) Name() pulumi.StringOutput
- func (o RoleDefinitionOutput) Permissions() RoleDefinitionPermissionArrayOutput
- func (o RoleDefinitionOutput) RoleDefinitionId() pulumi.StringOutput
- func (o RoleDefinitionOutput) RoleDefinitionResourceId() pulumi.StringOutput
- func (o RoleDefinitionOutput) Scope() pulumi.StringOutput
- func (o RoleDefinitionOutput) ToRoleDefinitionOutput() RoleDefinitionOutput
- func (o RoleDefinitionOutput) ToRoleDefinitionOutputWithContext(ctx context.Context) RoleDefinitionOutput
- type RoleDefinitionPermission
- type RoleDefinitionPermissionArgs
- func (RoleDefinitionPermissionArgs) ElementType() reflect.Type
- func (i RoleDefinitionPermissionArgs) ToRoleDefinitionPermissionOutput() RoleDefinitionPermissionOutput
- func (i RoleDefinitionPermissionArgs) ToRoleDefinitionPermissionOutputWithContext(ctx context.Context) RoleDefinitionPermissionOutput
- type RoleDefinitionPermissionArray
- func (RoleDefinitionPermissionArray) ElementType() reflect.Type
- func (i RoleDefinitionPermissionArray) ToRoleDefinitionPermissionArrayOutput() RoleDefinitionPermissionArrayOutput
- func (i RoleDefinitionPermissionArray) ToRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) RoleDefinitionPermissionArrayOutput
- type RoleDefinitionPermissionArrayInput
- type RoleDefinitionPermissionArrayOutput
- func (RoleDefinitionPermissionArrayOutput) ElementType() reflect.Type
- func (o RoleDefinitionPermissionArrayOutput) Index(i pulumi.IntInput) RoleDefinitionPermissionOutput
- func (o RoleDefinitionPermissionArrayOutput) ToRoleDefinitionPermissionArrayOutput() RoleDefinitionPermissionArrayOutput
- func (o RoleDefinitionPermissionArrayOutput) ToRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) RoleDefinitionPermissionArrayOutput
- type RoleDefinitionPermissionInput
- type RoleDefinitionPermissionOutput
- func (o RoleDefinitionPermissionOutput) Actions() pulumi.StringArrayOutput
- func (o RoleDefinitionPermissionOutput) DataActions() pulumi.StringArrayOutput
- func (RoleDefinitionPermissionOutput) ElementType() reflect.Type
- func (o RoleDefinitionPermissionOutput) NotActions() pulumi.StringArrayOutput
- func (o RoleDefinitionPermissionOutput) NotDataActions() pulumi.StringArrayOutput
- func (o RoleDefinitionPermissionOutput) ToRoleDefinitionPermissionOutput() RoleDefinitionPermissionOutput
- func (o RoleDefinitionPermissionOutput) ToRoleDefinitionPermissionOutputWithContext(ctx context.Context) RoleDefinitionPermissionOutput
- type RoleDefinitionState
- type UserAssignedIdentity
- type UserAssignedIdentityArgs
- type UserAssignedIdentityArray
- type UserAssignedIdentityArrayInput
- type UserAssignedIdentityArrayOutput
- func (UserAssignedIdentityArrayOutput) ElementType() reflect.Type
- func (o UserAssignedIdentityArrayOutput) Index(i pulumi.IntInput) UserAssignedIdentityOutput
- func (o UserAssignedIdentityArrayOutput) ToUserAssignedIdentityArrayOutput() UserAssignedIdentityArrayOutput
- func (o UserAssignedIdentityArrayOutput) ToUserAssignedIdentityArrayOutputWithContext(ctx context.Context) UserAssignedIdentityArrayOutput
- type UserAssignedIdentityInput
- type UserAssignedIdentityMap
- type UserAssignedIdentityMapInput
- type UserAssignedIdentityMapOutput
- func (UserAssignedIdentityMapOutput) ElementType() reflect.Type
- func (o UserAssignedIdentityMapOutput) MapIndex(k pulumi.StringInput) UserAssignedIdentityOutput
- func (o UserAssignedIdentityMapOutput) ToUserAssignedIdentityMapOutput() UserAssignedIdentityMapOutput
- func (o UserAssignedIdentityMapOutput) ToUserAssignedIdentityMapOutputWithContext(ctx context.Context) UserAssignedIdentityMapOutput
- type UserAssignedIdentityOutput
- func (o UserAssignedIdentityOutput) ClientId() pulumi.StringOutput
- func (UserAssignedIdentityOutput) ElementType() reflect.Type
- func (o UserAssignedIdentityOutput) Location() pulumi.StringOutput
- func (o UserAssignedIdentityOutput) Name() pulumi.StringOutput
- func (o UserAssignedIdentityOutput) PrincipalId() pulumi.StringOutput
- func (o UserAssignedIdentityOutput) ResourceGroupName() pulumi.StringOutput
- func (o UserAssignedIdentityOutput) Tags() pulumi.StringMapOutput
- func (o UserAssignedIdentityOutput) TenantId() pulumi.StringOutput
- func (o UserAssignedIdentityOutput) ToUserAssignedIdentityOutput() UserAssignedIdentityOutput
- func (o UserAssignedIdentityOutput) ToUserAssignedIdentityOutputWithContext(ctx context.Context) UserAssignedIdentityOutput
- type UserAssignedIdentityState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Assignment ¶
type Assignment struct { pulumi.CustomResourceState // The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created. Condition pulumi.StringPtrOutput `pulumi:"condition"` // The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created. ConditionVersion pulumi.StringPtrOutput `pulumi:"conditionVersion"` // The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created. // // > **NOTE:** this field is only used in cross tenant scenario. DelegatedManagedIdentityResourceId pulumi.StringPtrOutput `pulumi:"delegatedManagedIdentityResourceId"` // The description for this Role Assignment. Changing this forces a new resource to be created. Description pulumi.StringPtrOutput `pulumi:"description"` // A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created. Name pulumi.StringOutput `pulumi:"name"` // The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created. // // > **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications). PrincipalId pulumi.StringOutput `pulumi:"principalId"` // The type of the `principalId`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute. // // > **NOTE:** If one of `condition` or `conditionVersion` is set both fields must be present. PrincipalType pulumi.StringOutput `pulumi:"principalType"` // The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`. RoleDefinitionId pulumi.StringOutput `pulumi:"roleDefinitionId"` // The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`. RoleDefinitionName pulumi.StringOutput `pulumi:"roleDefinitionName"` // The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created. Scope pulumi.StringOutput `pulumi:"scope"` // If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. Defaults to `false`. // // > **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail. SkipServicePrincipalAadCheck pulumi.BoolOutput `pulumi:"skipServicePrincipalAadCheck"` }
Assigns a given Principal (User or Group) to a given Role.
## Example Usage
### Using A Built-In Role)
```go package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { primary, err := core.LookupSubscription(ctx, nil, nil) if err != nil { return err } example, err := core.GetClientConfig(ctx, nil, nil) if err != nil { return err } _, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ Scope: pulumi.String(primary.Id), RoleDefinitionName: pulumi.String("Reader"), PrincipalId: pulumi.String(example.ObjectId), }) if err != nil { return err } return nil }) }
```
### Custom Role & Service Principal)
```go package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { primary, err := core.LookupSubscription(ctx, nil, nil) if err != nil { return err } example, err := core.GetClientConfig(ctx, nil, nil) if err != nil { return err } exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{ RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"), Name: pulumi.String("my-custom-role-definition"), Scope: pulumi.String(primary.Id), Permissions: authorization.RoleDefinitionPermissionArray{ &authorization.RoleDefinitionPermissionArgs{ Actions: pulumi.StringArray{ pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"), }, NotActions: pulumi.StringArray{}, }, }, AssignableScopes: pulumi.StringArray{ pulumi.String(primary.Id), }, }) if err != nil { return err } _, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ Name: pulumi.String("00000000-0000-0000-0000-000000000000"), Scope: pulumi.String(primary.Id), RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId, PrincipalId: pulumi.String(example.ObjectId), }) if err != nil { return err } return nil }) }
```
### Custom Role & User)
```go package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { primary, err := core.LookupSubscription(ctx, nil, nil) if err != nil { return err } example, err := core.GetClientConfig(ctx, nil, nil) if err != nil { return err } exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{ RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"), Name: pulumi.String("my-custom-role-definition"), Scope: pulumi.String(primary.Id), Permissions: authorization.RoleDefinitionPermissionArray{ &authorization.RoleDefinitionPermissionArgs{ Actions: pulumi.StringArray{ pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"), }, NotActions: pulumi.StringArray{}, }, }, AssignableScopes: pulumi.StringArray{ pulumi.String(primary.Id), }, }) if err != nil { return err } _, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ Name: pulumi.String("00000000-0000-0000-0000-000000000000"), Scope: pulumi.String(primary.Id), RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId, PrincipalId: pulumi.String(example.ObjectId), }) if err != nil { return err } return nil }) }
```
### Custom Role & Management Group)
```go package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/management" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { primary, err := core.LookupSubscription(ctx, nil, nil) if err != nil { return err } example, err := core.GetClientConfig(ctx, nil, nil) if err != nil { return err } _, err = management.LookupGroup(ctx, &management.LookupGroupArgs{ Name: pulumi.StringRef("00000000-0000-0000-0000-000000000000"), }, nil) if err != nil { return err } exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{ RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"), Name: pulumi.String("my-custom-role-definition"), Scope: pulumi.String(primary.Id), Permissions: authorization.RoleDefinitionPermissionArray{ &authorization.RoleDefinitionPermissionArgs{ Actions: pulumi.StringArray{ pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"), }, NotActions: pulumi.StringArray{}, }, }, AssignableScopes: pulumi.StringArray{ pulumi.String(primary.Id), }, }) if err != nil { return err } _, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ Name: pulumi.String("00000000-0000-0000-0000-000000000000"), Scope: pulumi.Any(primaryAzurermManagementGroup.Id), RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId, PrincipalId: pulumi.String(example.ObjectId), }) if err != nil { return err } return nil }) }
```
### ABAC Condition)
```go package main
import (
"fmt" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi-std/sdk/go/std" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { primary, err := core.LookupSubscription(ctx, nil, nil) if err != nil { return err } example, err := core.GetClientConfig(ctx, nil, nil) if err != nil { return err } builtin, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{ Name: pulumi.StringRef("Reader"), }, nil) if err != nil { return err } invokeBasename, err := std.Basename(ctx, &std.BasenameArgs{ Input: builtin.RoleDefinitionId, }, nil) if err != nil { return err } invokeBasename1, err := std.Basename(ctx, &std.BasenameArgs{ Input: builtin.RoleDefinitionId, }, nil) if err != nil { return err } _, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ RoleDefinitionName: pulumi.String("Role Based Access Control Administrator"), Scope: pulumi.String(primary.Id), PrincipalId: pulumi.String(example.ObjectId), PrincipalType: pulumi.String("ServicePrincipal"), Description: pulumi.String("Role Based Access Control Administrator role assignment with ABAC Condition."), ConditionVersion: pulumi.String("2.0"), Condition: pulumi.Sprintf(`( ( !(ActionMatches{'Microsoft.Authorization/roleAssignments/write'}) ) OR ( @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {%v} )
) AND (
( !(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'}) ) OR ( @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {%v} )
) `, invokeBasename.Result, invokeBasename1.Result),
}) if err != nil { return err } return nil }) }
```
## Import
Role Assignments can be imported using the `resource id`, e.g.
```sh $ pulumi import azure:authorization/assignment:Assignment example /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000 ```
* for scope `Subscription`, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000`
* for scope `Resource Group`, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000`
* for scope referencing a Key Vault, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.KeyVault/vaults/vaultname/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000`
text
/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000|00000000-0000-0000-0000-000000000000
func GetAssignment ¶
func GetAssignment(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AssignmentState, opts ...pulumi.ResourceOption) (*Assignment, error)
GetAssignment gets an existing Assignment resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAssignment ¶
func NewAssignment(ctx *pulumi.Context, name string, args *AssignmentArgs, opts ...pulumi.ResourceOption) (*Assignment, error)
NewAssignment registers a new resource with the given unique name, arguments, and options.
func (*Assignment) ElementType ¶
func (*Assignment) ElementType() reflect.Type
func (*Assignment) ToAssignmentOutput ¶
func (i *Assignment) ToAssignmentOutput() AssignmentOutput
func (*Assignment) ToAssignmentOutputWithContext ¶
func (i *Assignment) ToAssignmentOutputWithContext(ctx context.Context) AssignmentOutput
type AssignmentArgs ¶
type AssignmentArgs struct { // The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created. Condition pulumi.StringPtrInput // The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created. ConditionVersion pulumi.StringPtrInput // The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created. // // > **NOTE:** this field is only used in cross tenant scenario. DelegatedManagedIdentityResourceId pulumi.StringPtrInput // The description for this Role Assignment. Changing this forces a new resource to be created. Description pulumi.StringPtrInput // A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created. Name pulumi.StringPtrInput // The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created. // // > **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications). PrincipalId pulumi.StringInput // The type of the `principalId`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute. // // > **NOTE:** If one of `condition` or `conditionVersion` is set both fields must be present. PrincipalType pulumi.StringPtrInput // The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`. RoleDefinitionId pulumi.StringPtrInput // The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`. RoleDefinitionName pulumi.StringPtrInput // The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created. Scope pulumi.StringInput // If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. Defaults to `false`. // // > **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail. SkipServicePrincipalAadCheck pulumi.BoolPtrInput }
The set of arguments for constructing a Assignment resource.
func (AssignmentArgs) ElementType ¶
func (AssignmentArgs) ElementType() reflect.Type
type AssignmentArray ¶
type AssignmentArray []AssignmentInput
func (AssignmentArray) ElementType ¶
func (AssignmentArray) ElementType() reflect.Type
func (AssignmentArray) ToAssignmentArrayOutput ¶
func (i AssignmentArray) ToAssignmentArrayOutput() AssignmentArrayOutput
func (AssignmentArray) ToAssignmentArrayOutputWithContext ¶
func (i AssignmentArray) ToAssignmentArrayOutputWithContext(ctx context.Context) AssignmentArrayOutput
type AssignmentArrayInput ¶
type AssignmentArrayInput interface { pulumi.Input ToAssignmentArrayOutput() AssignmentArrayOutput ToAssignmentArrayOutputWithContext(context.Context) AssignmentArrayOutput }
AssignmentArrayInput is an input type that accepts AssignmentArray and AssignmentArrayOutput values. You can construct a concrete instance of `AssignmentArrayInput` via:
AssignmentArray{ AssignmentArgs{...} }
type AssignmentArrayOutput ¶
type AssignmentArrayOutput struct{ *pulumi.OutputState }
func (AssignmentArrayOutput) ElementType ¶
func (AssignmentArrayOutput) ElementType() reflect.Type
func (AssignmentArrayOutput) Index ¶
func (o AssignmentArrayOutput) Index(i pulumi.IntInput) AssignmentOutput
func (AssignmentArrayOutput) ToAssignmentArrayOutput ¶
func (o AssignmentArrayOutput) ToAssignmentArrayOutput() AssignmentArrayOutput
func (AssignmentArrayOutput) ToAssignmentArrayOutputWithContext ¶
func (o AssignmentArrayOutput) ToAssignmentArrayOutputWithContext(ctx context.Context) AssignmentArrayOutput
type AssignmentInput ¶
type AssignmentInput interface { pulumi.Input ToAssignmentOutput() AssignmentOutput ToAssignmentOutputWithContext(ctx context.Context) AssignmentOutput }
type AssignmentMap ¶
type AssignmentMap map[string]AssignmentInput
func (AssignmentMap) ElementType ¶
func (AssignmentMap) ElementType() reflect.Type
func (AssignmentMap) ToAssignmentMapOutput ¶
func (i AssignmentMap) ToAssignmentMapOutput() AssignmentMapOutput
func (AssignmentMap) ToAssignmentMapOutputWithContext ¶
func (i AssignmentMap) ToAssignmentMapOutputWithContext(ctx context.Context) AssignmentMapOutput
type AssignmentMapInput ¶
type AssignmentMapInput interface { pulumi.Input ToAssignmentMapOutput() AssignmentMapOutput ToAssignmentMapOutputWithContext(context.Context) AssignmentMapOutput }
AssignmentMapInput is an input type that accepts AssignmentMap and AssignmentMapOutput values. You can construct a concrete instance of `AssignmentMapInput` via:
AssignmentMap{ "key": AssignmentArgs{...} }
type AssignmentMapOutput ¶
type AssignmentMapOutput struct{ *pulumi.OutputState }
func (AssignmentMapOutput) ElementType ¶
func (AssignmentMapOutput) ElementType() reflect.Type
func (AssignmentMapOutput) MapIndex ¶
func (o AssignmentMapOutput) MapIndex(k pulumi.StringInput) AssignmentOutput
func (AssignmentMapOutput) ToAssignmentMapOutput ¶
func (o AssignmentMapOutput) ToAssignmentMapOutput() AssignmentMapOutput
func (AssignmentMapOutput) ToAssignmentMapOutputWithContext ¶
func (o AssignmentMapOutput) ToAssignmentMapOutputWithContext(ctx context.Context) AssignmentMapOutput
type AssignmentOutput ¶
type AssignmentOutput struct{ *pulumi.OutputState }
func (AssignmentOutput) Condition ¶
func (o AssignmentOutput) Condition() pulumi.StringPtrOutput
The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.
func (AssignmentOutput) ConditionVersion ¶
func (o AssignmentOutput) ConditionVersion() pulumi.StringPtrOutput
The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.
func (AssignmentOutput) DelegatedManagedIdentityResourceId ¶
func (o AssignmentOutput) DelegatedManagedIdentityResourceId() pulumi.StringPtrOutput
The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.
> **NOTE:** this field is only used in cross tenant scenario.
func (AssignmentOutput) Description ¶
func (o AssignmentOutput) Description() pulumi.StringPtrOutput
The description for this Role Assignment. Changing this forces a new resource to be created.
func (AssignmentOutput) ElementType ¶
func (AssignmentOutput) ElementType() reflect.Type
func (AssignmentOutput) Name ¶
func (o AssignmentOutput) Name() pulumi.StringOutput
A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
func (AssignmentOutput) PrincipalId ¶
func (o AssignmentOutput) PrincipalId() pulumi.StringOutput
The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
> **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications).
func (AssignmentOutput) PrincipalType ¶
func (o AssignmentOutput) PrincipalType() pulumi.StringOutput
The type of the `principalId`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.
> **NOTE:** If one of `condition` or `conditionVersion` is set both fields must be present.
func (AssignmentOutput) RoleDefinitionId ¶
func (o AssignmentOutput) RoleDefinitionId() pulumi.StringOutput
The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`.
func (AssignmentOutput) RoleDefinitionName ¶
func (o AssignmentOutput) RoleDefinitionName() pulumi.StringOutput
The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`.
func (AssignmentOutput) Scope ¶
func (o AssignmentOutput) Scope() pulumi.StringOutput
The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
func (AssignmentOutput) SkipServicePrincipalAadCheck ¶
func (o AssignmentOutput) SkipServicePrincipalAadCheck() pulumi.BoolOutput
If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. Defaults to `false`.
> **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail.
func (AssignmentOutput) ToAssignmentOutput ¶
func (o AssignmentOutput) ToAssignmentOutput() AssignmentOutput
func (AssignmentOutput) ToAssignmentOutputWithContext ¶
func (o AssignmentOutput) ToAssignmentOutputWithContext(ctx context.Context) AssignmentOutput
type AssignmentState ¶
type AssignmentState struct { // The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created. Condition pulumi.StringPtrInput // The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created. ConditionVersion pulumi.StringPtrInput // The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created. // // > **NOTE:** this field is only used in cross tenant scenario. DelegatedManagedIdentityResourceId pulumi.StringPtrInput // The description for this Role Assignment. Changing this forces a new resource to be created. Description pulumi.StringPtrInput // A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created. Name pulumi.StringPtrInput // The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created. // // > **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications). PrincipalId pulumi.StringPtrInput // The type of the `principalId`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute. // // > **NOTE:** If one of `condition` or `conditionVersion` is set both fields must be present. PrincipalType pulumi.StringPtrInput // The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`. RoleDefinitionId pulumi.StringPtrInput // The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`. RoleDefinitionName pulumi.StringPtrInput // The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created. Scope pulumi.StringPtrInput // If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. Defaults to `false`. // // > **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail. SkipServicePrincipalAadCheck pulumi.BoolPtrInput }
func (AssignmentState) ElementType ¶
func (AssignmentState) ElementType() reflect.Type
type GetRoleDefinitionPermission ¶
type GetRoleDefinitionPermission struct { // A list of actions supported by this role. Actions []string `pulumi:"actions"` // The conditions on this role definition, which limits the resources it can be assigned to. Condition string `pulumi:"condition"` // The version of the condition. ConditionVersion string `pulumi:"conditionVersion"` // A list of data actions allowed by this role. DataActions []string `pulumi:"dataActions"` // A list of actions which are denied by this role. NotActions []string `pulumi:"notActions"` // A list of data actions which are denied by this role. NotDataActions []string `pulumi:"notDataActions"` }
type GetRoleDefinitionPermissionArgs ¶
type GetRoleDefinitionPermissionArgs struct { // A list of actions supported by this role. Actions pulumi.StringArrayInput `pulumi:"actions"` // The conditions on this role definition, which limits the resources it can be assigned to. Condition pulumi.StringInput `pulumi:"condition"` // The version of the condition. ConditionVersion pulumi.StringInput `pulumi:"conditionVersion"` // A list of data actions allowed by this role. DataActions pulumi.StringArrayInput `pulumi:"dataActions"` // A list of actions which are denied by this role. NotActions pulumi.StringArrayInput `pulumi:"notActions"` // A list of data actions which are denied by this role. NotDataActions pulumi.StringArrayInput `pulumi:"notDataActions"` }
func (GetRoleDefinitionPermissionArgs) ElementType ¶
func (GetRoleDefinitionPermissionArgs) ElementType() reflect.Type
func (GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutput ¶
func (i GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput
func (GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutputWithContext ¶
func (i GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionOutput
type GetRoleDefinitionPermissionArray ¶
type GetRoleDefinitionPermissionArray []GetRoleDefinitionPermissionInput
func (GetRoleDefinitionPermissionArray) ElementType ¶
func (GetRoleDefinitionPermissionArray) ElementType() reflect.Type
func (GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutput ¶
func (i GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput
func (GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutputWithContext ¶
func (i GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionArrayOutput
type GetRoleDefinitionPermissionArrayInput ¶
type GetRoleDefinitionPermissionArrayInput interface { pulumi.Input ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput ToGetRoleDefinitionPermissionArrayOutputWithContext(context.Context) GetRoleDefinitionPermissionArrayOutput }
GetRoleDefinitionPermissionArrayInput is an input type that accepts GetRoleDefinitionPermissionArray and GetRoleDefinitionPermissionArrayOutput values. You can construct a concrete instance of `GetRoleDefinitionPermissionArrayInput` via:
GetRoleDefinitionPermissionArray{ GetRoleDefinitionPermissionArgs{...} }
type GetRoleDefinitionPermissionArrayOutput ¶
type GetRoleDefinitionPermissionArrayOutput struct{ *pulumi.OutputState }
func (GetRoleDefinitionPermissionArrayOutput) ElementType ¶
func (GetRoleDefinitionPermissionArrayOutput) ElementType() reflect.Type
func (GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutput ¶
func (o GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput
func (GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutputWithContext ¶
func (o GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionArrayOutput
type GetRoleDefinitionPermissionInput ¶
type GetRoleDefinitionPermissionInput interface { pulumi.Input ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput ToGetRoleDefinitionPermissionOutputWithContext(context.Context) GetRoleDefinitionPermissionOutput }
GetRoleDefinitionPermissionInput is an input type that accepts GetRoleDefinitionPermissionArgs and GetRoleDefinitionPermissionOutput values. You can construct a concrete instance of `GetRoleDefinitionPermissionInput` via:
GetRoleDefinitionPermissionArgs{...}
type GetRoleDefinitionPermissionOutput ¶
type GetRoleDefinitionPermissionOutput struct{ *pulumi.OutputState }
func (GetRoleDefinitionPermissionOutput) Actions ¶
func (o GetRoleDefinitionPermissionOutput) Actions() pulumi.StringArrayOutput
A list of actions supported by this role.
func (GetRoleDefinitionPermissionOutput) Condition ¶
func (o GetRoleDefinitionPermissionOutput) Condition() pulumi.StringOutput
The conditions on this role definition, which limits the resources it can be assigned to.
func (GetRoleDefinitionPermissionOutput) ConditionVersion ¶
func (o GetRoleDefinitionPermissionOutput) ConditionVersion() pulumi.StringOutput
The version of the condition.
func (GetRoleDefinitionPermissionOutput) DataActions ¶
func (o GetRoleDefinitionPermissionOutput) DataActions() pulumi.StringArrayOutput
A list of data actions allowed by this role.
func (GetRoleDefinitionPermissionOutput) ElementType ¶
func (GetRoleDefinitionPermissionOutput) ElementType() reflect.Type
func (GetRoleDefinitionPermissionOutput) NotActions ¶
func (o GetRoleDefinitionPermissionOutput) NotActions() pulumi.StringArrayOutput
A list of actions which are denied by this role.
func (GetRoleDefinitionPermissionOutput) NotDataActions ¶
func (o GetRoleDefinitionPermissionOutput) NotDataActions() pulumi.StringArrayOutput
A list of data actions which are denied by this role.
func (GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutput ¶
func (o GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput
func (GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutputWithContext ¶
func (o GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionOutput
type LookupRoleDefinitionArgs ¶
type LookupRoleDefinitionArgs struct { // Specifies the Name of either a built-in or custom Role Definition. // // > You can also use this for built-in roles such as `Contributor`, `Owner`, `Reader` and `Virtual Machine Contributor` Name *string `pulumi:"name"` // Specifies the ID of the Role Definition as a UUID/GUID. RoleDefinitionId *string `pulumi:"roleDefinitionId"` // Specifies the Scope at which the Custom Role Definition exists. // // > **Note:** One of `name` or `roleDefinitionId` must be specified. Scope *string `pulumi:"scope"` }
A collection of arguments for invoking getRoleDefinition.
type LookupRoleDefinitionOutputArgs ¶
type LookupRoleDefinitionOutputArgs struct { // Specifies the Name of either a built-in or custom Role Definition. // // > You can also use this for built-in roles such as `Contributor`, `Owner`, `Reader` and `Virtual Machine Contributor` Name pulumi.StringPtrInput `pulumi:"name"` // Specifies the ID of the Role Definition as a UUID/GUID. RoleDefinitionId pulumi.StringPtrInput `pulumi:"roleDefinitionId"` // Specifies the Scope at which the Custom Role Definition exists. // // > **Note:** One of `name` or `roleDefinitionId` must be specified. Scope pulumi.StringPtrInput `pulumi:"scope"` }
A collection of arguments for invoking getRoleDefinition.
func (LookupRoleDefinitionOutputArgs) ElementType ¶
func (LookupRoleDefinitionOutputArgs) ElementType() reflect.Type
type LookupRoleDefinitionResult ¶
type LookupRoleDefinitionResult struct { // One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. AssignableScopes []string `pulumi:"assignableScopes"` // The Description of the built-in Role. Description string `pulumi:"description"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Name string `pulumi:"name"` // A `permissions` block as documented below. Permissions []GetRoleDefinitionPermission `pulumi:"permissions"` RoleDefinitionId string `pulumi:"roleDefinitionId"` Scope *string `pulumi:"scope"` // The Type of the Role. Type string `pulumi:"type"` }
A collection of values returned by getRoleDefinition.
func LookupRoleDefinition ¶
func LookupRoleDefinition(ctx *pulumi.Context, args *LookupRoleDefinitionArgs, opts ...pulumi.InvokeOption) (*LookupRoleDefinitionResult, error)
Use this data source to access information about an existing Role Definition.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { primary, err := core.LookupSubscription(ctx, nil, nil) if err != nil { return err } customRoleDefinition, err := authorization.NewRoleDefinition(ctx, "custom", &authorization.RoleDefinitionArgs{ RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"), Name: pulumi.String("CustomRoleDef"), Scope: pulumi.String(primary.Id), }) if err != nil { return err } custom := customRoleDefinition.RoleDefinitionId.ApplyT(func(roleDefinitionId string) (authorization.GetRoleDefinitionResult, error) { return authorization.GetRoleDefinitionResult(interface{}(authorization.LookupRoleDefinitionOutput(ctx, authorization.GetRoleDefinitionOutputArgs{ RoleDefinitionId: roleDefinitionId, Scope: primary.Id, }, nil))), nil }).(authorization.GetRoleDefinitionResultOutput) _ = customRoleDefinition.Name.ApplyT(func(name string) (authorization.GetRoleDefinitionResult, error) { return authorization.GetRoleDefinitionResult(interface{}(authorization.LookupRoleDefinitionOutput(ctx, authorization.GetRoleDefinitionOutputArgs{ Name: name, Scope: primary.Id, }, nil))), nil }).(authorization.GetRoleDefinitionResultOutput) builtin, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{ Name: pulumi.StringRef("Contributor"), }, nil) if err != nil { return err } ctx.Export("customRoleDefinitionId", custom.ApplyT(func(custom authorization.GetRoleDefinitionResult) (*string, error) { return &custom.Id, nil }).(pulumi.StringPtrOutput)) ctx.Export("contributorRoleDefinitionId", builtin.Id) return nil }) }
```
type LookupRoleDefinitionResultOutput ¶
type LookupRoleDefinitionResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getRoleDefinition.
func LookupRoleDefinitionOutput ¶
func LookupRoleDefinitionOutput(ctx *pulumi.Context, args LookupRoleDefinitionOutputArgs, opts ...pulumi.InvokeOption) LookupRoleDefinitionResultOutput
func (LookupRoleDefinitionResultOutput) AssignableScopes ¶
func (o LookupRoleDefinitionResultOutput) AssignableScopes() pulumi.StringArrayOutput
One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
func (LookupRoleDefinitionResultOutput) Description ¶
func (o LookupRoleDefinitionResultOutput) Description() pulumi.StringOutput
The Description of the built-in Role.
func (LookupRoleDefinitionResultOutput) ElementType ¶
func (LookupRoleDefinitionResultOutput) ElementType() reflect.Type
func (LookupRoleDefinitionResultOutput) Id ¶
func (o LookupRoleDefinitionResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupRoleDefinitionResultOutput) Name ¶
func (o LookupRoleDefinitionResultOutput) Name() pulumi.StringOutput
func (LookupRoleDefinitionResultOutput) Permissions ¶
func (o LookupRoleDefinitionResultOutput) Permissions() GetRoleDefinitionPermissionArrayOutput
A `permissions` block as documented below.
func (LookupRoleDefinitionResultOutput) RoleDefinitionId ¶
func (o LookupRoleDefinitionResultOutput) RoleDefinitionId() pulumi.StringOutput
func (LookupRoleDefinitionResultOutput) Scope ¶
func (o LookupRoleDefinitionResultOutput) Scope() pulumi.StringPtrOutput
func (LookupRoleDefinitionResultOutput) ToLookupRoleDefinitionResultOutput ¶
func (o LookupRoleDefinitionResultOutput) ToLookupRoleDefinitionResultOutput() LookupRoleDefinitionResultOutput
func (LookupRoleDefinitionResultOutput) ToLookupRoleDefinitionResultOutputWithContext ¶
func (o LookupRoleDefinitionResultOutput) ToLookupRoleDefinitionResultOutputWithContext(ctx context.Context) LookupRoleDefinitionResultOutput
func (LookupRoleDefinitionResultOutput) Type ¶
func (o LookupRoleDefinitionResultOutput) Type() pulumi.StringOutput
The Type of the Role.
type LookupUserAssignedIdentityArgs ¶
type LookupUserAssignedIdentityArgs struct { // The name of the User Assigned Identity. Name string `pulumi:"name"` // The name of the Resource Group in which the User Assigned Identity exists. ResourceGroupName string `pulumi:"resourceGroupName"` }
A collection of arguments for invoking getUserAssignedIdentity.
type LookupUserAssignedIdentityOutputArgs ¶
type LookupUserAssignedIdentityOutputArgs struct { // The name of the User Assigned Identity. Name pulumi.StringInput `pulumi:"name"` // The name of the Resource Group in which the User Assigned Identity exists. ResourceGroupName pulumi.StringInput `pulumi:"resourceGroupName"` }
A collection of arguments for invoking getUserAssignedIdentity.
func (LookupUserAssignedIdentityOutputArgs) ElementType ¶
func (LookupUserAssignedIdentityOutputArgs) ElementType() reflect.Type
type LookupUserAssignedIdentityResult ¶
type LookupUserAssignedIdentityResult struct { // The Client ID of the User Assigned Identity. ClientId string `pulumi:"clientId"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // The Azure location where the User Assigned Identity exists. Location string `pulumi:"location"` Name string `pulumi:"name"` // The Service Principal ID of the User Assigned Identity. PrincipalId string `pulumi:"principalId"` ResourceGroupName string `pulumi:"resourceGroupName"` // A mapping of tags assigned to the User Assigned Identity. Tags map[string]string `pulumi:"tags"` // The Tenant ID of the User Assigned Identity. TenantId string `pulumi:"tenantId"` }
A collection of values returned by getUserAssignedIdentity.
func LookupUserAssignedIdentity ¶
func LookupUserAssignedIdentity(ctx *pulumi.Context, args *LookupUserAssignedIdentityArgs, opts ...pulumi.InvokeOption) (*LookupUserAssignedIdentityResult, error)
Use this data source to access information about an existing User Assigned Identity.
## Example Usage
### Reference An Existing)
```go package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := authorization.LookupUserAssignedIdentity(ctx, &authorization.LookupUserAssignedIdentityArgs{ Name: "name_of_user_assigned_identity", ResourceGroupName: "name_of_resource_group", }, nil) if err != nil { return err } ctx.Export("uaiClientId", example.ClientId) ctx.Export("uaiPrincipalId", example.PrincipalId) ctx.Export("uaiTenantId", example.TenantId) return nil }) }
```
type LookupUserAssignedIdentityResultOutput ¶
type LookupUserAssignedIdentityResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getUserAssignedIdentity.
func LookupUserAssignedIdentityOutput ¶
func LookupUserAssignedIdentityOutput(ctx *pulumi.Context, args LookupUserAssignedIdentityOutputArgs, opts ...pulumi.InvokeOption) LookupUserAssignedIdentityResultOutput
func (LookupUserAssignedIdentityResultOutput) ClientId ¶
func (o LookupUserAssignedIdentityResultOutput) ClientId() pulumi.StringOutput
The Client ID of the User Assigned Identity.
func (LookupUserAssignedIdentityResultOutput) ElementType ¶
func (LookupUserAssignedIdentityResultOutput) ElementType() reflect.Type
func (LookupUserAssignedIdentityResultOutput) Id ¶
func (o LookupUserAssignedIdentityResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupUserAssignedIdentityResultOutput) Location ¶
func (o LookupUserAssignedIdentityResultOutput) Location() pulumi.StringOutput
The Azure location where the User Assigned Identity exists.
func (LookupUserAssignedIdentityResultOutput) Name ¶
func (o LookupUserAssignedIdentityResultOutput) Name() pulumi.StringOutput
func (LookupUserAssignedIdentityResultOutput) PrincipalId ¶
func (o LookupUserAssignedIdentityResultOutput) PrincipalId() pulumi.StringOutput
The Service Principal ID of the User Assigned Identity.
func (LookupUserAssignedIdentityResultOutput) ResourceGroupName ¶
func (o LookupUserAssignedIdentityResultOutput) ResourceGroupName() pulumi.StringOutput
func (LookupUserAssignedIdentityResultOutput) Tags ¶
func (o LookupUserAssignedIdentityResultOutput) Tags() pulumi.StringMapOutput
A mapping of tags assigned to the User Assigned Identity.
func (LookupUserAssignedIdentityResultOutput) TenantId ¶
func (o LookupUserAssignedIdentityResultOutput) TenantId() pulumi.StringOutput
The Tenant ID of the User Assigned Identity.
func (LookupUserAssignedIdentityResultOutput) ToLookupUserAssignedIdentityResultOutput ¶
func (o LookupUserAssignedIdentityResultOutput) ToLookupUserAssignedIdentityResultOutput() LookupUserAssignedIdentityResultOutput
func (LookupUserAssignedIdentityResultOutput) ToLookupUserAssignedIdentityResultOutputWithContext ¶
func (o LookupUserAssignedIdentityResultOutput) ToLookupUserAssignedIdentityResultOutputWithContext(ctx context.Context) LookupUserAssignedIdentityResultOutput
type RoleDefinition ¶
type RoleDefinition struct { pulumi.CustomResourceState // One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. // // > **NOTE:** The value for `scope` is automatically included in this list if no other values supplied. AssignableScopes pulumi.StringArrayOutput `pulumi:"assignableScopes"` // A description of the Role Definition. Description pulumi.StringPtrOutput `pulumi:"description"` // The name of the Role Definition. Name pulumi.StringOutput `pulumi:"name"` // A `permissions` block as defined below. Permissions RoleDefinitionPermissionArrayOutput `pulumi:"permissions"` // A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created. RoleDefinitionId pulumi.StringOutput `pulumi:"roleDefinitionId"` // The Azure Resource Manager ID for the resource. RoleDefinitionResourceId pulumi.StringOutput `pulumi:"roleDefinitionResourceId"` // The scope at which the Role Definition applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created. Scope pulumi.StringOutput `pulumi:"scope"` }
Manages a custom Role Definition, used to assign Roles to Users/Principals. See ['Understand role definitions'](https://docs.microsoft.com/azure/role-based-access-control/role-definitions) in the Azure documentation for more details.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { primary, err := core.LookupSubscription(ctx, nil, nil) if err != nil { return err } _, err = authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{ Name: pulumi.String("my-custom-role"), Scope: pulumi.String(primary.Id), Description: pulumi.String("This is a custom role created"), Permissions: authorization.RoleDefinitionPermissionArray{ &authorization.RoleDefinitionPermissionArgs{ Actions: pulumi.StringArray{ pulumi.String("*"), }, NotActions: pulumi.StringArray{}, }, }, AssignableScopes: pulumi.StringArray{ pulumi.String(primary.Id), }, }) if err != nil { return err } return nil }) }
```
## Import
Role Definitions can be imported using the `resource id`, e.g.
```sh $ pulumi import azure:authorization/roleDefinition:RoleDefinition example "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000|/subscriptions/00000000-0000-0000-0000-000000000000" ```
func GetRoleDefinition ¶
func GetRoleDefinition(ctx *pulumi.Context, name string, id pulumi.IDInput, state *RoleDefinitionState, opts ...pulumi.ResourceOption) (*RoleDefinition, error)
GetRoleDefinition gets an existing RoleDefinition resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewRoleDefinition ¶
func NewRoleDefinition(ctx *pulumi.Context, name string, args *RoleDefinitionArgs, opts ...pulumi.ResourceOption) (*RoleDefinition, error)
NewRoleDefinition registers a new resource with the given unique name, arguments, and options.
func (*RoleDefinition) ElementType ¶
func (*RoleDefinition) ElementType() reflect.Type
func (*RoleDefinition) ToRoleDefinitionOutput ¶
func (i *RoleDefinition) ToRoleDefinitionOutput() RoleDefinitionOutput
func (*RoleDefinition) ToRoleDefinitionOutputWithContext ¶
func (i *RoleDefinition) ToRoleDefinitionOutputWithContext(ctx context.Context) RoleDefinitionOutput
type RoleDefinitionArgs ¶
type RoleDefinitionArgs struct { // One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. // // > **NOTE:** The value for `scope` is automatically included in this list if no other values supplied. AssignableScopes pulumi.StringArrayInput // A description of the Role Definition. Description pulumi.StringPtrInput // The name of the Role Definition. Name pulumi.StringPtrInput // A `permissions` block as defined below. Permissions RoleDefinitionPermissionArrayInput // A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created. RoleDefinitionId pulumi.StringPtrInput // The scope at which the Role Definition applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created. Scope pulumi.StringInput }
The set of arguments for constructing a RoleDefinition resource.
func (RoleDefinitionArgs) ElementType ¶
func (RoleDefinitionArgs) ElementType() reflect.Type
type RoleDefinitionArray ¶
type RoleDefinitionArray []RoleDefinitionInput
func (RoleDefinitionArray) ElementType ¶
func (RoleDefinitionArray) ElementType() reflect.Type
func (RoleDefinitionArray) ToRoleDefinitionArrayOutput ¶
func (i RoleDefinitionArray) ToRoleDefinitionArrayOutput() RoleDefinitionArrayOutput
func (RoleDefinitionArray) ToRoleDefinitionArrayOutputWithContext ¶
func (i RoleDefinitionArray) ToRoleDefinitionArrayOutputWithContext(ctx context.Context) RoleDefinitionArrayOutput
type RoleDefinitionArrayInput ¶
type RoleDefinitionArrayInput interface { pulumi.Input ToRoleDefinitionArrayOutput() RoleDefinitionArrayOutput ToRoleDefinitionArrayOutputWithContext(context.Context) RoleDefinitionArrayOutput }
RoleDefinitionArrayInput is an input type that accepts RoleDefinitionArray and RoleDefinitionArrayOutput values. You can construct a concrete instance of `RoleDefinitionArrayInput` via:
RoleDefinitionArray{ RoleDefinitionArgs{...} }
type RoleDefinitionArrayOutput ¶
type RoleDefinitionArrayOutput struct{ *pulumi.OutputState }
func (RoleDefinitionArrayOutput) ElementType ¶
func (RoleDefinitionArrayOutput) ElementType() reflect.Type
func (RoleDefinitionArrayOutput) Index ¶
func (o RoleDefinitionArrayOutput) Index(i pulumi.IntInput) RoleDefinitionOutput
func (RoleDefinitionArrayOutput) ToRoleDefinitionArrayOutput ¶
func (o RoleDefinitionArrayOutput) ToRoleDefinitionArrayOutput() RoleDefinitionArrayOutput
func (RoleDefinitionArrayOutput) ToRoleDefinitionArrayOutputWithContext ¶
func (o RoleDefinitionArrayOutput) ToRoleDefinitionArrayOutputWithContext(ctx context.Context) RoleDefinitionArrayOutput
type RoleDefinitionInput ¶
type RoleDefinitionInput interface { pulumi.Input ToRoleDefinitionOutput() RoleDefinitionOutput ToRoleDefinitionOutputWithContext(ctx context.Context) RoleDefinitionOutput }
type RoleDefinitionMap ¶
type RoleDefinitionMap map[string]RoleDefinitionInput
func (RoleDefinitionMap) ElementType ¶
func (RoleDefinitionMap) ElementType() reflect.Type
func (RoleDefinitionMap) ToRoleDefinitionMapOutput ¶
func (i RoleDefinitionMap) ToRoleDefinitionMapOutput() RoleDefinitionMapOutput
func (RoleDefinitionMap) ToRoleDefinitionMapOutputWithContext ¶
func (i RoleDefinitionMap) ToRoleDefinitionMapOutputWithContext(ctx context.Context) RoleDefinitionMapOutput
type RoleDefinitionMapInput ¶
type RoleDefinitionMapInput interface { pulumi.Input ToRoleDefinitionMapOutput() RoleDefinitionMapOutput ToRoleDefinitionMapOutputWithContext(context.Context) RoleDefinitionMapOutput }
RoleDefinitionMapInput is an input type that accepts RoleDefinitionMap and RoleDefinitionMapOutput values. You can construct a concrete instance of `RoleDefinitionMapInput` via:
RoleDefinitionMap{ "key": RoleDefinitionArgs{...} }
type RoleDefinitionMapOutput ¶
type RoleDefinitionMapOutput struct{ *pulumi.OutputState }
func (RoleDefinitionMapOutput) ElementType ¶
func (RoleDefinitionMapOutput) ElementType() reflect.Type
func (RoleDefinitionMapOutput) MapIndex ¶
func (o RoleDefinitionMapOutput) MapIndex(k pulumi.StringInput) RoleDefinitionOutput
func (RoleDefinitionMapOutput) ToRoleDefinitionMapOutput ¶
func (o RoleDefinitionMapOutput) ToRoleDefinitionMapOutput() RoleDefinitionMapOutput
func (RoleDefinitionMapOutput) ToRoleDefinitionMapOutputWithContext ¶
func (o RoleDefinitionMapOutput) ToRoleDefinitionMapOutputWithContext(ctx context.Context) RoleDefinitionMapOutput
type RoleDefinitionOutput ¶
type RoleDefinitionOutput struct{ *pulumi.OutputState }
func (RoleDefinitionOutput) AssignableScopes ¶
func (o RoleDefinitionOutput) AssignableScopes() pulumi.StringArrayOutput
One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
> **NOTE:** The value for `scope` is automatically included in this list if no other values supplied.
func (RoleDefinitionOutput) Description ¶
func (o RoleDefinitionOutput) Description() pulumi.StringPtrOutput
A description of the Role Definition.
func (RoleDefinitionOutput) ElementType ¶
func (RoleDefinitionOutput) ElementType() reflect.Type
func (RoleDefinitionOutput) Name ¶
func (o RoleDefinitionOutput) Name() pulumi.StringOutput
The name of the Role Definition.
func (RoleDefinitionOutput) Permissions ¶
func (o RoleDefinitionOutput) Permissions() RoleDefinitionPermissionArrayOutput
A `permissions` block as defined below.
func (RoleDefinitionOutput) RoleDefinitionId ¶
func (o RoleDefinitionOutput) RoleDefinitionId() pulumi.StringOutput
A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.
func (RoleDefinitionOutput) RoleDefinitionResourceId ¶
func (o RoleDefinitionOutput) RoleDefinitionResourceId() pulumi.StringOutput
The Azure Resource Manager ID for the resource.
func (RoleDefinitionOutput) Scope ¶
func (o RoleDefinitionOutput) Scope() pulumi.StringOutput
The scope at which the Role Definition applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created.
func (RoleDefinitionOutput) ToRoleDefinitionOutput ¶
func (o RoleDefinitionOutput) ToRoleDefinitionOutput() RoleDefinitionOutput
func (RoleDefinitionOutput) ToRoleDefinitionOutputWithContext ¶
func (o RoleDefinitionOutput) ToRoleDefinitionOutputWithContext(ctx context.Context) RoleDefinitionOutput
type RoleDefinitionPermission ¶
type RoleDefinitionPermission struct { // One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. Actions []string `pulumi:"actions"` // One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. DataActions []string `pulumi:"dataActions"` // One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. NotActions []string `pulumi:"notActions"` // One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. NotDataActions []string `pulumi:"notDataActions"` }
type RoleDefinitionPermissionArgs ¶
type RoleDefinitionPermissionArgs struct { // One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. Actions pulumi.StringArrayInput `pulumi:"actions"` // One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. DataActions pulumi.StringArrayInput `pulumi:"dataActions"` // One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. NotActions pulumi.StringArrayInput `pulumi:"notActions"` // One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details. NotDataActions pulumi.StringArrayInput `pulumi:"notDataActions"` }
func (RoleDefinitionPermissionArgs) ElementType ¶
func (RoleDefinitionPermissionArgs) ElementType() reflect.Type
func (RoleDefinitionPermissionArgs) ToRoleDefinitionPermissionOutput ¶
func (i RoleDefinitionPermissionArgs) ToRoleDefinitionPermissionOutput() RoleDefinitionPermissionOutput
func (RoleDefinitionPermissionArgs) ToRoleDefinitionPermissionOutputWithContext ¶
func (i RoleDefinitionPermissionArgs) ToRoleDefinitionPermissionOutputWithContext(ctx context.Context) RoleDefinitionPermissionOutput
type RoleDefinitionPermissionArray ¶
type RoleDefinitionPermissionArray []RoleDefinitionPermissionInput
func (RoleDefinitionPermissionArray) ElementType ¶
func (RoleDefinitionPermissionArray) ElementType() reflect.Type
func (RoleDefinitionPermissionArray) ToRoleDefinitionPermissionArrayOutput ¶
func (i RoleDefinitionPermissionArray) ToRoleDefinitionPermissionArrayOutput() RoleDefinitionPermissionArrayOutput
func (RoleDefinitionPermissionArray) ToRoleDefinitionPermissionArrayOutputWithContext ¶
func (i RoleDefinitionPermissionArray) ToRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) RoleDefinitionPermissionArrayOutput
type RoleDefinitionPermissionArrayInput ¶
type RoleDefinitionPermissionArrayInput interface { pulumi.Input ToRoleDefinitionPermissionArrayOutput() RoleDefinitionPermissionArrayOutput ToRoleDefinitionPermissionArrayOutputWithContext(context.Context) RoleDefinitionPermissionArrayOutput }
RoleDefinitionPermissionArrayInput is an input type that accepts RoleDefinitionPermissionArray and RoleDefinitionPermissionArrayOutput values. You can construct a concrete instance of `RoleDefinitionPermissionArrayInput` via:
RoleDefinitionPermissionArray{ RoleDefinitionPermissionArgs{...} }
type RoleDefinitionPermissionArrayOutput ¶
type RoleDefinitionPermissionArrayOutput struct{ *pulumi.OutputState }
func (RoleDefinitionPermissionArrayOutput) ElementType ¶
func (RoleDefinitionPermissionArrayOutput) ElementType() reflect.Type
func (RoleDefinitionPermissionArrayOutput) Index ¶
func (o RoleDefinitionPermissionArrayOutput) Index(i pulumi.IntInput) RoleDefinitionPermissionOutput
func (RoleDefinitionPermissionArrayOutput) ToRoleDefinitionPermissionArrayOutput ¶
func (o RoleDefinitionPermissionArrayOutput) ToRoleDefinitionPermissionArrayOutput() RoleDefinitionPermissionArrayOutput
func (RoleDefinitionPermissionArrayOutput) ToRoleDefinitionPermissionArrayOutputWithContext ¶
func (o RoleDefinitionPermissionArrayOutput) ToRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) RoleDefinitionPermissionArrayOutput
type RoleDefinitionPermissionInput ¶
type RoleDefinitionPermissionInput interface { pulumi.Input ToRoleDefinitionPermissionOutput() RoleDefinitionPermissionOutput ToRoleDefinitionPermissionOutputWithContext(context.Context) RoleDefinitionPermissionOutput }
RoleDefinitionPermissionInput is an input type that accepts RoleDefinitionPermissionArgs and RoleDefinitionPermissionOutput values. You can construct a concrete instance of `RoleDefinitionPermissionInput` via:
RoleDefinitionPermissionArgs{...}
type RoleDefinitionPermissionOutput ¶
type RoleDefinitionPermissionOutput struct{ *pulumi.OutputState }
func (RoleDefinitionPermissionOutput) Actions ¶
func (o RoleDefinitionPermissionOutput) Actions() pulumi.StringArrayOutput
One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
func (RoleDefinitionPermissionOutput) DataActions ¶
func (o RoleDefinitionPermissionOutput) DataActions() pulumi.StringArrayOutput
One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
func (RoleDefinitionPermissionOutput) ElementType ¶
func (RoleDefinitionPermissionOutput) ElementType() reflect.Type
func (RoleDefinitionPermissionOutput) NotActions ¶
func (o RoleDefinitionPermissionOutput) NotActions() pulumi.StringArrayOutput
One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
func (RoleDefinitionPermissionOutput) NotDataActions ¶
func (o RoleDefinitionPermissionOutput) NotDataActions() pulumi.StringArrayOutput
One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
func (RoleDefinitionPermissionOutput) ToRoleDefinitionPermissionOutput ¶
func (o RoleDefinitionPermissionOutput) ToRoleDefinitionPermissionOutput() RoleDefinitionPermissionOutput
func (RoleDefinitionPermissionOutput) ToRoleDefinitionPermissionOutputWithContext ¶
func (o RoleDefinitionPermissionOutput) ToRoleDefinitionPermissionOutputWithContext(ctx context.Context) RoleDefinitionPermissionOutput
type RoleDefinitionState ¶
type RoleDefinitionState struct { // One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. // // > **NOTE:** The value for `scope` is automatically included in this list if no other values supplied. AssignableScopes pulumi.StringArrayInput // A description of the Role Definition. Description pulumi.StringPtrInput // The name of the Role Definition. Name pulumi.StringPtrInput // A `permissions` block as defined below. Permissions RoleDefinitionPermissionArrayInput // A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created. RoleDefinitionId pulumi.StringPtrInput // The Azure Resource Manager ID for the resource. RoleDefinitionResourceId pulumi.StringPtrInput // The scope at which the Role Definition applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created. Scope pulumi.StringPtrInput }
func (RoleDefinitionState) ElementType ¶
func (RoleDefinitionState) ElementType() reflect.Type
type UserAssignedIdentity ¶
type UserAssignedIdentity struct { pulumi.CustomResourceState // The ID of the app associated with the Identity. ClientId pulumi.StringOutput `pulumi:"clientId"` // The Azure Region where the User Assigned Identity should exist. Changing this forces a new User Assigned Identity to be created. Location pulumi.StringOutput `pulumi:"location"` // Specifies the name of this User Assigned Identity. Changing this forces a new User Assigned Identity to be created. Name pulumi.StringOutput `pulumi:"name"` // The ID of the Service Principal object associated with the created Identity. PrincipalId pulumi.StringOutput `pulumi:"principalId"` // Specifies the name of the Resource Group within which this User Assigned Identity should exist. Changing this forces a new User Assigned Identity to be created. ResourceGroupName pulumi.StringOutput `pulumi:"resourceGroupName"` // A mapping of tags which should be assigned to the User Assigned Identity. Tags pulumi.StringMapOutput `pulumi:"tags"` // The ID of the Tenant which the Identity belongs to. TenantId pulumi.StringOutput `pulumi:"tenantId"` }
<!-- Note: This documentation is generated. Any manual changes will be overwritten -->
Manages a User Assigned Identity.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{ Name: pulumi.String("example-resources"), Location: pulumi.String("West Europe"), }) if err != nil { return err } _, err = authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{ Location: example.Location, Name: pulumi.String("example"), ResourceGroupName: example.Name, }) if err != nil { return err } return nil }) }
```
## Import
An existing User Assigned Identity can be imported into Pulumi using the `resource id`, e.g.
```sh $ pulumi import azure:authorization/userAssignedIdentity:UserAssignedIdentity example /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{userAssignedIdentityName} ```
* Where `{subscriptionId}` is the ID of the Azure Subscription where the User Assigned Identity exists. For example `12345678-1234-9876-4563-123456789012`.
* Where `{resourceGroupName}` is the name of Resource Group where this User Assigned Identity exists. For example `example-resource-group`.
* Where `{userAssignedIdentityName}` is the name of the User Assigned Identity. For example `userAssignedIdentityValue`.
func GetUserAssignedIdentity ¶
func GetUserAssignedIdentity(ctx *pulumi.Context, name string, id pulumi.IDInput, state *UserAssignedIdentityState, opts ...pulumi.ResourceOption) (*UserAssignedIdentity, error)
GetUserAssignedIdentity gets an existing UserAssignedIdentity resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewUserAssignedIdentity ¶
func NewUserAssignedIdentity(ctx *pulumi.Context, name string, args *UserAssignedIdentityArgs, opts ...pulumi.ResourceOption) (*UserAssignedIdentity, error)
NewUserAssignedIdentity registers a new resource with the given unique name, arguments, and options.
func (*UserAssignedIdentity) ElementType ¶
func (*UserAssignedIdentity) ElementType() reflect.Type
func (*UserAssignedIdentity) ToUserAssignedIdentityOutput ¶
func (i *UserAssignedIdentity) ToUserAssignedIdentityOutput() UserAssignedIdentityOutput
func (*UserAssignedIdentity) ToUserAssignedIdentityOutputWithContext ¶
func (i *UserAssignedIdentity) ToUserAssignedIdentityOutputWithContext(ctx context.Context) UserAssignedIdentityOutput
type UserAssignedIdentityArgs ¶
type UserAssignedIdentityArgs struct { // The Azure Region where the User Assigned Identity should exist. Changing this forces a new User Assigned Identity to be created. Location pulumi.StringPtrInput // Specifies the name of this User Assigned Identity. Changing this forces a new User Assigned Identity to be created. Name pulumi.StringPtrInput // Specifies the name of the Resource Group within which this User Assigned Identity should exist. Changing this forces a new User Assigned Identity to be created. ResourceGroupName pulumi.StringInput // A mapping of tags which should be assigned to the User Assigned Identity. Tags pulumi.StringMapInput }
The set of arguments for constructing a UserAssignedIdentity resource.
func (UserAssignedIdentityArgs) ElementType ¶
func (UserAssignedIdentityArgs) ElementType() reflect.Type
type UserAssignedIdentityArray ¶
type UserAssignedIdentityArray []UserAssignedIdentityInput
func (UserAssignedIdentityArray) ElementType ¶
func (UserAssignedIdentityArray) ElementType() reflect.Type
func (UserAssignedIdentityArray) ToUserAssignedIdentityArrayOutput ¶
func (i UserAssignedIdentityArray) ToUserAssignedIdentityArrayOutput() UserAssignedIdentityArrayOutput
func (UserAssignedIdentityArray) ToUserAssignedIdentityArrayOutputWithContext ¶
func (i UserAssignedIdentityArray) ToUserAssignedIdentityArrayOutputWithContext(ctx context.Context) UserAssignedIdentityArrayOutput
type UserAssignedIdentityArrayInput ¶
type UserAssignedIdentityArrayInput interface { pulumi.Input ToUserAssignedIdentityArrayOutput() UserAssignedIdentityArrayOutput ToUserAssignedIdentityArrayOutputWithContext(context.Context) UserAssignedIdentityArrayOutput }
UserAssignedIdentityArrayInput is an input type that accepts UserAssignedIdentityArray and UserAssignedIdentityArrayOutput values. You can construct a concrete instance of `UserAssignedIdentityArrayInput` via:
UserAssignedIdentityArray{ UserAssignedIdentityArgs{...} }
type UserAssignedIdentityArrayOutput ¶
type UserAssignedIdentityArrayOutput struct{ *pulumi.OutputState }
func (UserAssignedIdentityArrayOutput) ElementType ¶
func (UserAssignedIdentityArrayOutput) ElementType() reflect.Type
func (UserAssignedIdentityArrayOutput) Index ¶
func (o UserAssignedIdentityArrayOutput) Index(i pulumi.IntInput) UserAssignedIdentityOutput
func (UserAssignedIdentityArrayOutput) ToUserAssignedIdentityArrayOutput ¶
func (o UserAssignedIdentityArrayOutput) ToUserAssignedIdentityArrayOutput() UserAssignedIdentityArrayOutput
func (UserAssignedIdentityArrayOutput) ToUserAssignedIdentityArrayOutputWithContext ¶
func (o UserAssignedIdentityArrayOutput) ToUserAssignedIdentityArrayOutputWithContext(ctx context.Context) UserAssignedIdentityArrayOutput
type UserAssignedIdentityInput ¶
type UserAssignedIdentityInput interface { pulumi.Input ToUserAssignedIdentityOutput() UserAssignedIdentityOutput ToUserAssignedIdentityOutputWithContext(ctx context.Context) UserAssignedIdentityOutput }
type UserAssignedIdentityMap ¶
type UserAssignedIdentityMap map[string]UserAssignedIdentityInput
func (UserAssignedIdentityMap) ElementType ¶
func (UserAssignedIdentityMap) ElementType() reflect.Type
func (UserAssignedIdentityMap) ToUserAssignedIdentityMapOutput ¶
func (i UserAssignedIdentityMap) ToUserAssignedIdentityMapOutput() UserAssignedIdentityMapOutput
func (UserAssignedIdentityMap) ToUserAssignedIdentityMapOutputWithContext ¶
func (i UserAssignedIdentityMap) ToUserAssignedIdentityMapOutputWithContext(ctx context.Context) UserAssignedIdentityMapOutput
type UserAssignedIdentityMapInput ¶
type UserAssignedIdentityMapInput interface { pulumi.Input ToUserAssignedIdentityMapOutput() UserAssignedIdentityMapOutput ToUserAssignedIdentityMapOutputWithContext(context.Context) UserAssignedIdentityMapOutput }
UserAssignedIdentityMapInput is an input type that accepts UserAssignedIdentityMap and UserAssignedIdentityMapOutput values. You can construct a concrete instance of `UserAssignedIdentityMapInput` via:
UserAssignedIdentityMap{ "key": UserAssignedIdentityArgs{...} }
type UserAssignedIdentityMapOutput ¶
type UserAssignedIdentityMapOutput struct{ *pulumi.OutputState }
func (UserAssignedIdentityMapOutput) ElementType ¶
func (UserAssignedIdentityMapOutput) ElementType() reflect.Type
func (UserAssignedIdentityMapOutput) MapIndex ¶
func (o UserAssignedIdentityMapOutput) MapIndex(k pulumi.StringInput) UserAssignedIdentityOutput
func (UserAssignedIdentityMapOutput) ToUserAssignedIdentityMapOutput ¶
func (o UserAssignedIdentityMapOutput) ToUserAssignedIdentityMapOutput() UserAssignedIdentityMapOutput
func (UserAssignedIdentityMapOutput) ToUserAssignedIdentityMapOutputWithContext ¶
func (o UserAssignedIdentityMapOutput) ToUserAssignedIdentityMapOutputWithContext(ctx context.Context) UserAssignedIdentityMapOutput
type UserAssignedIdentityOutput ¶
type UserAssignedIdentityOutput struct{ *pulumi.OutputState }
func (UserAssignedIdentityOutput) ClientId ¶
func (o UserAssignedIdentityOutput) ClientId() pulumi.StringOutput
The ID of the app associated with the Identity.
func (UserAssignedIdentityOutput) ElementType ¶
func (UserAssignedIdentityOutput) ElementType() reflect.Type
func (UserAssignedIdentityOutput) Location ¶
func (o UserAssignedIdentityOutput) Location() pulumi.StringOutput
The Azure Region where the User Assigned Identity should exist. Changing this forces a new User Assigned Identity to be created.
func (UserAssignedIdentityOutput) Name ¶
func (o UserAssignedIdentityOutput) Name() pulumi.StringOutput
Specifies the name of this User Assigned Identity. Changing this forces a new User Assigned Identity to be created.
func (UserAssignedIdentityOutput) PrincipalId ¶
func (o UserAssignedIdentityOutput) PrincipalId() pulumi.StringOutput
The ID of the Service Principal object associated with the created Identity.
func (UserAssignedIdentityOutput) ResourceGroupName ¶
func (o UserAssignedIdentityOutput) ResourceGroupName() pulumi.StringOutput
Specifies the name of the Resource Group within which this User Assigned Identity should exist. Changing this forces a new User Assigned Identity to be created.
func (UserAssignedIdentityOutput) Tags ¶
func (o UserAssignedIdentityOutput) Tags() pulumi.StringMapOutput
A mapping of tags which should be assigned to the User Assigned Identity.
func (UserAssignedIdentityOutput) TenantId ¶
func (o UserAssignedIdentityOutput) TenantId() pulumi.StringOutput
The ID of the Tenant which the Identity belongs to.
func (UserAssignedIdentityOutput) ToUserAssignedIdentityOutput ¶
func (o UserAssignedIdentityOutput) ToUserAssignedIdentityOutput() UserAssignedIdentityOutput
func (UserAssignedIdentityOutput) ToUserAssignedIdentityOutputWithContext ¶
func (o UserAssignedIdentityOutput) ToUserAssignedIdentityOutputWithContext(ctx context.Context) UserAssignedIdentityOutput
type UserAssignedIdentityState ¶
type UserAssignedIdentityState struct { // The ID of the app associated with the Identity. ClientId pulumi.StringPtrInput // The Azure Region where the User Assigned Identity should exist. Changing this forces a new User Assigned Identity to be created. Location pulumi.StringPtrInput // Specifies the name of this User Assigned Identity. Changing this forces a new User Assigned Identity to be created. Name pulumi.StringPtrInput // The ID of the Service Principal object associated with the created Identity. PrincipalId pulumi.StringPtrInput // Specifies the name of the Resource Group within which this User Assigned Identity should exist. Changing this forces a new User Assigned Identity to be created. ResourceGroupName pulumi.StringPtrInput // A mapping of tags which should be assigned to the User Assigned Identity. Tags pulumi.StringMapInput // The ID of the Tenant which the Identity belongs to. TenantId pulumi.StringPtrInput }
func (UserAssignedIdentityState) ElementType ¶
func (UserAssignedIdentityState) ElementType() reflect.Type