authorization

package
v6.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 30, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Assignment

type Assignment struct {
	pulumi.CustomResourceState

	// The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.
	Condition pulumi.StringPtrOutput `pulumi:"condition"`
	// The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.
	ConditionVersion pulumi.StringPtrOutput `pulumi:"conditionVersion"`
	// The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.
	//
	// > **NOTE:** this field is only used in cross tenant scenario.
	DelegatedManagedIdentityResourceId pulumi.StringPtrOutput `pulumi:"delegatedManagedIdentityResourceId"`
	// The description for this Role Assignment. Changing this forces a new resource to be created.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
	//
	// > **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications).
	PrincipalId pulumi.StringOutput `pulumi:"principalId"`
	// The type of the `principalId`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.
	//
	// > **NOTE:** If one of `condition` or `conditionVersion` is set both fields must be present.
	PrincipalType pulumi.StringOutput `pulumi:"principalType"`
	// The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`.
	RoleDefinitionId pulumi.StringOutput `pulumi:"roleDefinitionId"`
	// The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`.
	RoleDefinitionName pulumi.StringOutput `pulumi:"roleDefinitionName"`
	// The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
	Scope pulumi.StringOutput `pulumi:"scope"`
	// If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. Defaults to `false`.
	//
	// > **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail.
	SkipServicePrincipalAadCheck pulumi.BoolOutput `pulumi:"skipServicePrincipalAadCheck"`
}

Assigns a given Principal (User or Group) to a given Role.

## Example Usage

### Using A Built-In Role)

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		example, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
			Scope:              pulumi.String(primary.Id),
			RoleDefinitionName: pulumi.String("Reader"),
			PrincipalId:        pulumi.String(example.ObjectId),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

### Custom Role & Service Principal)

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		example, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{
			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
			Name:             pulumi.String("my-custom-role-definition"),
			Scope:            pulumi.String(primary.Id),
			Permissions: authorization.RoleDefinitionPermissionArray{
				&authorization.RoleDefinitionPermissionArgs{
					Actions: pulumi.StringArray{
						pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
					},
					NotActions: pulumi.StringArray{},
				},
			},
			AssignableScopes: pulumi.StringArray{
				pulumi.String(primary.Id),
			},
		})
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
			Name:             pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.String(primary.Id),
			RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
			PrincipalId:      pulumi.String(example.ObjectId),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

### Custom Role & User)

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		example, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{
			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
			Name:             pulumi.String("my-custom-role-definition"),
			Scope:            pulumi.String(primary.Id),
			Permissions: authorization.RoleDefinitionPermissionArray{
				&authorization.RoleDefinitionPermissionArgs{
					Actions: pulumi.StringArray{
						pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
					},
					NotActions: pulumi.StringArray{},
				},
			},
			AssignableScopes: pulumi.StringArray{
				pulumi.String(primary.Id),
			},
		})
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
			Name:             pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.String(primary.Id),
			RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
			PrincipalId:      pulumi.String(example.ObjectId),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

### Custom Role & Management Group)

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/management"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		example, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = management.LookupGroup(ctx, &management.LookupGroupArgs{
			Name: pulumi.StringRef("00000000-0000-0000-0000-000000000000"),
		}, nil)
		if err != nil {
			return err
		}
		exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{
			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
			Name:             pulumi.String("my-custom-role-definition"),
			Scope:            pulumi.String(primary.Id),
			Permissions: authorization.RoleDefinitionPermissionArray{
				&authorization.RoleDefinitionPermissionArgs{
					Actions: pulumi.StringArray{
						pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
					},
					NotActions: pulumi.StringArray{},
				},
			},
			AssignableScopes: pulumi.StringArray{
				pulumi.String(primary.Id),
			},
		})
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
			Name:             pulumi.String("00000000-0000-0000-0000-000000000000"),
			Scope:            pulumi.Any(primaryAzurermManagementGroup.Id),
			RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
			PrincipalId:      pulumi.String(example.ObjectId),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

### ABAC Condition)

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		example, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		builtin, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
			Name: pulumi.StringRef("Reader"),
		}, nil)
		if err != nil {
			return err
		}
		invokeBasename, err := std.Basename(ctx, &std.BasenameArgs{
			Input: builtin.RoleDefinitionId,
		}, nil)
		if err != nil {
			return err
		}
		invokeBasename1, err := std.Basename(ctx, &std.BasenameArgs{
			Input: builtin.RoleDefinitionId,
		}, nil)
		if err != nil {
			return err
		}
		_, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
			RoleDefinitionName: pulumi.String("Role Based Access Control Administrator"),
			Scope:              pulumi.String(primary.Id),
			PrincipalId:        pulumi.String(example.ObjectId),
			PrincipalType:      pulumi.String("ServicePrincipal"),
			Description:        pulumi.String("Role Based Access Control Administrator role assignment with ABAC Condition."),
			ConditionVersion:   pulumi.String("2.0"),
			Condition: pulumi.Sprintf(`(
 (
  !(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})
 )
 OR
 (
  @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {%v}
 )

) AND (

(
 !(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})
)
OR
(
 @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {%v}
)

) `, invokeBasename.Result, invokeBasename1.Result),

		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Role Assignments can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:authorization/assignment:Assignment example /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000 ```

* for scope `Subscription`, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000`

* for scope `Resource Group`, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000`

* for scope referencing a Key Vault, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.KeyVault/vaults/vaultname/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000`

text

/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000|00000000-0000-0000-0000-000000000000

func GetAssignment

func GetAssignment(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AssignmentState, opts ...pulumi.ResourceOption) (*Assignment, error)

GetAssignment gets an existing Assignment resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAssignment

func NewAssignment(ctx *pulumi.Context,
	name string, args *AssignmentArgs, opts ...pulumi.ResourceOption) (*Assignment, error)

NewAssignment registers a new resource with the given unique name, arguments, and options.

func (*Assignment) ElementType

func (*Assignment) ElementType() reflect.Type

func (*Assignment) ToAssignmentOutput

func (i *Assignment) ToAssignmentOutput() AssignmentOutput

func (*Assignment) ToAssignmentOutputWithContext

func (i *Assignment) ToAssignmentOutputWithContext(ctx context.Context) AssignmentOutput

type AssignmentArgs

type AssignmentArgs struct {
	// The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.
	Condition pulumi.StringPtrInput
	// The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.
	ConditionVersion pulumi.StringPtrInput
	// The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.
	//
	// > **NOTE:** this field is only used in cross tenant scenario.
	DelegatedManagedIdentityResourceId pulumi.StringPtrInput
	// The description for this Role Assignment. Changing this forces a new resource to be created.
	Description pulumi.StringPtrInput
	// A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
	Name pulumi.StringPtrInput
	// The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
	//
	// > **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications).
	PrincipalId pulumi.StringInput
	// The type of the `principalId`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.
	//
	// > **NOTE:** If one of `condition` or `conditionVersion` is set both fields must be present.
	PrincipalType pulumi.StringPtrInput
	// The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`.
	RoleDefinitionId pulumi.StringPtrInput
	// The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`.
	RoleDefinitionName pulumi.StringPtrInput
	// The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
	Scope pulumi.StringInput
	// If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. Defaults to `false`.
	//
	// > **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail.
	SkipServicePrincipalAadCheck pulumi.BoolPtrInput
}

The set of arguments for constructing a Assignment resource.

func (AssignmentArgs) ElementType

func (AssignmentArgs) ElementType() reflect.Type

type AssignmentArray

type AssignmentArray []AssignmentInput

func (AssignmentArray) ElementType

func (AssignmentArray) ElementType() reflect.Type

func (AssignmentArray) ToAssignmentArrayOutput

func (i AssignmentArray) ToAssignmentArrayOutput() AssignmentArrayOutput

func (AssignmentArray) ToAssignmentArrayOutputWithContext

func (i AssignmentArray) ToAssignmentArrayOutputWithContext(ctx context.Context) AssignmentArrayOutput

type AssignmentArrayInput

type AssignmentArrayInput interface {
	pulumi.Input

	ToAssignmentArrayOutput() AssignmentArrayOutput
	ToAssignmentArrayOutputWithContext(context.Context) AssignmentArrayOutput
}

AssignmentArrayInput is an input type that accepts AssignmentArray and AssignmentArrayOutput values. You can construct a concrete instance of `AssignmentArrayInput` via:

AssignmentArray{ AssignmentArgs{...} }

type AssignmentArrayOutput

type AssignmentArrayOutput struct{ *pulumi.OutputState }

func (AssignmentArrayOutput) ElementType

func (AssignmentArrayOutput) ElementType() reflect.Type

func (AssignmentArrayOutput) Index

func (AssignmentArrayOutput) ToAssignmentArrayOutput

func (o AssignmentArrayOutput) ToAssignmentArrayOutput() AssignmentArrayOutput

func (AssignmentArrayOutput) ToAssignmentArrayOutputWithContext

func (o AssignmentArrayOutput) ToAssignmentArrayOutputWithContext(ctx context.Context) AssignmentArrayOutput

type AssignmentInput

type AssignmentInput interface {
	pulumi.Input

	ToAssignmentOutput() AssignmentOutput
	ToAssignmentOutputWithContext(ctx context.Context) AssignmentOutput
}

type AssignmentMap

type AssignmentMap map[string]AssignmentInput

func (AssignmentMap) ElementType

func (AssignmentMap) ElementType() reflect.Type

func (AssignmentMap) ToAssignmentMapOutput

func (i AssignmentMap) ToAssignmentMapOutput() AssignmentMapOutput

func (AssignmentMap) ToAssignmentMapOutputWithContext

func (i AssignmentMap) ToAssignmentMapOutputWithContext(ctx context.Context) AssignmentMapOutput

type AssignmentMapInput

type AssignmentMapInput interface {
	pulumi.Input

	ToAssignmentMapOutput() AssignmentMapOutput
	ToAssignmentMapOutputWithContext(context.Context) AssignmentMapOutput
}

AssignmentMapInput is an input type that accepts AssignmentMap and AssignmentMapOutput values. You can construct a concrete instance of `AssignmentMapInput` via:

AssignmentMap{ "key": AssignmentArgs{...} }

type AssignmentMapOutput

type AssignmentMapOutput struct{ *pulumi.OutputState }

func (AssignmentMapOutput) ElementType

func (AssignmentMapOutput) ElementType() reflect.Type

func (AssignmentMapOutput) MapIndex

func (AssignmentMapOutput) ToAssignmentMapOutput

func (o AssignmentMapOutput) ToAssignmentMapOutput() AssignmentMapOutput

func (AssignmentMapOutput) ToAssignmentMapOutputWithContext

func (o AssignmentMapOutput) ToAssignmentMapOutputWithContext(ctx context.Context) AssignmentMapOutput

type AssignmentOutput

type AssignmentOutput struct{ *pulumi.OutputState }

func (AssignmentOutput) Condition

func (o AssignmentOutput) Condition() pulumi.StringPtrOutput

The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.

func (AssignmentOutput) ConditionVersion

func (o AssignmentOutput) ConditionVersion() pulumi.StringPtrOutput

The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.

func (AssignmentOutput) DelegatedManagedIdentityResourceId

func (o AssignmentOutput) DelegatedManagedIdentityResourceId() pulumi.StringPtrOutput

The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.

> **NOTE:** this field is only used in cross tenant scenario.

func (AssignmentOutput) Description

func (o AssignmentOutput) Description() pulumi.StringPtrOutput

The description for this Role Assignment. Changing this forces a new resource to be created.

func (AssignmentOutput) ElementType

func (AssignmentOutput) ElementType() reflect.Type

func (AssignmentOutput) Name

A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.

func (AssignmentOutput) PrincipalId

func (o AssignmentOutput) PrincipalId() pulumi.StringOutput

The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.

> **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications).

func (AssignmentOutput) PrincipalType

func (o AssignmentOutput) PrincipalType() pulumi.StringOutput

The type of the `principalId`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.

> **NOTE:** If one of `condition` or `conditionVersion` is set both fields must be present.

func (AssignmentOutput) RoleDefinitionId

func (o AssignmentOutput) RoleDefinitionId() pulumi.StringOutput

The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`.

func (AssignmentOutput) RoleDefinitionName

func (o AssignmentOutput) RoleDefinitionName() pulumi.StringOutput

The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`.

func (AssignmentOutput) Scope

The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.

func (AssignmentOutput) SkipServicePrincipalAadCheck

func (o AssignmentOutput) SkipServicePrincipalAadCheck() pulumi.BoolOutput

If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. Defaults to `false`.

> **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail.

func (AssignmentOutput) ToAssignmentOutput

func (o AssignmentOutput) ToAssignmentOutput() AssignmentOutput

func (AssignmentOutput) ToAssignmentOutputWithContext

func (o AssignmentOutput) ToAssignmentOutputWithContext(ctx context.Context) AssignmentOutput

type AssignmentState

type AssignmentState struct {
	// The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.
	Condition pulumi.StringPtrInput
	// The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.
	ConditionVersion pulumi.StringPtrInput
	// The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.
	//
	// > **NOTE:** this field is only used in cross tenant scenario.
	DelegatedManagedIdentityResourceId pulumi.StringPtrInput
	// The description for this Role Assignment. Changing this forces a new resource to be created.
	Description pulumi.StringPtrInput
	// A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
	Name pulumi.StringPtrInput
	// The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
	//
	// > **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications).
	PrincipalId pulumi.StringPtrInput
	// The type of the `principalId`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.
	//
	// > **NOTE:** If one of `condition` or `conditionVersion` is set both fields must be present.
	PrincipalType pulumi.StringPtrInput
	// The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `roleDefinitionName`.
	RoleDefinitionId pulumi.StringPtrInput
	// The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `roleDefinitionId`.
	RoleDefinitionName pulumi.StringPtrInput
	// The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
	Scope pulumi.StringPtrInput
	// If the `principalId` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principalId` is a `Service Principal` identity. Defaults to `false`.
	//
	// > **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail.
	SkipServicePrincipalAadCheck pulumi.BoolPtrInput
}

func (AssignmentState) ElementType

func (AssignmentState) ElementType() reflect.Type

type GetRoleDefinitionPermission

type GetRoleDefinitionPermission struct {
	// A list of actions supported by this role.
	Actions []string `pulumi:"actions"`
	// The conditions on this role definition, which limits the resources it can be assigned to.
	Condition string `pulumi:"condition"`
	// The version of the condition.
	ConditionVersion string `pulumi:"conditionVersion"`
	// A list of data actions allowed by this role.
	DataActions []string `pulumi:"dataActions"`
	// A list of actions which are denied by this role.
	NotActions []string `pulumi:"notActions"`
	// A list of data actions which are denied by this role.
	NotDataActions []string `pulumi:"notDataActions"`
}

type GetRoleDefinitionPermissionArgs

type GetRoleDefinitionPermissionArgs struct {
	// A list of actions supported by this role.
	Actions pulumi.StringArrayInput `pulumi:"actions"`
	// The conditions on this role definition, which limits the resources it can be assigned to.
	Condition pulumi.StringInput `pulumi:"condition"`
	// The version of the condition.
	ConditionVersion pulumi.StringInput `pulumi:"conditionVersion"`
	// A list of data actions allowed by this role.
	DataActions pulumi.StringArrayInput `pulumi:"dataActions"`
	// A list of actions which are denied by this role.
	NotActions pulumi.StringArrayInput `pulumi:"notActions"`
	// A list of data actions which are denied by this role.
	NotDataActions pulumi.StringArrayInput `pulumi:"notDataActions"`
}

func (GetRoleDefinitionPermissionArgs) ElementType

func (GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutput

func (i GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput

func (GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutputWithContext

func (i GetRoleDefinitionPermissionArgs) ToGetRoleDefinitionPermissionOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionOutput

type GetRoleDefinitionPermissionArray

type GetRoleDefinitionPermissionArray []GetRoleDefinitionPermissionInput

func (GetRoleDefinitionPermissionArray) ElementType

func (GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutput

func (i GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput

func (GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutputWithContext

func (i GetRoleDefinitionPermissionArray) ToGetRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionArrayOutput

type GetRoleDefinitionPermissionArrayInput

type GetRoleDefinitionPermissionArrayInput interface {
	pulumi.Input

	ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput
	ToGetRoleDefinitionPermissionArrayOutputWithContext(context.Context) GetRoleDefinitionPermissionArrayOutput
}

GetRoleDefinitionPermissionArrayInput is an input type that accepts GetRoleDefinitionPermissionArray and GetRoleDefinitionPermissionArrayOutput values. You can construct a concrete instance of `GetRoleDefinitionPermissionArrayInput` via:

GetRoleDefinitionPermissionArray{ GetRoleDefinitionPermissionArgs{...} }

type GetRoleDefinitionPermissionArrayOutput

type GetRoleDefinitionPermissionArrayOutput struct{ *pulumi.OutputState }

func (GetRoleDefinitionPermissionArrayOutput) ElementType

func (GetRoleDefinitionPermissionArrayOutput) Index

func (GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutput

func (o GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutput() GetRoleDefinitionPermissionArrayOutput

func (GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutputWithContext

func (o GetRoleDefinitionPermissionArrayOutput) ToGetRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionArrayOutput

type GetRoleDefinitionPermissionInput

type GetRoleDefinitionPermissionInput interface {
	pulumi.Input

	ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput
	ToGetRoleDefinitionPermissionOutputWithContext(context.Context) GetRoleDefinitionPermissionOutput
}

GetRoleDefinitionPermissionInput is an input type that accepts GetRoleDefinitionPermissionArgs and GetRoleDefinitionPermissionOutput values. You can construct a concrete instance of `GetRoleDefinitionPermissionInput` via:

GetRoleDefinitionPermissionArgs{...}

type GetRoleDefinitionPermissionOutput

type GetRoleDefinitionPermissionOutput struct{ *pulumi.OutputState }

func (GetRoleDefinitionPermissionOutput) Actions

A list of actions supported by this role.

func (GetRoleDefinitionPermissionOutput) Condition

The conditions on this role definition, which limits the resources it can be assigned to.

func (GetRoleDefinitionPermissionOutput) ConditionVersion

The version of the condition.

func (GetRoleDefinitionPermissionOutput) DataActions

A list of data actions allowed by this role.

func (GetRoleDefinitionPermissionOutput) ElementType

func (GetRoleDefinitionPermissionOutput) NotActions

A list of actions which are denied by this role.

func (GetRoleDefinitionPermissionOutput) NotDataActions

A list of data actions which are denied by this role.

func (GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutput

func (o GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutput() GetRoleDefinitionPermissionOutput

func (GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutputWithContext

func (o GetRoleDefinitionPermissionOutput) ToGetRoleDefinitionPermissionOutputWithContext(ctx context.Context) GetRoleDefinitionPermissionOutput

type LookupRoleDefinitionArgs

type LookupRoleDefinitionArgs struct {
	// Specifies the Name of either a built-in or custom Role Definition.
	//
	// > You can also use this for built-in roles such as `Contributor`, `Owner`, `Reader` and `Virtual Machine Contributor`
	Name *string `pulumi:"name"`
	// Specifies the ID of the Role Definition as a UUID/GUID.
	RoleDefinitionId *string `pulumi:"roleDefinitionId"`
	// Specifies the Scope at which the Custom Role Definition exists.
	//
	// > **Note:** One of `name` or `roleDefinitionId` must be specified.
	Scope *string `pulumi:"scope"`
}

A collection of arguments for invoking getRoleDefinition.

type LookupRoleDefinitionOutputArgs

type LookupRoleDefinitionOutputArgs struct {
	// Specifies the Name of either a built-in or custom Role Definition.
	//
	// > You can also use this for built-in roles such as `Contributor`, `Owner`, `Reader` and `Virtual Machine Contributor`
	Name pulumi.StringPtrInput `pulumi:"name"`
	// Specifies the ID of the Role Definition as a UUID/GUID.
	RoleDefinitionId pulumi.StringPtrInput `pulumi:"roleDefinitionId"`
	// Specifies the Scope at which the Custom Role Definition exists.
	//
	// > **Note:** One of `name` or `roleDefinitionId` must be specified.
	Scope pulumi.StringPtrInput `pulumi:"scope"`
}

A collection of arguments for invoking getRoleDefinition.

func (LookupRoleDefinitionOutputArgs) ElementType

type LookupRoleDefinitionResult

type LookupRoleDefinitionResult struct {
	// One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
	AssignableScopes []string `pulumi:"assignableScopes"`
	// The Description of the built-in Role.
	Description string `pulumi:"description"`
	// The provider-assigned unique ID for this managed resource.
	Id   string `pulumi:"id"`
	Name string `pulumi:"name"`
	// A `permissions` block as documented below.
	Permissions      []GetRoleDefinitionPermission `pulumi:"permissions"`
	RoleDefinitionId string                        `pulumi:"roleDefinitionId"`
	Scope            *string                       `pulumi:"scope"`
	// The Type of the Role.
	Type string `pulumi:"type"`
}

A collection of values returned by getRoleDefinition.

func LookupRoleDefinition

func LookupRoleDefinition(ctx *pulumi.Context, args *LookupRoleDefinitionArgs, opts ...pulumi.InvokeOption) (*LookupRoleDefinitionResult, error)

Use this data source to access information about an existing Role Definition.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		customRoleDefinition, err := authorization.NewRoleDefinition(ctx, "custom", &authorization.RoleDefinitionArgs{
			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
			Name:             pulumi.String("CustomRoleDef"),
			Scope:            pulumi.String(primary.Id),
		})
		if err != nil {
			return err
		}
		custom := customRoleDefinition.RoleDefinitionId.ApplyT(func(roleDefinitionId string) (authorization.GetRoleDefinitionResult, error) {
			return authorization.GetRoleDefinitionResult(interface{}(authorization.LookupRoleDefinitionOutput(ctx, authorization.GetRoleDefinitionOutputArgs{
				RoleDefinitionId: roleDefinitionId,
				Scope:            primary.Id,
			}, nil))), nil
		}).(authorization.GetRoleDefinitionResultOutput)
		_ = customRoleDefinition.Name.ApplyT(func(name string) (authorization.GetRoleDefinitionResult, error) {
			return authorization.GetRoleDefinitionResult(interface{}(authorization.LookupRoleDefinitionOutput(ctx, authorization.GetRoleDefinitionOutputArgs{
				Name:  name,
				Scope: primary.Id,
			}, nil))), nil
		}).(authorization.GetRoleDefinitionResultOutput)
		builtin, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
			Name: pulumi.StringRef("Contributor"),
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("customRoleDefinitionId", custom.ApplyT(func(custom authorization.GetRoleDefinitionResult) (*string, error) {
			return &custom.Id, nil
		}).(pulumi.StringPtrOutput))
		ctx.Export("contributorRoleDefinitionId", builtin.Id)
		return nil
	})
}

```

type LookupRoleDefinitionResultOutput

type LookupRoleDefinitionResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getRoleDefinition.

func (LookupRoleDefinitionResultOutput) AssignableScopes

One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.

func (LookupRoleDefinitionResultOutput) Description

The Description of the built-in Role.

func (LookupRoleDefinitionResultOutput) ElementType

func (LookupRoleDefinitionResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (LookupRoleDefinitionResultOutput) Name

func (LookupRoleDefinitionResultOutput) Permissions

A `permissions` block as documented below.

func (LookupRoleDefinitionResultOutput) RoleDefinitionId

func (LookupRoleDefinitionResultOutput) Scope

func (LookupRoleDefinitionResultOutput) ToLookupRoleDefinitionResultOutput

func (o LookupRoleDefinitionResultOutput) ToLookupRoleDefinitionResultOutput() LookupRoleDefinitionResultOutput

func (LookupRoleDefinitionResultOutput) ToLookupRoleDefinitionResultOutputWithContext

func (o LookupRoleDefinitionResultOutput) ToLookupRoleDefinitionResultOutputWithContext(ctx context.Context) LookupRoleDefinitionResultOutput

func (LookupRoleDefinitionResultOutput) Type

The Type of the Role.

type LookupUserAssignedIdentityArgs

type LookupUserAssignedIdentityArgs struct {
	// The name of the User Assigned Identity.
	Name string `pulumi:"name"`
	// The name of the Resource Group in which the User Assigned Identity exists.
	ResourceGroupName string `pulumi:"resourceGroupName"`
}

A collection of arguments for invoking getUserAssignedIdentity.

type LookupUserAssignedIdentityOutputArgs

type LookupUserAssignedIdentityOutputArgs struct {
	// The name of the User Assigned Identity.
	Name pulumi.StringInput `pulumi:"name"`
	// The name of the Resource Group in which the User Assigned Identity exists.
	ResourceGroupName pulumi.StringInput `pulumi:"resourceGroupName"`
}

A collection of arguments for invoking getUserAssignedIdentity.

func (LookupUserAssignedIdentityOutputArgs) ElementType

type LookupUserAssignedIdentityResult

type LookupUserAssignedIdentityResult struct {
	// The Client ID of the User Assigned Identity.
	ClientId string `pulumi:"clientId"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The Azure location where the User Assigned Identity exists.
	Location string `pulumi:"location"`
	Name     string `pulumi:"name"`
	// The Service Principal ID of the User Assigned Identity.
	PrincipalId       string `pulumi:"principalId"`
	ResourceGroupName string `pulumi:"resourceGroupName"`
	// A mapping of tags assigned to the User Assigned Identity.
	Tags map[string]string `pulumi:"tags"`
	// The Tenant ID of the User Assigned Identity.
	TenantId string `pulumi:"tenantId"`
}

A collection of values returned by getUserAssignedIdentity.

func LookupUserAssignedIdentity

func LookupUserAssignedIdentity(ctx *pulumi.Context, args *LookupUserAssignedIdentityArgs, opts ...pulumi.InvokeOption) (*LookupUserAssignedIdentityResult, error)

Use this data source to access information about an existing User Assigned Identity.

## Example Usage

### Reference An Existing)

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := authorization.LookupUserAssignedIdentity(ctx, &authorization.LookupUserAssignedIdentityArgs{
			Name:              "name_of_user_assigned_identity",
			ResourceGroupName: "name_of_resource_group",
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("uaiClientId", example.ClientId)
		ctx.Export("uaiPrincipalId", example.PrincipalId)
		ctx.Export("uaiTenantId", example.TenantId)
		return nil
	})
}

```

type LookupUserAssignedIdentityResultOutput

type LookupUserAssignedIdentityResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getUserAssignedIdentity.

func (LookupUserAssignedIdentityResultOutput) ClientId

The Client ID of the User Assigned Identity.

func (LookupUserAssignedIdentityResultOutput) ElementType

func (LookupUserAssignedIdentityResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (LookupUserAssignedIdentityResultOutput) Location

The Azure location where the User Assigned Identity exists.

func (LookupUserAssignedIdentityResultOutput) Name

func (LookupUserAssignedIdentityResultOutput) PrincipalId

The Service Principal ID of the User Assigned Identity.

func (LookupUserAssignedIdentityResultOutput) ResourceGroupName

func (LookupUserAssignedIdentityResultOutput) Tags

A mapping of tags assigned to the User Assigned Identity.

func (LookupUserAssignedIdentityResultOutput) TenantId

The Tenant ID of the User Assigned Identity.

func (LookupUserAssignedIdentityResultOutput) ToLookupUserAssignedIdentityResultOutput

func (o LookupUserAssignedIdentityResultOutput) ToLookupUserAssignedIdentityResultOutput() LookupUserAssignedIdentityResultOutput

func (LookupUserAssignedIdentityResultOutput) ToLookupUserAssignedIdentityResultOutputWithContext

func (o LookupUserAssignedIdentityResultOutput) ToLookupUserAssignedIdentityResultOutputWithContext(ctx context.Context) LookupUserAssignedIdentityResultOutput

type RoleDefinition

type RoleDefinition struct {
	pulumi.CustomResourceState

	// One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
	//
	// > **NOTE:** The value for `scope` is automatically included in this list if no other values supplied.
	AssignableScopes pulumi.StringArrayOutput `pulumi:"assignableScopes"`
	// A description of the Role Definition.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The name of the Role Definition.
	Name pulumi.StringOutput `pulumi:"name"`
	// A `permissions` block as defined below.
	Permissions RoleDefinitionPermissionArrayOutput `pulumi:"permissions"`
	// A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.
	RoleDefinitionId pulumi.StringOutput `pulumi:"roleDefinitionId"`
	// The Azure Resource Manager ID for the resource.
	RoleDefinitionResourceId pulumi.StringOutput `pulumi:"roleDefinitionResourceId"`
	// The scope at which the Role Definition applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created.
	Scope pulumi.StringOutput `pulumi:"scope"`
}

Manages a custom Role Definition, used to assign Roles to Users/Principals. See ['Understand role definitions'](https://docs.microsoft.com/azure/role-based-access-control/role-definitions) in the Azure documentation for more details.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{
			Name:        pulumi.String("my-custom-role"),
			Scope:       pulumi.String(primary.Id),
			Description: pulumi.String("This is a custom role created"),
			Permissions: authorization.RoleDefinitionPermissionArray{
				&authorization.RoleDefinitionPermissionArgs{
					Actions: pulumi.StringArray{
						pulumi.String("*"),
					},
					NotActions: pulumi.StringArray{},
				},
			},
			AssignableScopes: pulumi.StringArray{
				pulumi.String(primary.Id),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Role Definitions can be imported using the `resource id`, e.g.

```sh $ pulumi import azure:authorization/roleDefinition:RoleDefinition example "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000|/subscriptions/00000000-0000-0000-0000-000000000000" ```

func GetRoleDefinition

func GetRoleDefinition(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RoleDefinitionState, opts ...pulumi.ResourceOption) (*RoleDefinition, error)

GetRoleDefinition gets an existing RoleDefinition resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRoleDefinition

func NewRoleDefinition(ctx *pulumi.Context,
	name string, args *RoleDefinitionArgs, opts ...pulumi.ResourceOption) (*RoleDefinition, error)

NewRoleDefinition registers a new resource with the given unique name, arguments, and options.

func (*RoleDefinition) ElementType

func (*RoleDefinition) ElementType() reflect.Type

func (*RoleDefinition) ToRoleDefinitionOutput

func (i *RoleDefinition) ToRoleDefinitionOutput() RoleDefinitionOutput

func (*RoleDefinition) ToRoleDefinitionOutputWithContext

func (i *RoleDefinition) ToRoleDefinitionOutputWithContext(ctx context.Context) RoleDefinitionOutput

type RoleDefinitionArgs

type RoleDefinitionArgs struct {
	// One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
	//
	// > **NOTE:** The value for `scope` is automatically included in this list if no other values supplied.
	AssignableScopes pulumi.StringArrayInput
	// A description of the Role Definition.
	Description pulumi.StringPtrInput
	// The name of the Role Definition.
	Name pulumi.StringPtrInput
	// A `permissions` block as defined below.
	Permissions RoleDefinitionPermissionArrayInput
	// A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.
	RoleDefinitionId pulumi.StringPtrInput
	// The scope at which the Role Definition applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created.
	Scope pulumi.StringInput
}

The set of arguments for constructing a RoleDefinition resource.

func (RoleDefinitionArgs) ElementType

func (RoleDefinitionArgs) ElementType() reflect.Type

type RoleDefinitionArray

type RoleDefinitionArray []RoleDefinitionInput

func (RoleDefinitionArray) ElementType

func (RoleDefinitionArray) ElementType() reflect.Type

func (RoleDefinitionArray) ToRoleDefinitionArrayOutput

func (i RoleDefinitionArray) ToRoleDefinitionArrayOutput() RoleDefinitionArrayOutput

func (RoleDefinitionArray) ToRoleDefinitionArrayOutputWithContext

func (i RoleDefinitionArray) ToRoleDefinitionArrayOutputWithContext(ctx context.Context) RoleDefinitionArrayOutput

type RoleDefinitionArrayInput

type RoleDefinitionArrayInput interface {
	pulumi.Input

	ToRoleDefinitionArrayOutput() RoleDefinitionArrayOutput
	ToRoleDefinitionArrayOutputWithContext(context.Context) RoleDefinitionArrayOutput
}

RoleDefinitionArrayInput is an input type that accepts RoleDefinitionArray and RoleDefinitionArrayOutput values. You can construct a concrete instance of `RoleDefinitionArrayInput` via:

RoleDefinitionArray{ RoleDefinitionArgs{...} }

type RoleDefinitionArrayOutput

type RoleDefinitionArrayOutput struct{ *pulumi.OutputState }

func (RoleDefinitionArrayOutput) ElementType

func (RoleDefinitionArrayOutput) ElementType() reflect.Type

func (RoleDefinitionArrayOutput) Index

func (RoleDefinitionArrayOutput) ToRoleDefinitionArrayOutput

func (o RoleDefinitionArrayOutput) ToRoleDefinitionArrayOutput() RoleDefinitionArrayOutput

func (RoleDefinitionArrayOutput) ToRoleDefinitionArrayOutputWithContext

func (o RoleDefinitionArrayOutput) ToRoleDefinitionArrayOutputWithContext(ctx context.Context) RoleDefinitionArrayOutput

type RoleDefinitionInput

type RoleDefinitionInput interface {
	pulumi.Input

	ToRoleDefinitionOutput() RoleDefinitionOutput
	ToRoleDefinitionOutputWithContext(ctx context.Context) RoleDefinitionOutput
}

type RoleDefinitionMap

type RoleDefinitionMap map[string]RoleDefinitionInput

func (RoleDefinitionMap) ElementType

func (RoleDefinitionMap) ElementType() reflect.Type

func (RoleDefinitionMap) ToRoleDefinitionMapOutput

func (i RoleDefinitionMap) ToRoleDefinitionMapOutput() RoleDefinitionMapOutput

func (RoleDefinitionMap) ToRoleDefinitionMapOutputWithContext

func (i RoleDefinitionMap) ToRoleDefinitionMapOutputWithContext(ctx context.Context) RoleDefinitionMapOutput

type RoleDefinitionMapInput

type RoleDefinitionMapInput interface {
	pulumi.Input

	ToRoleDefinitionMapOutput() RoleDefinitionMapOutput
	ToRoleDefinitionMapOutputWithContext(context.Context) RoleDefinitionMapOutput
}

RoleDefinitionMapInput is an input type that accepts RoleDefinitionMap and RoleDefinitionMapOutput values. You can construct a concrete instance of `RoleDefinitionMapInput` via:

RoleDefinitionMap{ "key": RoleDefinitionArgs{...} }

type RoleDefinitionMapOutput

type RoleDefinitionMapOutput struct{ *pulumi.OutputState }

func (RoleDefinitionMapOutput) ElementType

func (RoleDefinitionMapOutput) ElementType() reflect.Type

func (RoleDefinitionMapOutput) MapIndex

func (RoleDefinitionMapOutput) ToRoleDefinitionMapOutput

func (o RoleDefinitionMapOutput) ToRoleDefinitionMapOutput() RoleDefinitionMapOutput

func (RoleDefinitionMapOutput) ToRoleDefinitionMapOutputWithContext

func (o RoleDefinitionMapOutput) ToRoleDefinitionMapOutputWithContext(ctx context.Context) RoleDefinitionMapOutput

type RoleDefinitionOutput

type RoleDefinitionOutput struct{ *pulumi.OutputState }

func (RoleDefinitionOutput) AssignableScopes

func (o RoleDefinitionOutput) AssignableScopes() pulumi.StringArrayOutput

One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.

> **NOTE:** The value for `scope` is automatically included in this list if no other values supplied.

func (RoleDefinitionOutput) Description

A description of the Role Definition.

func (RoleDefinitionOutput) ElementType

func (RoleDefinitionOutput) ElementType() reflect.Type

func (RoleDefinitionOutput) Name

The name of the Role Definition.

func (RoleDefinitionOutput) Permissions

A `permissions` block as defined below.

func (RoleDefinitionOutput) RoleDefinitionId

func (o RoleDefinitionOutput) RoleDefinitionId() pulumi.StringOutput

A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.

func (RoleDefinitionOutput) RoleDefinitionResourceId

func (o RoleDefinitionOutput) RoleDefinitionResourceId() pulumi.StringOutput

The Azure Resource Manager ID for the resource.

func (RoleDefinitionOutput) Scope

The scope at which the Role Definition applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created.

func (RoleDefinitionOutput) ToRoleDefinitionOutput

func (o RoleDefinitionOutput) ToRoleDefinitionOutput() RoleDefinitionOutput

func (RoleDefinitionOutput) ToRoleDefinitionOutputWithContext

func (o RoleDefinitionOutput) ToRoleDefinitionOutputWithContext(ctx context.Context) RoleDefinitionOutput

type RoleDefinitionPermission

type RoleDefinitionPermission struct {
	// One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
	Actions []string `pulumi:"actions"`
	// One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
	DataActions []string `pulumi:"dataActions"`
	// One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
	NotActions []string `pulumi:"notActions"`
	// One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
	NotDataActions []string `pulumi:"notDataActions"`
}

type RoleDefinitionPermissionArgs

type RoleDefinitionPermissionArgs struct {
	// One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
	Actions pulumi.StringArrayInput `pulumi:"actions"`
	// One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
	DataActions pulumi.StringArrayInput `pulumi:"dataActions"`
	// One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
	NotActions pulumi.StringArrayInput `pulumi:"notActions"`
	// One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.
	NotDataActions pulumi.StringArrayInput `pulumi:"notDataActions"`
}

func (RoleDefinitionPermissionArgs) ElementType

func (RoleDefinitionPermissionArgs) ToRoleDefinitionPermissionOutput

func (i RoleDefinitionPermissionArgs) ToRoleDefinitionPermissionOutput() RoleDefinitionPermissionOutput

func (RoleDefinitionPermissionArgs) ToRoleDefinitionPermissionOutputWithContext

func (i RoleDefinitionPermissionArgs) ToRoleDefinitionPermissionOutputWithContext(ctx context.Context) RoleDefinitionPermissionOutput

type RoleDefinitionPermissionArray

type RoleDefinitionPermissionArray []RoleDefinitionPermissionInput

func (RoleDefinitionPermissionArray) ElementType

func (RoleDefinitionPermissionArray) ToRoleDefinitionPermissionArrayOutput

func (i RoleDefinitionPermissionArray) ToRoleDefinitionPermissionArrayOutput() RoleDefinitionPermissionArrayOutput

func (RoleDefinitionPermissionArray) ToRoleDefinitionPermissionArrayOutputWithContext

func (i RoleDefinitionPermissionArray) ToRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) RoleDefinitionPermissionArrayOutput

type RoleDefinitionPermissionArrayInput

type RoleDefinitionPermissionArrayInput interface {
	pulumi.Input

	ToRoleDefinitionPermissionArrayOutput() RoleDefinitionPermissionArrayOutput
	ToRoleDefinitionPermissionArrayOutputWithContext(context.Context) RoleDefinitionPermissionArrayOutput
}

RoleDefinitionPermissionArrayInput is an input type that accepts RoleDefinitionPermissionArray and RoleDefinitionPermissionArrayOutput values. You can construct a concrete instance of `RoleDefinitionPermissionArrayInput` via:

RoleDefinitionPermissionArray{ RoleDefinitionPermissionArgs{...} }

type RoleDefinitionPermissionArrayOutput

type RoleDefinitionPermissionArrayOutput struct{ *pulumi.OutputState }

func (RoleDefinitionPermissionArrayOutput) ElementType

func (RoleDefinitionPermissionArrayOutput) Index

func (RoleDefinitionPermissionArrayOutput) ToRoleDefinitionPermissionArrayOutput

func (o RoleDefinitionPermissionArrayOutput) ToRoleDefinitionPermissionArrayOutput() RoleDefinitionPermissionArrayOutput

func (RoleDefinitionPermissionArrayOutput) ToRoleDefinitionPermissionArrayOutputWithContext

func (o RoleDefinitionPermissionArrayOutput) ToRoleDefinitionPermissionArrayOutputWithContext(ctx context.Context) RoleDefinitionPermissionArrayOutput

type RoleDefinitionPermissionInput

type RoleDefinitionPermissionInput interface {
	pulumi.Input

	ToRoleDefinitionPermissionOutput() RoleDefinitionPermissionOutput
	ToRoleDefinitionPermissionOutputWithContext(context.Context) RoleDefinitionPermissionOutput
}

RoleDefinitionPermissionInput is an input type that accepts RoleDefinitionPermissionArgs and RoleDefinitionPermissionOutput values. You can construct a concrete instance of `RoleDefinitionPermissionInput` via:

RoleDefinitionPermissionArgs{...}

type RoleDefinitionPermissionOutput

type RoleDefinitionPermissionOutput struct{ *pulumi.OutputState }

func (RoleDefinitionPermissionOutput) Actions

One or more Allowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.

func (RoleDefinitionPermissionOutput) DataActions

One or more Allowed Data Actions, such as `*`, `Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.

func (RoleDefinitionPermissionOutput) ElementType

func (RoleDefinitionPermissionOutput) NotActions

One or more Disallowed Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.

func (RoleDefinitionPermissionOutput) NotDataActions

One or more Disallowed Data Actions, such as `*`, `Microsoft.Resources/subscriptions/resourceGroups/read`. See ['Azure Resource Manager resource provider operations'](https://docs.microsoft.com/azure/role-based-access-control/resource-provider-operations) for details.

func (RoleDefinitionPermissionOutput) ToRoleDefinitionPermissionOutput

func (o RoleDefinitionPermissionOutput) ToRoleDefinitionPermissionOutput() RoleDefinitionPermissionOutput

func (RoleDefinitionPermissionOutput) ToRoleDefinitionPermissionOutputWithContext

func (o RoleDefinitionPermissionOutput) ToRoleDefinitionPermissionOutputWithContext(ctx context.Context) RoleDefinitionPermissionOutput

type RoleDefinitionState

type RoleDefinitionState struct {
	// One or more assignable scopes for this Role Definition, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`.
	//
	// > **NOTE:** The value for `scope` is automatically included in this list if no other values supplied.
	AssignableScopes pulumi.StringArrayInput
	// A description of the Role Definition.
	Description pulumi.StringPtrInput
	// The name of the Role Definition.
	Name pulumi.StringPtrInput
	// A `permissions` block as defined below.
	Permissions RoleDefinitionPermissionArrayInput
	// A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.
	RoleDefinitionId pulumi.StringPtrInput
	// The Azure Resource Manager ID for the resource.
	RoleDefinitionResourceId pulumi.StringPtrInput
	// The scope at which the Role Definition applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`. It is recommended to use the first entry of the `assignableScopes`. Changing this forces a new resource to be created.
	Scope pulumi.StringPtrInput
}

func (RoleDefinitionState) ElementType

func (RoleDefinitionState) ElementType() reflect.Type

type UserAssignedIdentity

type UserAssignedIdentity struct {
	pulumi.CustomResourceState

	// The ID of the app associated with the Identity.
	ClientId pulumi.StringOutput `pulumi:"clientId"`
	// The Azure Region where the User Assigned Identity should exist. Changing this forces a new User Assigned Identity to be created.
	Location pulumi.StringOutput `pulumi:"location"`
	// Specifies the name of this User Assigned Identity. Changing this forces a new User Assigned Identity to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the Service Principal object associated with the created Identity.
	PrincipalId pulumi.StringOutput `pulumi:"principalId"`
	// Specifies the name of the Resource Group within which this User Assigned Identity should exist. Changing this forces a new User Assigned Identity to be created.
	ResourceGroupName pulumi.StringOutput `pulumi:"resourceGroupName"`
	// A mapping of tags which should be assigned to the User Assigned Identity.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
	// The ID of the Tenant which the Identity belongs to.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

<!-- Note: This documentation is generated. Any manual changes will be overwritten -->

Manages a User Assigned Identity.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		_, err = authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{
			Location:          example.Location,
			Name:              pulumi.String("example"),
			ResourceGroupName: example.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

An existing User Assigned Identity can be imported into Pulumi using the `resource id`, e.g.

```sh $ pulumi import azure:authorization/userAssignedIdentity:UserAssignedIdentity example /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{userAssignedIdentityName} ```

* Where `{subscriptionId}` is the ID of the Azure Subscription where the User Assigned Identity exists. For example `12345678-1234-9876-4563-123456789012`.

* Where `{resourceGroupName}` is the name of Resource Group where this User Assigned Identity exists. For example `example-resource-group`.

* Where `{userAssignedIdentityName}` is the name of the User Assigned Identity. For example `userAssignedIdentityValue`.

func GetUserAssignedIdentity

func GetUserAssignedIdentity(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *UserAssignedIdentityState, opts ...pulumi.ResourceOption) (*UserAssignedIdentity, error)

GetUserAssignedIdentity gets an existing UserAssignedIdentity resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewUserAssignedIdentity

func NewUserAssignedIdentity(ctx *pulumi.Context,
	name string, args *UserAssignedIdentityArgs, opts ...pulumi.ResourceOption) (*UserAssignedIdentity, error)

NewUserAssignedIdentity registers a new resource with the given unique name, arguments, and options.

func (*UserAssignedIdentity) ElementType

func (*UserAssignedIdentity) ElementType() reflect.Type

func (*UserAssignedIdentity) ToUserAssignedIdentityOutput

func (i *UserAssignedIdentity) ToUserAssignedIdentityOutput() UserAssignedIdentityOutput

func (*UserAssignedIdentity) ToUserAssignedIdentityOutputWithContext

func (i *UserAssignedIdentity) ToUserAssignedIdentityOutputWithContext(ctx context.Context) UserAssignedIdentityOutput

type UserAssignedIdentityArgs

type UserAssignedIdentityArgs struct {
	// The Azure Region where the User Assigned Identity should exist. Changing this forces a new User Assigned Identity to be created.
	Location pulumi.StringPtrInput
	// Specifies the name of this User Assigned Identity. Changing this forces a new User Assigned Identity to be created.
	Name pulumi.StringPtrInput
	// Specifies the name of the Resource Group within which this User Assigned Identity should exist. Changing this forces a new User Assigned Identity to be created.
	ResourceGroupName pulumi.StringInput
	// A mapping of tags which should be assigned to the User Assigned Identity.
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a UserAssignedIdentity resource.

func (UserAssignedIdentityArgs) ElementType

func (UserAssignedIdentityArgs) ElementType() reflect.Type

type UserAssignedIdentityArray

type UserAssignedIdentityArray []UserAssignedIdentityInput

func (UserAssignedIdentityArray) ElementType

func (UserAssignedIdentityArray) ElementType() reflect.Type

func (UserAssignedIdentityArray) ToUserAssignedIdentityArrayOutput

func (i UserAssignedIdentityArray) ToUserAssignedIdentityArrayOutput() UserAssignedIdentityArrayOutput

func (UserAssignedIdentityArray) ToUserAssignedIdentityArrayOutputWithContext

func (i UserAssignedIdentityArray) ToUserAssignedIdentityArrayOutputWithContext(ctx context.Context) UserAssignedIdentityArrayOutput

type UserAssignedIdentityArrayInput

type UserAssignedIdentityArrayInput interface {
	pulumi.Input

	ToUserAssignedIdentityArrayOutput() UserAssignedIdentityArrayOutput
	ToUserAssignedIdentityArrayOutputWithContext(context.Context) UserAssignedIdentityArrayOutput
}

UserAssignedIdentityArrayInput is an input type that accepts UserAssignedIdentityArray and UserAssignedIdentityArrayOutput values. You can construct a concrete instance of `UserAssignedIdentityArrayInput` via:

UserAssignedIdentityArray{ UserAssignedIdentityArgs{...} }

type UserAssignedIdentityArrayOutput

type UserAssignedIdentityArrayOutput struct{ *pulumi.OutputState }

func (UserAssignedIdentityArrayOutput) ElementType

func (UserAssignedIdentityArrayOutput) Index

func (UserAssignedIdentityArrayOutput) ToUserAssignedIdentityArrayOutput

func (o UserAssignedIdentityArrayOutput) ToUserAssignedIdentityArrayOutput() UserAssignedIdentityArrayOutput

func (UserAssignedIdentityArrayOutput) ToUserAssignedIdentityArrayOutputWithContext

func (o UserAssignedIdentityArrayOutput) ToUserAssignedIdentityArrayOutputWithContext(ctx context.Context) UserAssignedIdentityArrayOutput

type UserAssignedIdentityInput

type UserAssignedIdentityInput interface {
	pulumi.Input

	ToUserAssignedIdentityOutput() UserAssignedIdentityOutput
	ToUserAssignedIdentityOutputWithContext(ctx context.Context) UserAssignedIdentityOutput
}

type UserAssignedIdentityMap

type UserAssignedIdentityMap map[string]UserAssignedIdentityInput

func (UserAssignedIdentityMap) ElementType

func (UserAssignedIdentityMap) ElementType() reflect.Type

func (UserAssignedIdentityMap) ToUserAssignedIdentityMapOutput

func (i UserAssignedIdentityMap) ToUserAssignedIdentityMapOutput() UserAssignedIdentityMapOutput

func (UserAssignedIdentityMap) ToUserAssignedIdentityMapOutputWithContext

func (i UserAssignedIdentityMap) ToUserAssignedIdentityMapOutputWithContext(ctx context.Context) UserAssignedIdentityMapOutput

type UserAssignedIdentityMapInput

type UserAssignedIdentityMapInput interface {
	pulumi.Input

	ToUserAssignedIdentityMapOutput() UserAssignedIdentityMapOutput
	ToUserAssignedIdentityMapOutputWithContext(context.Context) UserAssignedIdentityMapOutput
}

UserAssignedIdentityMapInput is an input type that accepts UserAssignedIdentityMap and UserAssignedIdentityMapOutput values. You can construct a concrete instance of `UserAssignedIdentityMapInput` via:

UserAssignedIdentityMap{ "key": UserAssignedIdentityArgs{...} }

type UserAssignedIdentityMapOutput

type UserAssignedIdentityMapOutput struct{ *pulumi.OutputState }

func (UserAssignedIdentityMapOutput) ElementType

func (UserAssignedIdentityMapOutput) MapIndex

func (UserAssignedIdentityMapOutput) ToUserAssignedIdentityMapOutput

func (o UserAssignedIdentityMapOutput) ToUserAssignedIdentityMapOutput() UserAssignedIdentityMapOutput

func (UserAssignedIdentityMapOutput) ToUserAssignedIdentityMapOutputWithContext

func (o UserAssignedIdentityMapOutput) ToUserAssignedIdentityMapOutputWithContext(ctx context.Context) UserAssignedIdentityMapOutput

type UserAssignedIdentityOutput

type UserAssignedIdentityOutput struct{ *pulumi.OutputState }

func (UserAssignedIdentityOutput) ClientId

The ID of the app associated with the Identity.

func (UserAssignedIdentityOutput) ElementType

func (UserAssignedIdentityOutput) ElementType() reflect.Type

func (UserAssignedIdentityOutput) Location

The Azure Region where the User Assigned Identity should exist. Changing this forces a new User Assigned Identity to be created.

func (UserAssignedIdentityOutput) Name

Specifies the name of this User Assigned Identity. Changing this forces a new User Assigned Identity to be created.

func (UserAssignedIdentityOutput) PrincipalId

The ID of the Service Principal object associated with the created Identity.

func (UserAssignedIdentityOutput) ResourceGroupName

func (o UserAssignedIdentityOutput) ResourceGroupName() pulumi.StringOutput

Specifies the name of the Resource Group within which this User Assigned Identity should exist. Changing this forces a new User Assigned Identity to be created.

func (UserAssignedIdentityOutput) Tags

A mapping of tags which should be assigned to the User Assigned Identity.

func (UserAssignedIdentityOutput) TenantId

The ID of the Tenant which the Identity belongs to.

func (UserAssignedIdentityOutput) ToUserAssignedIdentityOutput

func (o UserAssignedIdentityOutput) ToUserAssignedIdentityOutput() UserAssignedIdentityOutput

func (UserAssignedIdentityOutput) ToUserAssignedIdentityOutputWithContext

func (o UserAssignedIdentityOutput) ToUserAssignedIdentityOutputWithContext(ctx context.Context) UserAssignedIdentityOutput

type UserAssignedIdentityState

type UserAssignedIdentityState struct {
	// The ID of the app associated with the Identity.
	ClientId pulumi.StringPtrInput
	// The Azure Region where the User Assigned Identity should exist. Changing this forces a new User Assigned Identity to be created.
	Location pulumi.StringPtrInput
	// Specifies the name of this User Assigned Identity. Changing this forces a new User Assigned Identity to be created.
	Name pulumi.StringPtrInput
	// The ID of the Service Principal object associated with the created Identity.
	PrincipalId pulumi.StringPtrInput
	// Specifies the name of the Resource Group within which this User Assigned Identity should exist. Changing this forces a new User Assigned Identity to be created.
	ResourceGroupName pulumi.StringPtrInput
	// A mapping of tags which should be assigned to the User Assigned Identity.
	Tags pulumi.StringMapInput
	// The ID of the Tenant which the Identity belongs to.
	TenantId pulumi.StringPtrInput
}

func (UserAssignedIdentityState) ElementType

func (UserAssignedIdentityState) ElementType() reflect.Type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL