All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.azure.authorization.kotlin.AssignmentArgs.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 6.15.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.azure.authorization.kotlin

import com.pulumi.azure.authorization.AssignmentArgs.builder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.jvm.JvmName

/**
 * Assigns a given Principal (User or Group) to a given Role.
 * ## Example Usage
 * ### Using A Built-In Role)
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as azure from "@pulumi/azure";
 * const primary = azure.core.getSubscription({});
 * const example = azure.core.getClientConfig({});
 * const exampleAssignment = new azure.authorization.Assignment("example", {
 *     scope: primary.then(primary => primary.id),
 *     roleDefinitionName: "Reader",
 *     principalId: example.then(example => example.objectId),
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_azure as azure
 * primary = azure.core.get_subscription()
 * example = azure.core.get_client_config()
 * example_assignment = azure.authorization.Assignment("example",
 *     scope=primary.id,
 *     role_definition_name="Reader",
 *     principal_id=example.object_id)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Azure = Pulumi.Azure;
 * return await Deployment.RunAsync(() =>
 * {
 *     var primary = Azure.Core.GetSubscription.Invoke();
 *     var example = Azure.Core.GetClientConfig.Invoke();
 *     var exampleAssignment = new Azure.Authorization.Assignment("example", new()
 *     {
 *         Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
 *         RoleDefinitionName = "Reader",
 *         PrincipalId = example.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
 * 	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		primary, err := core.LookupSubscription(ctx, nil, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		example, err := core.GetClientConfig(ctx, nil, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
 * 			Scope:              pulumi.String(primary.Id),
 * 			RoleDefinitionName: pulumi.String("Reader"),
 * 			PrincipalId:        pulumi.String(example.ObjectId),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.azure.core.CoreFunctions;
 * import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
 * import com.pulumi.azure.authorization.Assignment;
 * import com.pulumi.azure.authorization.AssignmentArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         final var primary = CoreFunctions.getSubscription();
 *         final var example = CoreFunctions.getClientConfig();
 *         var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
 *             .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
 *             .roleDefinitionName("Reader")
 *             .principalId(example.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   exampleAssignment:
 *     type: azure:authorization:Assignment
 *     name: example
 *     properties:
 *       scope: ${primary.id}
 *       roleDefinitionName: Reader
 *       principalId: ${example.objectId}
 * variables:
 *   primary:
 *     fn::invoke:
 *       Function: azure:core:getSubscription
 *       Arguments: {}
 *   example:
 *     fn::invoke:
 *       Function: azure:core:getClientConfig
 *       Arguments: {}
 * ```
 * 
 * ### Custom Role & Service Principal)
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as azure from "@pulumi/azure";
 * const primary = azure.core.getSubscription({});
 * const example = azure.core.getClientConfig({});
 * const exampleRoleDefinition = new azure.authorization.RoleDefinition("example", {
 *     roleDefinitionId: "00000000-0000-0000-0000-000000000000",
 *     name: "my-custom-role-definition",
 *     scope: primary.then(primary => primary.id),
 *     permissions: [{
 *         actions: ["Microsoft.Resources/subscriptions/resourceGroups/read"],
 *         notActions: [],
 *     }],
 *     assignableScopes: [primary.then(primary => primary.id)],
 * });
 * const exampleAssignment = new azure.authorization.Assignment("example", {
 *     name: "00000000-0000-0000-0000-000000000000",
 *     scope: primary.then(primary => primary.id),
 *     roleDefinitionId: exampleRoleDefinition.roleDefinitionResourceId,
 *     principalId: example.then(example => example.objectId),
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_azure as azure
 * primary = azure.core.get_subscription()
 * example = azure.core.get_client_config()
 * example_role_definition = azure.authorization.RoleDefinition("example",
 *     role_definition_id="00000000-0000-0000-0000-000000000000",
 *     name="my-custom-role-definition",
 *     scope=primary.id,
 *     permissions=[azure.authorization.RoleDefinitionPermissionArgs(
 *         actions=["Microsoft.Resources/subscriptions/resourceGroups/read"],
 *         not_actions=[],
 *     )],
 *     assignable_scopes=[primary.id])
 * example_assignment = azure.authorization.Assignment("example",
 *     name="00000000-0000-0000-0000-000000000000",
 *     scope=primary.id,
 *     role_definition_id=example_role_definition.role_definition_resource_id,
 *     principal_id=example.object_id)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Azure = Pulumi.Azure;
 * return await Deployment.RunAsync(() =>
 * {
 *     var primary = Azure.Core.GetSubscription.Invoke();
 *     var example = Azure.Core.GetClientConfig.Invoke();
 *     var exampleRoleDefinition = new Azure.Authorization.RoleDefinition("example", new()
 *     {
 *         RoleDefinitionId = "00000000-0000-0000-0000-000000000000",
 *         Name = "my-custom-role-definition",
 *         Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
 *         Permissions = new[]
 *         {
 *             new Azure.Authorization.Inputs.RoleDefinitionPermissionArgs
 *             {
 *                 Actions = new[]
 *                 {
 *                     "Microsoft.Resources/subscriptions/resourceGroups/read",
 *                 },
 *                 NotActions = new() { },
 *             },
 *         },
 *         AssignableScopes = new[]
 *         {
 *             primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
 *         },
 *     });
 *     var exampleAssignment = new Azure.Authorization.Assignment("example", new()
 *     {
 *         Name = "00000000-0000-0000-0000-000000000000",
 *         Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
 *         RoleDefinitionId = exampleRoleDefinition.RoleDefinitionResourceId,
 *         PrincipalId = example.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
 * 	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		primary, err := core.LookupSubscription(ctx, nil, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		example, err := core.GetClientConfig(ctx, nil, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{
 * 			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
 * 			Name:             pulumi.String("my-custom-role-definition"),
 * 			Scope:            pulumi.String(primary.Id),
 * 			Permissions: authorization.RoleDefinitionPermissionArray{
 * 				&authorization.RoleDefinitionPermissionArgs{
 * 					Actions: pulumi.StringArray{
 * 						pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
 * 					},
 * 					NotActions: pulumi.StringArray{},
 * 				},
 * 			},
 * 			AssignableScopes: pulumi.StringArray{
 * 				pulumi.String(primary.Id),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
 * 			Name:             pulumi.String("00000000-0000-0000-0000-000000000000"),
 * 			Scope:            pulumi.String(primary.Id),
 * 			RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
 * 			PrincipalId:      pulumi.String(example.ObjectId),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.azure.core.CoreFunctions;
 * import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
 * import com.pulumi.azure.authorization.RoleDefinition;
 * import com.pulumi.azure.authorization.RoleDefinitionArgs;
 * import com.pulumi.azure.authorization.inputs.RoleDefinitionPermissionArgs;
 * import com.pulumi.azure.authorization.Assignment;
 * import com.pulumi.azure.authorization.AssignmentArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         final var primary = CoreFunctions.getSubscription();
 *         final var example = CoreFunctions.getClientConfig();
 *         var exampleRoleDefinition = new RoleDefinition("exampleRoleDefinition", RoleDefinitionArgs.builder()
 *             .roleDefinitionId("00000000-0000-0000-0000-000000000000")
 *             .name("my-custom-role-definition")
 *             .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
 *             .permissions(RoleDefinitionPermissionArgs.builder()
 *                 .actions("Microsoft.Resources/subscriptions/resourceGroups/read")
 *                 .notActions()
 *                 .build())
 *             .assignableScopes(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
 *             .build());
 *         var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
 *             .name("00000000-0000-0000-0000-000000000000")
 *             .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
 *             .roleDefinitionId(exampleRoleDefinition.roleDefinitionResourceId())
 *             .principalId(example.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   exampleRoleDefinition:
 *     type: azure:authorization:RoleDefinition
 *     name: example
 *     properties:
 *       roleDefinitionId: 00000000-0000-0000-0000-000000000000
 *       name: my-custom-role-definition
 *       scope: ${primary.id}
 *       permissions:
 *         - actions:
 *             - Microsoft.Resources/subscriptions/resourceGroups/read
 *           notActions: []
 *       assignableScopes:
 *         - ${primary.id}
 *   exampleAssignment:
 *     type: azure:authorization:Assignment
 *     name: example
 *     properties:
 *       name: 00000000-0000-0000-0000-000000000000
 *       scope: ${primary.id}
 *       roleDefinitionId: ${exampleRoleDefinition.roleDefinitionResourceId}
 *       principalId: ${example.objectId}
 * variables:
 *   primary:
 *     fn::invoke:
 *       Function: azure:core:getSubscription
 *       Arguments: {}
 *   example:
 *     fn::invoke:
 *       Function: azure:core:getClientConfig
 *       Arguments: {}
 * ```
 * 
 * ### Custom Role & User)
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as azure from "@pulumi/azure";
 * const primary = azure.core.getSubscription({});
 * const example = azure.core.getClientConfig({});
 * const exampleRoleDefinition = new azure.authorization.RoleDefinition("example", {
 *     roleDefinitionId: "00000000-0000-0000-0000-000000000000",
 *     name: "my-custom-role-definition",
 *     scope: primary.then(primary => primary.id),
 *     permissions: [{
 *         actions: ["Microsoft.Resources/subscriptions/resourceGroups/read"],
 *         notActions: [],
 *     }],
 *     assignableScopes: [primary.then(primary => primary.id)],
 * });
 * const exampleAssignment = new azure.authorization.Assignment("example", {
 *     name: "00000000-0000-0000-0000-000000000000",
 *     scope: primary.then(primary => primary.id),
 *     roleDefinitionId: exampleRoleDefinition.roleDefinitionResourceId,
 *     principalId: example.then(example => example.objectId),
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_azure as azure
 * primary = azure.core.get_subscription()
 * example = azure.core.get_client_config()
 * example_role_definition = azure.authorization.RoleDefinition("example",
 *     role_definition_id="00000000-0000-0000-0000-000000000000",
 *     name="my-custom-role-definition",
 *     scope=primary.id,
 *     permissions=[azure.authorization.RoleDefinitionPermissionArgs(
 *         actions=["Microsoft.Resources/subscriptions/resourceGroups/read"],
 *         not_actions=[],
 *     )],
 *     assignable_scopes=[primary.id])
 * example_assignment = azure.authorization.Assignment("example",
 *     name="00000000-0000-0000-0000-000000000000",
 *     scope=primary.id,
 *     role_definition_id=example_role_definition.role_definition_resource_id,
 *     principal_id=example.object_id)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Azure = Pulumi.Azure;
 * return await Deployment.RunAsync(() =>
 * {
 *     var primary = Azure.Core.GetSubscription.Invoke();
 *     var example = Azure.Core.GetClientConfig.Invoke();
 *     var exampleRoleDefinition = new Azure.Authorization.RoleDefinition("example", new()
 *     {
 *         RoleDefinitionId = "00000000-0000-0000-0000-000000000000",
 *         Name = "my-custom-role-definition",
 *         Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
 *         Permissions = new[]
 *         {
 *             new Azure.Authorization.Inputs.RoleDefinitionPermissionArgs
 *             {
 *                 Actions = new[]
 *                 {
 *                     "Microsoft.Resources/subscriptions/resourceGroups/read",
 *                 },
 *                 NotActions = new() { },
 *             },
 *         },
 *         AssignableScopes = new[]
 *         {
 *             primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
 *         },
 *     });
 *     var exampleAssignment = new Azure.Authorization.Assignment("example", new()
 *     {
 *         Name = "00000000-0000-0000-0000-000000000000",
 *         Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
 *         RoleDefinitionId = exampleRoleDefinition.RoleDefinitionResourceId,
 *         PrincipalId = example.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
 * 	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		primary, err := core.LookupSubscription(ctx, nil, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		example, err := core.GetClientConfig(ctx, nil, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{
 * 			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
 * 			Name:             pulumi.String("my-custom-role-definition"),
 * 			Scope:            pulumi.String(primary.Id),
 * 			Permissions: authorization.RoleDefinitionPermissionArray{
 * 				&authorization.RoleDefinitionPermissionArgs{
 * 					Actions: pulumi.StringArray{
 * 						pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
 * 					},
 * 					NotActions: pulumi.StringArray{},
 * 				},
 * 			},
 * 			AssignableScopes: pulumi.StringArray{
 * 				pulumi.String(primary.Id),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
 * 			Name:             pulumi.String("00000000-0000-0000-0000-000000000000"),
 * 			Scope:            pulumi.String(primary.Id),
 * 			RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
 * 			PrincipalId:      pulumi.String(example.ObjectId),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.azure.core.CoreFunctions;
 * import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
 * import com.pulumi.azure.authorization.RoleDefinition;
 * import com.pulumi.azure.authorization.RoleDefinitionArgs;
 * import com.pulumi.azure.authorization.inputs.RoleDefinitionPermissionArgs;
 * import com.pulumi.azure.authorization.Assignment;
 * import com.pulumi.azure.authorization.AssignmentArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         final var primary = CoreFunctions.getSubscription();
 *         final var example = CoreFunctions.getClientConfig();
 *         var exampleRoleDefinition = new RoleDefinition("exampleRoleDefinition", RoleDefinitionArgs.builder()
 *             .roleDefinitionId("00000000-0000-0000-0000-000000000000")
 *             .name("my-custom-role-definition")
 *             .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
 *             .permissions(RoleDefinitionPermissionArgs.builder()
 *                 .actions("Microsoft.Resources/subscriptions/resourceGroups/read")
 *                 .notActions()
 *                 .build())
 *             .assignableScopes(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
 *             .build());
 *         var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
 *             .name("00000000-0000-0000-0000-000000000000")
 *             .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
 *             .roleDefinitionId(exampleRoleDefinition.roleDefinitionResourceId())
 *             .principalId(example.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   exampleRoleDefinition:
 *     type: azure:authorization:RoleDefinition
 *     name: example
 *     properties:
 *       roleDefinitionId: 00000000-0000-0000-0000-000000000000
 *       name: my-custom-role-definition
 *       scope: ${primary.id}
 *       permissions:
 *         - actions:
 *             - Microsoft.Resources/subscriptions/resourceGroups/read
 *           notActions: []
 *       assignableScopes:
 *         - ${primary.id}
 *   exampleAssignment:
 *     type: azure:authorization:Assignment
 *     name: example
 *     properties:
 *       name: 00000000-0000-0000-0000-000000000000
 *       scope: ${primary.id}
 *       roleDefinitionId: ${exampleRoleDefinition.roleDefinitionResourceId}
 *       principalId: ${example.objectId}
 * variables:
 *   primary:
 *     fn::invoke:
 *       Function: azure:core:getSubscription
 *       Arguments: {}
 *   example:
 *     fn::invoke:
 *       Function: azure:core:getClientConfig
 *       Arguments: {}
 * ```
 * 
 * ### Custom Role & Management Group)
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as azure from "@pulumi/azure";
 * const primary = azure.core.getSubscription({});
 * const example = azure.core.getClientConfig({});
 * const exampleGetGroup = azure.management.getGroup({
 *     name: "00000000-0000-0000-0000-000000000000",
 * });
 * const exampleRoleDefinition = new azure.authorization.RoleDefinition("example", {
 *     roleDefinitionId: "00000000-0000-0000-0000-000000000000",
 *     name: "my-custom-role-definition",
 *     scope: primary.then(primary => primary.id),
 *     permissions: [{
 *         actions: ["Microsoft.Resources/subscriptions/resourceGroups/read"],
 *         notActions: [],
 *     }],
 *     assignableScopes: [primary.then(primary => primary.id)],
 * });
 * const exampleAssignment = new azure.authorization.Assignment("example", {
 *     name: "00000000-0000-0000-0000-000000000000",
 *     scope: primaryAzurermManagementGroup.id,
 *     roleDefinitionId: exampleRoleDefinition.roleDefinitionResourceId,
 *     principalId: example.then(example => example.objectId),
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_azure as azure
 * primary = azure.core.get_subscription()
 * example = azure.core.get_client_config()
 * example_get_group = azure.management.get_group(name="00000000-0000-0000-0000-000000000000")
 * example_role_definition = azure.authorization.RoleDefinition("example",
 *     role_definition_id="00000000-0000-0000-0000-000000000000",
 *     name="my-custom-role-definition",
 *     scope=primary.id,
 *     permissions=[azure.authorization.RoleDefinitionPermissionArgs(
 *         actions=["Microsoft.Resources/subscriptions/resourceGroups/read"],
 *         not_actions=[],
 *     )],
 *     assignable_scopes=[primary.id])
 * example_assignment = azure.authorization.Assignment("example",
 *     name="00000000-0000-0000-0000-000000000000",
 *     scope=primary_azurerm_management_group["id"],
 *     role_definition_id=example_role_definition.role_definition_resource_id,
 *     principal_id=example.object_id)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Azure = Pulumi.Azure;
 * return await Deployment.RunAsync(() =>
 * {
 *     var primary = Azure.Core.GetSubscription.Invoke();
 *     var example = Azure.Core.GetClientConfig.Invoke();
 *     var exampleGetGroup = Azure.Management.GetGroup.Invoke(new()
 *     {
 *         Name = "00000000-0000-0000-0000-000000000000",
 *     });
 *     var exampleRoleDefinition = new Azure.Authorization.RoleDefinition("example", new()
 *     {
 *         RoleDefinitionId = "00000000-0000-0000-0000-000000000000",
 *         Name = "my-custom-role-definition",
 *         Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
 *         Permissions = new[]
 *         {
 *             new Azure.Authorization.Inputs.RoleDefinitionPermissionArgs
 *             {
 *                 Actions = new[]
 *                 {
 *                     "Microsoft.Resources/subscriptions/resourceGroups/read",
 *                 },
 *                 NotActions = new() { },
 *             },
 *         },
 *         AssignableScopes = new[]
 *         {
 *             primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
 *         },
 *     });
 *     var exampleAssignment = new Azure.Authorization.Assignment("example", new()
 *     {
 *         Name = "00000000-0000-0000-0000-000000000000",
 *         Scope = primaryAzurermManagementGroup.Id,
 *         RoleDefinitionId = exampleRoleDefinition.RoleDefinitionResourceId,
 *         PrincipalId = example.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
 * 	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
 * 	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/management"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		primary, err := core.LookupSubscription(ctx, nil, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		example, err := core.GetClientConfig(ctx, nil, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = management.LookupGroup(ctx, &management.LookupGroupArgs{
 * 			Name: pulumi.StringRef("00000000-0000-0000-0000-000000000000"),
 * 		}, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{
 * 			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
 * 			Name:             pulumi.String("my-custom-role-definition"),
 * 			Scope:            pulumi.String(primary.Id),
 * 			Permissions: authorization.RoleDefinitionPermissionArray{
 * 				&authorization.RoleDefinitionPermissionArgs{
 * 					Actions: pulumi.StringArray{
 * 						pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
 * 					},
 * 					NotActions: pulumi.StringArray{},
 * 				},
 * 			},
 * 			AssignableScopes: pulumi.StringArray{
 * 				pulumi.String(primary.Id),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
 * 			Name:             pulumi.String("00000000-0000-0000-0000-000000000000"),
 * 			Scope:            pulumi.Any(primaryAzurermManagementGroup.Id),
 * 			RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
 * 			PrincipalId:      pulumi.String(example.ObjectId),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.azure.core.CoreFunctions;
 * import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
 * import com.pulumi.azure.management.ManagementFunctions;
 * import com.pulumi.azure.management.inputs.GetGroupArgs;
 * import com.pulumi.azure.authorization.RoleDefinition;
 * import com.pulumi.azure.authorization.RoleDefinitionArgs;
 * import com.pulumi.azure.authorization.inputs.RoleDefinitionPermissionArgs;
 * import com.pulumi.azure.authorization.Assignment;
 * import com.pulumi.azure.authorization.AssignmentArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         final var primary = CoreFunctions.getSubscription();
 *         final var example = CoreFunctions.getClientConfig();
 *         final var exampleGetGroup = ManagementFunctions.getGroup(GetGroupArgs.builder()
 *             .name("00000000-0000-0000-0000-000000000000")
 *             .build());
 *         var exampleRoleDefinition = new RoleDefinition("exampleRoleDefinition", RoleDefinitionArgs.builder()
 *             .roleDefinitionId("00000000-0000-0000-0000-000000000000")
 *             .name("my-custom-role-definition")
 *             .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
 *             .permissions(RoleDefinitionPermissionArgs.builder()
 *                 .actions("Microsoft.Resources/subscriptions/resourceGroups/read")
 *                 .notActions()
 *                 .build())
 *             .assignableScopes(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
 *             .build());
 *         var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
 *             .name("00000000-0000-0000-0000-000000000000")
 *             .scope(primaryAzurermManagementGroup.id())
 *             .roleDefinitionId(exampleRoleDefinition.roleDefinitionResourceId())
 *             .principalId(example.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   exampleRoleDefinition:
 *     type: azure:authorization:RoleDefinition
 *     name: example
 *     properties:
 *       roleDefinitionId: 00000000-0000-0000-0000-000000000000
 *       name: my-custom-role-definition
 *       scope: ${primary.id}
 *       permissions:
 *         - actions:
 *             - Microsoft.Resources/subscriptions/resourceGroups/read
 *           notActions: []
 *       assignableScopes:
 *         - ${primary.id}
 *   exampleAssignment:
 *     type: azure:authorization:Assignment
 *     name: example
 *     properties:
 *       name: 00000000-0000-0000-0000-000000000000
 *       scope: ${primaryAzurermManagementGroup.id}
 *       roleDefinitionId: ${exampleRoleDefinition.roleDefinitionResourceId}
 *       principalId: ${example.objectId}
 * variables:
 *   primary:
 *     fn::invoke:
 *       Function: azure:core:getSubscription
 *       Arguments: {}
 *   example:
 *     fn::invoke:
 *       Function: azure:core:getClientConfig
 *       Arguments: {}
 *   exampleGetGroup:
 *     fn::invoke:
 *       Function: azure:management:getGroup
 *       Arguments:
 *         name: 00000000-0000-0000-0000-000000000000
 * ```
 * 
 * ### ABAC Condition)
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as azure from "@pulumi/azure";
 * import * as std from "@pulumi/std";
 * const primary = azure.core.getSubscription({});
 * const example = azure.core.getClientConfig({});
 * const builtin = azure.authorization.getRoleDefinition({
 *     name: "Reader",
 * });
 * const exampleAssignment = new azure.authorization.Assignment("example", {
 *     roleDefinitionName: "Role Based Access Control Administrator",
 *     scope: primary.then(primary => primary.id),
 *     principalId: example.then(example => example.objectId),
 *     principalType: "ServicePrincipal",
 *     description: "Role Based Access Control Administrator role assignment with ABAC Condition.",
 *     conditionVersion: "2.0",
 *     condition: Promise.all([builtin.then(builtin => std.basename({
 *         input: builtin.roleDefinitionId,
 *     })), builtin.then(builtin => std.basename({
 *         input: builtin.roleDefinitionId,
 *     }))]).then(([invoke, invoke1]) => `(
 *  (
 *   !(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})
 *  )
 *  OR
 *  (
 *   @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {${invoke.result}}
 *  )
 * )
 * AND
 * (
 *  (
 *   !(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})
 *  )
 *  OR
 *  (
 *   @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {${invoke1.result}}
 *  )
 * )
 * `),
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_azure as azure
 * import pulumi_std as std
 * primary = azure.core.get_subscription()
 * example = azure.core.get_client_config()
 * builtin = azure.authorization.get_role_definition(name="Reader")
 * example_assignment = azure.authorization.Assignment("example",
 *     role_definition_name="Role Based Access Control Administrator",
 *     scope=primary.id,
 *     principal_id=example.object_id,
 *     principal_type="ServicePrincipal",
 *     description="Role Based Access Control Administrator role assignment with ABAC Condition.",
 *     condition_version="2.0",
 *     condition=f"""(
 *  (
 *   !(ActionMatches{{'Microsoft.Authorization/roleAssignments/write'}})
 *  )
 *  OR
 *  (
 *   @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {{{std.basename(input=builtin.role_definition_id).result}}}
 *  )
 * )
 * AND
 * (
 *  (
 *   !(ActionMatches{{'Microsoft.Authorization/roleAssignments/delete'}})
 *  )
 *  OR
 *  (
 *   @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {{{std.basename(input=builtin.role_definition_id).result}}}
 *  )
 * )
 * """)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Azure = Pulumi.Azure;
 * using Std = Pulumi.Std;
 * return await Deployment.RunAsync(() =>
 * {
 *     var primary = Azure.Core.GetSubscription.Invoke();
 *     var example = Azure.Core.GetClientConfig.Invoke();
 *     var builtin = Azure.Authorization.GetRoleDefinition.Invoke(new()
 *     {
 *         Name = "Reader",
 *     });
 *     var exampleAssignment = new Azure.Authorization.Assignment("example", new()
 *     {
 *         RoleDefinitionName = "Role Based Access Control Administrator",
 *         Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
 *         PrincipalId = example.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
 *         PrincipalType = "ServicePrincipal",
 *         Description = "Role Based Access Control Administrator role assignment with ABAC Condition.",
 *         ConditionVersion = "2.0",
 *         Condition = Output.Tuple(Std.Basename.Invoke(new()
 *         {
 *             Input = builtin.Apply(getRoleDefinitionResult => getRoleDefinitionResult.RoleDefinitionId),
 *         }), Std.Basename.Invoke(new()
 *         {
 *             Input = builtin.Apply(getRoleDefinitionResult => getRoleDefinitionResult.RoleDefinitionId),
 *         })).Apply(values =>
 *         {
 *             var invoke = values.Item1;
 *             var invoke1 = values.Item2;
 *             return @$"(
 *  (
 *   !(ActionMatches{{'Microsoft.Authorization/roleAssignments/write'}})
 *  )
 *  OR
 *  (
 *   @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {{{invoke.Result}}}
 *  )
 * )
 * AND
 * (
 *  (
 *   !(ActionMatches{{'Microsoft.Authorization/roleAssignments/delete'}})
 *  )
 *  OR
 *  (
 *   @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {{{invoke1.Result}}}
 *  )
 * )
 * ";
 *         }),
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
 * 	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
 * 	"github.com/pulumi/pulumi-std/sdk/go/std"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		primary, err := core.LookupSubscription(ctx, nil, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		example, err := core.GetClientConfig(ctx, nil, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		builtin, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
 * 			Name: pulumi.StringRef("Reader"),
 * 		}, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		invokeBasename, err := std.Basename(ctx, &std.BasenameArgs{
 * 			Input: builtin.RoleDefinitionId,
 * 		}, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		invokeBasename1, err := std.Basename(ctx, &std.BasenameArgs{
 * 			Input: builtin.RoleDefinitionId,
 * 		}, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
 * 			RoleDefinitionName: pulumi.String("Role Based Access Control Administrator"),
 * 			Scope:              pulumi.String(primary.Id),
 * 			PrincipalId:        pulumi.String(example.ObjectId),
 * 			PrincipalType:      pulumi.String("ServicePrincipal"),
 * 			Description:        pulumi.String("Role Based Access Control Administrator role assignment with ABAC Condition."),
 * 			ConditionVersion:   pulumi.String("2.0"),
 * 			Condition: pulumi.String(fmt.Sprintf(`(
 *  (
 *   !(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})
 *  )
 *  OR
 *  (
 *   @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {%v}
 *  )
 * )
 * AND
 * (
 *  (
 *   !(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})
 *  )
 *  OR
 *  (
 *   @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {%v}
 *  )
 * )
 * `, invokeBasename.Result, invokeBasename1.Result)),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.azure.core.CoreFunctions;
 * import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
 * import com.pulumi.azure.authorization.AuthorizationFunctions;
 * import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
 * import com.pulumi.azure.authorization.Assignment;
 * import com.pulumi.azure.authorization.AssignmentArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         final var primary = CoreFunctions.getSubscription();
 *         final var example = CoreFunctions.getClientConfig();
 *         final var builtin = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
 *             .name("Reader")
 *             .build());
 *         var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
 *             .roleDefinitionName("Role Based Access Control Administrator")
 *             .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
 *             .principalId(example.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
 *             .principalType("ServicePrincipal")
 *             .description("Role Based Access Control Administrator role assignment with ABAC Condition.")
 *             .conditionVersion("2.0")
 *             .condition("""
 * (
 *  (
 *   !(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})
 *  )
 *  OR
 *  (
 *   @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {%s}
 *  )
 * )
 * AND
 * (
 *  (
 *   !(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})
 *  )
 *  OR
 *  (
 *   @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {%s}
 *  )
 * )
 * ", StdFunctions.basename(BasenameArgs.builder()
 *                 .input(builtin.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.roleDefinitionId()))
 *                 .build()).result(),StdFunctions.basename(BasenameArgs.builder()
 *                 .input(builtin.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.roleDefinitionId()))
 *                 .build()).result()))
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   exampleAssignment:
 *     type: azure:authorization:Assignment
 *     name: example
 *     properties:
 *       roleDefinitionName: Role Based Access Control Administrator
 *       scope: ${primary.id}
 *       principalId: ${example.objectId}
 *       principalType: ServicePrincipal
 *       description: Role Based Access Control Administrator role assignment with ABAC Condition.
 *       conditionVersion: '2.0'
 *       condition:
 *         fn::join:
 *           -
 *           - - |-
 *               (
 *                (
 *                 !(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})
 *                )
 *                OR
 *                (
 *                 @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
 *             - fn::invoke:
 *                 Function: std:basename
 *                 Arguments:
 *                   input: ${builtin.roleDefinitionId}
 *                 Return: result
 *             - |-
 *               }
 *                )
 *               )
 *               AND
 *               (
 *                (
 *                 !(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})
 *                )
 *                OR
 *                (
 *                 @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
 *             - fn::invoke:
 *                 Function: std:basename
 *                 Arguments:
 *                   input: ${builtin.roleDefinitionId}
 *                 Return: result
 *             - |
 *               }
 *                )
 *               )
 * variables:
 *   primary:
 *     fn::invoke:
 *       Function: azure:core:getSubscription
 *       Arguments: {}
 *   example:
 *     fn::invoke:
 *       Function: azure:core:getClientConfig
 *       Arguments: {}
 *   builtin:
 *     fn::invoke:
 *       Function: azure:authorization:getRoleDefinition
 *       Arguments:
 *         name: Reader
 * ```
 * 
 * ## Import
 * Role Assignments can be imported using the `resource id`, e.g.
 * ```sh
 * $ pulumi import azure:authorization/assignment:Assignment example /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000
 * ```
 * * for scope `Subscription`, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000`
 * * for scope `Resource Group`, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000`
 * * for scope referencing a Key Vault, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.KeyVault/vaults/vaultname/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000`
 * text
 * /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000|00000000-0000-0000-0000-000000000000
 * @property condition The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.
 * @property conditionVersion The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.
 * @property delegatedManagedIdentityResourceId The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.
 * > **NOTE:** this field is only used in cross tenant scenario.
 * @property description The description for this Role Assignment. Changing this forces a new resource to be created.
 * @property name A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
 * @property principalId The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
 * > **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications).
 * @property principalType The type of the `principal_id`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.
 * > **NOTE:** If one of `condition` or `condition_version` is set both fields must be present.
 * @property roleDefinitionId The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `role_definition_name`.
 * @property roleDefinitionName The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `role_definition_id`.
 * @property scope The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
 * @property skipServicePrincipalAadCheck If the `principal_id` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principal_id` is a `Service Principal` identity. Defaults to `false`.
 * > **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail.
 */
public data class AssignmentArgs(
    public val condition: Output? = null,
    public val conditionVersion: Output? = null,
    public val delegatedManagedIdentityResourceId: Output? = null,
    public val description: Output? = null,
    public val name: Output? = null,
    public val principalId: Output? = null,
    public val principalType: Output? = null,
    public val roleDefinitionId: Output? = null,
    public val roleDefinitionName: Output? = null,
    public val scope: Output? = null,
    public val skipServicePrincipalAadCheck: Output? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.azure.authorization.AssignmentArgs =
        com.pulumi.azure.authorization.AssignmentArgs.builder()
            .condition(condition?.applyValue({ args0 -> args0 }))
            .conditionVersion(conditionVersion?.applyValue({ args0 -> args0 }))
            .delegatedManagedIdentityResourceId(
                delegatedManagedIdentityResourceId?.applyValue({ args0 ->
                    args0
                }),
            )
            .description(description?.applyValue({ args0 -> args0 }))
            .name(name?.applyValue({ args0 -> args0 }))
            .principalId(principalId?.applyValue({ args0 -> args0 }))
            .principalType(principalType?.applyValue({ args0 -> args0 }))
            .roleDefinitionId(roleDefinitionId?.applyValue({ args0 -> args0 }))
            .roleDefinitionName(roleDefinitionName?.applyValue({ args0 -> args0 }))
            .scope(scope?.applyValue({ args0 -> args0 }))
            .skipServicePrincipalAadCheck(skipServicePrincipalAadCheck?.applyValue({ args0 -> args0 })).build()
}

/**
 * Builder for [AssignmentArgs].
 */
@PulumiTagMarker
public class AssignmentArgsBuilder internal constructor() {
    private var condition: Output? = null

    private var conditionVersion: Output? = null

    private var delegatedManagedIdentityResourceId: Output? = null

    private var description: Output? = null

    private var name: Output? = null

    private var principalId: Output? = null

    private var principalType: Output? = null

    private var roleDefinitionId: Output? = null

    private var roleDefinitionName: Output? = null

    private var scope: Output? = null

    private var skipServicePrincipalAadCheck: Output? = null

    /**
     * @param value The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.
     */
    @JvmName("lwamegqofkgjywqn")
    public suspend fun condition(`value`: Output) {
        this.condition = value
    }

    /**
     * @param value The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.
     */
    @JvmName("xbmbxmlwwnnuykyd")
    public suspend fun conditionVersion(`value`: Output) {
        this.conditionVersion = value
    }

    /**
     * @param value The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.
     * > **NOTE:** this field is only used in cross tenant scenario.
     */
    @JvmName("yjuliplykeebgptl")
    public suspend fun delegatedManagedIdentityResourceId(`value`: Output) {
        this.delegatedManagedIdentityResourceId = value
    }

    /**
     * @param value The description for this Role Assignment. Changing this forces a new resource to be created.
     */
    @JvmName("apdefnvxchwetwno")
    public suspend fun description(`value`: Output) {
        this.description = value
    }

    /**
     * @param value A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
     */
    @JvmName("ndrxoahykohyyypn")
    public suspend fun name(`value`: Output) {
        this.name = value
    }

    /**
     * @param value The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
     * > **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications).
     */
    @JvmName("edwfdcvioouxhnay")
    public suspend fun principalId(`value`: Output) {
        this.principalId = value
    }

    /**
     * @param value The type of the `principal_id`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.
     * > **NOTE:** If one of `condition` or `condition_version` is set both fields must be present.
     */
    @JvmName("twmiuqplqweksjgh")
    public suspend fun principalType(`value`: Output) {
        this.principalType = value
    }

    /**
     * @param value The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `role_definition_name`.
     */
    @JvmName("yqvboehgmjxcnvpq")
    public suspend fun roleDefinitionId(`value`: Output) {
        this.roleDefinitionId = value
    }

    /**
     * @param value The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `role_definition_id`.
     */
    @JvmName("cxdhycihsjtnlkyg")
    public suspend fun roleDefinitionName(`value`: Output) {
        this.roleDefinitionName = value
    }

    /**
     * @param value The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
     */
    @JvmName("avohagbgoxihymbl")
    public suspend fun scope(`value`: Output) {
        this.scope = value
    }

    /**
     * @param value If the `principal_id` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principal_id` is a `Service Principal` identity. Defaults to `false`.
     * > **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail.
     */
    @JvmName("myriateiqcdptcym")
    public suspend fun skipServicePrincipalAadCheck(`value`: Output) {
        this.skipServicePrincipalAadCheck = value
    }

    /**
     * @param value The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.
     */
    @JvmName("qktaytqwxrrfnlyf")
    public suspend fun condition(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.condition = mapped
    }

    /**
     * @param value The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.
     */
    @JvmName("cvdeqosdfsvdrxbb")
    public suspend fun conditionVersion(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.conditionVersion = mapped
    }

    /**
     * @param value The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.
     * > **NOTE:** this field is only used in cross tenant scenario.
     */
    @JvmName("pegcyjgvxvbpbjjy")
    public suspend fun delegatedManagedIdentityResourceId(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.delegatedManagedIdentityResourceId = mapped
    }

    /**
     * @param value The description for this Role Assignment. Changing this forces a new resource to be created.
     */
    @JvmName("vkdpvubnsejpxvni")
    public suspend fun description(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.description = mapped
    }

    /**
     * @param value A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
     */
    @JvmName("npmbfmgtfuifgrtc")
    public suspend fun name(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.name = mapped
    }

    /**
     * @param value The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
     * > **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications).
     */
    @JvmName("sjqjkriqodmaiihl")
    public suspend fun principalId(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.principalId = mapped
    }

    /**
     * @param value The type of the `principal_id`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.
     * > **NOTE:** If one of `condition` or `condition_version` is set both fields must be present.
     */
    @JvmName("covaducwerktkoss")
    public suspend fun principalType(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.principalType = mapped
    }

    /**
     * @param value The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `role_definition_name`.
     */
    @JvmName("krujxkgcdtsxnmuy")
    public suspend fun roleDefinitionId(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.roleDefinitionId = mapped
    }

    /**
     * @param value The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `role_definition_id`.
     */
    @JvmName("owvacchtwlywpvlt")
    public suspend fun roleDefinitionName(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.roleDefinitionName = mapped
    }

    /**
     * @param value The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
     */
    @JvmName("yvwyvbvpqtbgwnss")
    public suspend fun scope(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.scope = mapped
    }

    /**
     * @param value If the `principal_id` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principal_id` is a `Service Principal` identity. Defaults to `false`.
     * > **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail.
     */
    @JvmName("mcwnfoscwumxrtaj")
    public suspend fun skipServicePrincipalAadCheck(`value`: Boolean?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.skipServicePrincipalAadCheck = mapped
    }

    internal fun build(): AssignmentArgs = AssignmentArgs(
        condition = condition,
        conditionVersion = conditionVersion,
        delegatedManagedIdentityResourceId = delegatedManagedIdentityResourceId,
        description = description,
        name = name,
        principalId = principalId,
        principalType = principalType,
        roleDefinitionId = roleDefinitionId,
        roleDefinitionName = roleDefinitionName,
        scope = scope,
        skipServicePrincipalAadCheck = skipServicePrincipalAadCheck,
    )
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy