Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $
You can buy this project and download/modify it how often you want.
com.pulumi.azure.authorization.kotlin.AssignmentArgs.kt Maven / Gradle / Ivy
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.azure.authorization.kotlin
import com.pulumi.azure.authorization.AssignmentArgs.builder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.jvm.JvmName
/**
* Assigns a given Principal (User or Group) to a given Role.
* ## Example Usage
* ### Using A Built-In Role)
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* const primary = azure.core.getSubscription({});
* const example = azure.core.getClientConfig({});
* const exampleAssignment = new azure.authorization.Assignment("example", {
* scope: primary.then(primary => primary.id),
* roleDefinitionName: "Reader",
* principalId: example.then(example => example.objectId),
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* primary = azure.core.get_subscription()
* example = azure.core.get_client_config()
* example_assignment = azure.authorization.Assignment("example",
* scope=primary.id,
* role_definition_name="Reader",
* principal_id=example.object_id)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* return await Deployment.RunAsync(() =>
* {
* var primary = Azure.Core.GetSubscription.Invoke();
* var example = Azure.Core.GetClientConfig.Invoke();
* var exampleAssignment = new Azure.Authorization.Assignment("example", new()
* {
* Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
* RoleDefinitionName = "Reader",
* PrincipalId = example.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* primary, err := core.LookupSubscription(ctx, nil, nil)
* if err != nil {
* return err
* }
* example, err := core.GetClientConfig(ctx, nil, nil)
* if err != nil {
* return err
* }
* _, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
* Scope: pulumi.String(primary.Id),
* RoleDefinitionName: pulumi.String("Reader"),
* PrincipalId: pulumi.String(example.ObjectId),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.CoreFunctions;
* import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
* import com.pulumi.azure.authorization.Assignment;
* import com.pulumi.azure.authorization.AssignmentArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var primary = CoreFunctions.getSubscription();
* final var example = CoreFunctions.getClientConfig();
* var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
* .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
* .roleDefinitionName("Reader")
* .principalId(example.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* exampleAssignment:
* type: azure:authorization:Assignment
* name: example
* properties:
* scope: ${primary.id}
* roleDefinitionName: Reader
* principalId: ${example.objectId}
* variables:
* primary:
* fn::invoke:
* Function: azure:core:getSubscription
* Arguments: {}
* example:
* fn::invoke:
* Function: azure:core:getClientConfig
* Arguments: {}
* ```
*
* ### Custom Role & Service Principal)
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* const primary = azure.core.getSubscription({});
* const example = azure.core.getClientConfig({});
* const exampleRoleDefinition = new azure.authorization.RoleDefinition("example", {
* roleDefinitionId: "00000000-0000-0000-0000-000000000000",
* name: "my-custom-role-definition",
* scope: primary.then(primary => primary.id),
* permissions: [{
* actions: ["Microsoft.Resources/subscriptions/resourceGroups/read"],
* notActions: [],
* }],
* assignableScopes: [primary.then(primary => primary.id)],
* });
* const exampleAssignment = new azure.authorization.Assignment("example", {
* name: "00000000-0000-0000-0000-000000000000",
* scope: primary.then(primary => primary.id),
* roleDefinitionId: exampleRoleDefinition.roleDefinitionResourceId,
* principalId: example.then(example => example.objectId),
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* primary = azure.core.get_subscription()
* example = azure.core.get_client_config()
* example_role_definition = azure.authorization.RoleDefinition("example",
* role_definition_id="00000000-0000-0000-0000-000000000000",
* name="my-custom-role-definition",
* scope=primary.id,
* permissions=[{
* "actions": ["Microsoft.Resources/subscriptions/resourceGroups/read"],
* "not_actions": [],
* }],
* assignable_scopes=[primary.id])
* example_assignment = azure.authorization.Assignment("example",
* name="00000000-0000-0000-0000-000000000000",
* scope=primary.id,
* role_definition_id=example_role_definition.role_definition_resource_id,
* principal_id=example.object_id)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* return await Deployment.RunAsync(() =>
* {
* var primary = Azure.Core.GetSubscription.Invoke();
* var example = Azure.Core.GetClientConfig.Invoke();
* var exampleRoleDefinition = new Azure.Authorization.RoleDefinition("example", new()
* {
* RoleDefinitionId = "00000000-0000-0000-0000-000000000000",
* Name = "my-custom-role-definition",
* Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
* Permissions = new[]
* {
* new Azure.Authorization.Inputs.RoleDefinitionPermissionArgs
* {
* Actions = new[]
* {
* "Microsoft.Resources/subscriptions/resourceGroups/read",
* },
* NotActions = new() { },
* },
* },
* AssignableScopes = new[]
* {
* primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
* },
* });
* var exampleAssignment = new Azure.Authorization.Assignment("example", new()
* {
* Name = "00000000-0000-0000-0000-000000000000",
* Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
* RoleDefinitionId = exampleRoleDefinition.RoleDefinitionResourceId,
* PrincipalId = example.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* primary, err := core.LookupSubscription(ctx, nil, nil)
* if err != nil {
* return err
* }
* example, err := core.GetClientConfig(ctx, nil, nil)
* if err != nil {
* return err
* }
* exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{
* RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
* Name: pulumi.String("my-custom-role-definition"),
* Scope: pulumi.String(primary.Id),
* Permissions: authorization.RoleDefinitionPermissionArray{
* &authorization.RoleDefinitionPermissionArgs{
* Actions: pulumi.StringArray{
* pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
* },
* NotActions: pulumi.StringArray{},
* },
* },
* AssignableScopes: pulumi.StringArray{
* pulumi.String(primary.Id),
* },
* })
* if err != nil {
* return err
* }
* _, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
* Name: pulumi.String("00000000-0000-0000-0000-000000000000"),
* Scope: pulumi.String(primary.Id),
* RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
* PrincipalId: pulumi.String(example.ObjectId),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.CoreFunctions;
* import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
* import com.pulumi.azure.authorization.RoleDefinition;
* import com.pulumi.azure.authorization.RoleDefinitionArgs;
* import com.pulumi.azure.authorization.inputs.RoleDefinitionPermissionArgs;
* import com.pulumi.azure.authorization.Assignment;
* import com.pulumi.azure.authorization.AssignmentArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var primary = CoreFunctions.getSubscription();
* final var example = CoreFunctions.getClientConfig();
* var exampleRoleDefinition = new RoleDefinition("exampleRoleDefinition", RoleDefinitionArgs.builder()
* .roleDefinitionId("00000000-0000-0000-0000-000000000000")
* .name("my-custom-role-definition")
* .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
* .permissions(RoleDefinitionPermissionArgs.builder()
* .actions("Microsoft.Resources/subscriptions/resourceGroups/read")
* .notActions()
* .build())
* .assignableScopes(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
* .build());
* var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
* .name("00000000-0000-0000-0000-000000000000")
* .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
* .roleDefinitionId(exampleRoleDefinition.roleDefinitionResourceId())
* .principalId(example.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* exampleRoleDefinition:
* type: azure:authorization:RoleDefinition
* name: example
* properties:
* roleDefinitionId: 00000000-0000-0000-0000-000000000000
* name: my-custom-role-definition
* scope: ${primary.id}
* permissions:
* - actions:
* - Microsoft.Resources/subscriptions/resourceGroups/read
* notActions: []
* assignableScopes:
* - ${primary.id}
* exampleAssignment:
* type: azure:authorization:Assignment
* name: example
* properties:
* name: 00000000-0000-0000-0000-000000000000
* scope: ${primary.id}
* roleDefinitionId: ${exampleRoleDefinition.roleDefinitionResourceId}
* principalId: ${example.objectId}
* variables:
* primary:
* fn::invoke:
* Function: azure:core:getSubscription
* Arguments: {}
* example:
* fn::invoke:
* Function: azure:core:getClientConfig
* Arguments: {}
* ```
*
* ### Custom Role & User)
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* const primary = azure.core.getSubscription({});
* const example = azure.core.getClientConfig({});
* const exampleRoleDefinition = new azure.authorization.RoleDefinition("example", {
* roleDefinitionId: "00000000-0000-0000-0000-000000000000",
* name: "my-custom-role-definition",
* scope: primary.then(primary => primary.id),
* permissions: [{
* actions: ["Microsoft.Resources/subscriptions/resourceGroups/read"],
* notActions: [],
* }],
* assignableScopes: [primary.then(primary => primary.id)],
* });
* const exampleAssignment = new azure.authorization.Assignment("example", {
* name: "00000000-0000-0000-0000-000000000000",
* scope: primary.then(primary => primary.id),
* roleDefinitionId: exampleRoleDefinition.roleDefinitionResourceId,
* principalId: example.then(example => example.objectId),
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* primary = azure.core.get_subscription()
* example = azure.core.get_client_config()
* example_role_definition = azure.authorization.RoleDefinition("example",
* role_definition_id="00000000-0000-0000-0000-000000000000",
* name="my-custom-role-definition",
* scope=primary.id,
* permissions=[{
* "actions": ["Microsoft.Resources/subscriptions/resourceGroups/read"],
* "not_actions": [],
* }],
* assignable_scopes=[primary.id])
* example_assignment = azure.authorization.Assignment("example",
* name="00000000-0000-0000-0000-000000000000",
* scope=primary.id,
* role_definition_id=example_role_definition.role_definition_resource_id,
* principal_id=example.object_id)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* return await Deployment.RunAsync(() =>
* {
* var primary = Azure.Core.GetSubscription.Invoke();
* var example = Azure.Core.GetClientConfig.Invoke();
* var exampleRoleDefinition = new Azure.Authorization.RoleDefinition("example", new()
* {
* RoleDefinitionId = "00000000-0000-0000-0000-000000000000",
* Name = "my-custom-role-definition",
* Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
* Permissions = new[]
* {
* new Azure.Authorization.Inputs.RoleDefinitionPermissionArgs
* {
* Actions = new[]
* {
* "Microsoft.Resources/subscriptions/resourceGroups/read",
* },
* NotActions = new() { },
* },
* },
* AssignableScopes = new[]
* {
* primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
* },
* });
* var exampleAssignment = new Azure.Authorization.Assignment("example", new()
* {
* Name = "00000000-0000-0000-0000-000000000000",
* Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
* RoleDefinitionId = exampleRoleDefinition.RoleDefinitionResourceId,
* PrincipalId = example.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* primary, err := core.LookupSubscription(ctx, nil, nil)
* if err != nil {
* return err
* }
* example, err := core.GetClientConfig(ctx, nil, nil)
* if err != nil {
* return err
* }
* exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{
* RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
* Name: pulumi.String("my-custom-role-definition"),
* Scope: pulumi.String(primary.Id),
* Permissions: authorization.RoleDefinitionPermissionArray{
* &authorization.RoleDefinitionPermissionArgs{
* Actions: pulumi.StringArray{
* pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
* },
* NotActions: pulumi.StringArray{},
* },
* },
* AssignableScopes: pulumi.StringArray{
* pulumi.String(primary.Id),
* },
* })
* if err != nil {
* return err
* }
* _, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
* Name: pulumi.String("00000000-0000-0000-0000-000000000000"),
* Scope: pulumi.String(primary.Id),
* RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
* PrincipalId: pulumi.String(example.ObjectId),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.CoreFunctions;
* import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
* import com.pulumi.azure.authorization.RoleDefinition;
* import com.pulumi.azure.authorization.RoleDefinitionArgs;
* import com.pulumi.azure.authorization.inputs.RoleDefinitionPermissionArgs;
* import com.pulumi.azure.authorization.Assignment;
* import com.pulumi.azure.authorization.AssignmentArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var primary = CoreFunctions.getSubscription();
* final var example = CoreFunctions.getClientConfig();
* var exampleRoleDefinition = new RoleDefinition("exampleRoleDefinition", RoleDefinitionArgs.builder()
* .roleDefinitionId("00000000-0000-0000-0000-000000000000")
* .name("my-custom-role-definition")
* .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
* .permissions(RoleDefinitionPermissionArgs.builder()
* .actions("Microsoft.Resources/subscriptions/resourceGroups/read")
* .notActions()
* .build())
* .assignableScopes(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
* .build());
* var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
* .name("00000000-0000-0000-0000-000000000000")
* .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
* .roleDefinitionId(exampleRoleDefinition.roleDefinitionResourceId())
* .principalId(example.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* exampleRoleDefinition:
* type: azure:authorization:RoleDefinition
* name: example
* properties:
* roleDefinitionId: 00000000-0000-0000-0000-000000000000
* name: my-custom-role-definition
* scope: ${primary.id}
* permissions:
* - actions:
* - Microsoft.Resources/subscriptions/resourceGroups/read
* notActions: []
* assignableScopes:
* - ${primary.id}
* exampleAssignment:
* type: azure:authorization:Assignment
* name: example
* properties:
* name: 00000000-0000-0000-0000-000000000000
* scope: ${primary.id}
* roleDefinitionId: ${exampleRoleDefinition.roleDefinitionResourceId}
* principalId: ${example.objectId}
* variables:
* primary:
* fn::invoke:
* Function: azure:core:getSubscription
* Arguments: {}
* example:
* fn::invoke:
* Function: azure:core:getClientConfig
* Arguments: {}
* ```
*
* ### Custom Role & Management Group)
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* const primary = azure.core.getSubscription({});
* const example = azure.core.getClientConfig({});
* const exampleGetGroup = azure.management.getGroup({
* name: "00000000-0000-0000-0000-000000000000",
* });
* const exampleRoleDefinition = new azure.authorization.RoleDefinition("example", {
* roleDefinitionId: "00000000-0000-0000-0000-000000000000",
* name: "my-custom-role-definition",
* scope: primary.then(primary => primary.id),
* permissions: [{
* actions: ["Microsoft.Resources/subscriptions/resourceGroups/read"],
* notActions: [],
* }],
* assignableScopes: [primary.then(primary => primary.id)],
* });
* const exampleAssignment = new azure.authorization.Assignment("example", {
* name: "00000000-0000-0000-0000-000000000000",
* scope: primaryAzurermManagementGroup.id,
* roleDefinitionId: exampleRoleDefinition.roleDefinitionResourceId,
* principalId: example.then(example => example.objectId),
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* primary = azure.core.get_subscription()
* example = azure.core.get_client_config()
* example_get_group = azure.management.get_group(name="00000000-0000-0000-0000-000000000000")
* example_role_definition = azure.authorization.RoleDefinition("example",
* role_definition_id="00000000-0000-0000-0000-000000000000",
* name="my-custom-role-definition",
* scope=primary.id,
* permissions=[{
* "actions": ["Microsoft.Resources/subscriptions/resourceGroups/read"],
* "not_actions": [],
* }],
* assignable_scopes=[primary.id])
* example_assignment = azure.authorization.Assignment("example",
* name="00000000-0000-0000-0000-000000000000",
* scope=primary_azurerm_management_group["id"],
* role_definition_id=example_role_definition.role_definition_resource_id,
* principal_id=example.object_id)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* return await Deployment.RunAsync(() =>
* {
* var primary = Azure.Core.GetSubscription.Invoke();
* var example = Azure.Core.GetClientConfig.Invoke();
* var exampleGetGroup = Azure.Management.GetGroup.Invoke(new()
* {
* Name = "00000000-0000-0000-0000-000000000000",
* });
* var exampleRoleDefinition = new Azure.Authorization.RoleDefinition("example", new()
* {
* RoleDefinitionId = "00000000-0000-0000-0000-000000000000",
* Name = "my-custom-role-definition",
* Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
* Permissions = new[]
* {
* new Azure.Authorization.Inputs.RoleDefinitionPermissionArgs
* {
* Actions = new[]
* {
* "Microsoft.Resources/subscriptions/resourceGroups/read",
* },
* NotActions = new() { },
* },
* },
* AssignableScopes = new[]
* {
* primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
* },
* });
* var exampleAssignment = new Azure.Authorization.Assignment("example", new()
* {
* Name = "00000000-0000-0000-0000-000000000000",
* Scope = primaryAzurermManagementGroup.Id,
* RoleDefinitionId = exampleRoleDefinition.RoleDefinitionResourceId,
* PrincipalId = example.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/management"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* primary, err := core.LookupSubscription(ctx, nil, nil)
* if err != nil {
* return err
* }
* example, err := core.GetClientConfig(ctx, nil, nil)
* if err != nil {
* return err
* }
* _, err = management.LookupGroup(ctx, &management.LookupGroupArgs{
* Name: pulumi.StringRef("00000000-0000-0000-0000-000000000000"),
* }, nil)
* if err != nil {
* return err
* }
* exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "example", &authorization.RoleDefinitionArgs{
* RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
* Name: pulumi.String("my-custom-role-definition"),
* Scope: pulumi.String(primary.Id),
* Permissions: authorization.RoleDefinitionPermissionArray{
* &authorization.RoleDefinitionPermissionArgs{
* Actions: pulumi.StringArray{
* pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
* },
* NotActions: pulumi.StringArray{},
* },
* },
* AssignableScopes: pulumi.StringArray{
* pulumi.String(primary.Id),
* },
* })
* if err != nil {
* return err
* }
* _, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
* Name: pulumi.String("00000000-0000-0000-0000-000000000000"),
* Scope: pulumi.Any(primaryAzurermManagementGroup.Id),
* RoleDefinitionId: exampleRoleDefinition.RoleDefinitionResourceId,
* PrincipalId: pulumi.String(example.ObjectId),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.CoreFunctions;
* import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
* import com.pulumi.azure.management.ManagementFunctions;
* import com.pulumi.azure.management.inputs.GetGroupArgs;
* import com.pulumi.azure.authorization.RoleDefinition;
* import com.pulumi.azure.authorization.RoleDefinitionArgs;
* import com.pulumi.azure.authorization.inputs.RoleDefinitionPermissionArgs;
* import com.pulumi.azure.authorization.Assignment;
* import com.pulumi.azure.authorization.AssignmentArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var primary = CoreFunctions.getSubscription();
* final var example = CoreFunctions.getClientConfig();
* final var exampleGetGroup = ManagementFunctions.getGroup(GetGroupArgs.builder()
* .name("00000000-0000-0000-0000-000000000000")
* .build());
* var exampleRoleDefinition = new RoleDefinition("exampleRoleDefinition", RoleDefinitionArgs.builder()
* .roleDefinitionId("00000000-0000-0000-0000-000000000000")
* .name("my-custom-role-definition")
* .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
* .permissions(RoleDefinitionPermissionArgs.builder()
* .actions("Microsoft.Resources/subscriptions/resourceGroups/read")
* .notActions()
* .build())
* .assignableScopes(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
* .build());
* var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
* .name("00000000-0000-0000-0000-000000000000")
* .scope(primaryAzurermManagementGroup.id())
* .roleDefinitionId(exampleRoleDefinition.roleDefinitionResourceId())
* .principalId(example.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* exampleRoleDefinition:
* type: azure:authorization:RoleDefinition
* name: example
* properties:
* roleDefinitionId: 00000000-0000-0000-0000-000000000000
* name: my-custom-role-definition
* scope: ${primary.id}
* permissions:
* - actions:
* - Microsoft.Resources/subscriptions/resourceGroups/read
* notActions: []
* assignableScopes:
* - ${primary.id}
* exampleAssignment:
* type: azure:authorization:Assignment
* name: example
* properties:
* name: 00000000-0000-0000-0000-000000000000
* scope: ${primaryAzurermManagementGroup.id}
* roleDefinitionId: ${exampleRoleDefinition.roleDefinitionResourceId}
* principalId: ${example.objectId}
* variables:
* primary:
* fn::invoke:
* Function: azure:core:getSubscription
* Arguments: {}
* example:
* fn::invoke:
* Function: azure:core:getClientConfig
* Arguments: {}
* exampleGetGroup:
* fn::invoke:
* Function: azure:management:getGroup
* Arguments:
* name: 00000000-0000-0000-0000-000000000000
* ```
*
* ### ABAC Condition)
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* import * as std from "@pulumi/std";
* const primary = azure.core.getSubscription({});
* const example = azure.core.getClientConfig({});
* const builtin = azure.authorization.getRoleDefinition({
* name: "Reader",
* });
* const exampleAssignment = new azure.authorization.Assignment("example", {
* roleDefinitionName: "Role Based Access Control Administrator",
* scope: primary.then(primary => primary.id),
* principalId: example.then(example => example.objectId),
* principalType: "ServicePrincipal",
* description: "Role Based Access Control Administrator role assignment with ABAC Condition.",
* conditionVersion: "2.0",
* condition: Promise.all([builtin.then(builtin => std.basename({
* input: builtin.roleDefinitionId,
* })), builtin.then(builtin => std.basename({
* input: builtin.roleDefinitionId,
* }))]).then(([invoke, invoke1]) => `(
* (
* !(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})
* )
* OR
* (
* @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {${invoke.result}}
* )
* )
* AND
* (
* (
* !(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})
* )
* OR
* (
* @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {${invoke1.result}}
* )
* )
* `),
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* import pulumi_std as std
* primary = azure.core.get_subscription()
* example = azure.core.get_client_config()
* builtin = azure.authorization.get_role_definition(name="Reader")
* example_assignment = azure.authorization.Assignment("example",
* role_definition_name="Role Based Access Control Administrator",
* scope=primary.id,
* principal_id=example.object_id,
* principal_type="ServicePrincipal",
* description="Role Based Access Control Administrator role assignment with ABAC Condition.",
* condition_version="2.0",
* condition=f"""(
* (
* !(ActionMatches{{'Microsoft.Authorization/roleAssignments/write'}})
* )
* OR
* (
* @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {{{std.basename(input=builtin.role_definition_id).result}}}
* )
* )
* AND
* (
* (
* !(ActionMatches{{'Microsoft.Authorization/roleAssignments/delete'}})
* )
* OR
* (
* @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {{{std.basename(input=builtin.role_definition_id).result}}}
* )
* )
* """)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* using Std = Pulumi.Std;
* return await Deployment.RunAsync(() =>
* {
* var primary = Azure.Core.GetSubscription.Invoke();
* var example = Azure.Core.GetClientConfig.Invoke();
* var builtin = Azure.Authorization.GetRoleDefinition.Invoke(new()
* {
* Name = "Reader",
* });
* var exampleAssignment = new Azure.Authorization.Assignment("example", new()
* {
* RoleDefinitionName = "Role Based Access Control Administrator",
* Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
* PrincipalId = example.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
* PrincipalType = "ServicePrincipal",
* Description = "Role Based Access Control Administrator role assignment with ABAC Condition.",
* ConditionVersion = "2.0",
* Condition = Output.Tuple(Std.Basename.Invoke(new()
* {
* Input = builtin.Apply(getRoleDefinitionResult => getRoleDefinitionResult.RoleDefinitionId),
* }), Std.Basename.Invoke(new()
* {
* Input = builtin.Apply(getRoleDefinitionResult => getRoleDefinitionResult.RoleDefinitionId),
* })).Apply(values =>
* {
* var invoke = values.Item1;
* var invoke1 = values.Item2;
* return @$"(
* (
* !(ActionMatches{{'Microsoft.Authorization/roleAssignments/write'}})
* )
* OR
* (
* @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {{{invoke.Result}}}
* )
* )
* AND
* (
* (
* !(ActionMatches{{'Microsoft.Authorization/roleAssignments/delete'}})
* )
* OR
* (
* @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {{{invoke1.Result}}}
* )
* )
* ";
* }),
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi-std/sdk/go/std"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* primary, err := core.LookupSubscription(ctx, nil, nil)
* if err != nil {
* return err
* }
* example, err := core.GetClientConfig(ctx, nil, nil)
* if err != nil {
* return err
* }
* builtin, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
* Name: pulumi.StringRef("Reader"),
* }, nil)
* if err != nil {
* return err
* }
* invokeBasename, err := std.Basename(ctx, &std.BasenameArgs{
* Input: builtin.RoleDefinitionId,
* }, nil)
* if err != nil {
* return err
* }
* invokeBasename1, err := std.Basename(ctx, &std.BasenameArgs{
* Input: builtin.RoleDefinitionId,
* }, nil)
* if err != nil {
* return err
* }
* _, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
* RoleDefinitionName: pulumi.String("Role Based Access Control Administrator"),
* Scope: pulumi.String(primary.Id),
* PrincipalId: pulumi.String(example.ObjectId),
* PrincipalType: pulumi.String("ServicePrincipal"),
* Description: pulumi.String("Role Based Access Control Administrator role assignment with ABAC Condition."),
* ConditionVersion: pulumi.String("2.0"),
* Condition: pulumi.Sprintf(`(
* (
* !(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})
* )
* OR
* (
* @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {%v}
* )
* )
* AND
* (
* (
* !(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})
* )
* OR
* (
* @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {%v}
* )
* )
* `, invokeBasename.Result, invokeBasename1.Result),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.CoreFunctions;
* import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
* import com.pulumi.azure.authorization.AuthorizationFunctions;
* import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
* import com.pulumi.azure.authorization.Assignment;
* import com.pulumi.azure.authorization.AssignmentArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var primary = CoreFunctions.getSubscription();
* final var example = CoreFunctions.getClientConfig();
* final var builtin = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
* .name("Reader")
* .build());
* var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
* .roleDefinitionName("Role Based Access Control Administrator")
* .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
* .principalId(example.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
* .principalType("ServicePrincipal")
* .description("Role Based Access Control Administrator role assignment with ABAC Condition.")
* .conditionVersion("2.0")
* .condition("""
* (
* (
* !(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})
* )
* OR
* (
* @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {%s}
* )
* )
* AND
* (
* (
* !(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})
* )
* OR
* (
* @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {%s}
* )
* )
* ", StdFunctions.basename(BasenameArgs.builder()
* .input(builtin.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.roleDefinitionId()))
* .build()).result(),StdFunctions.basename(BasenameArgs.builder()
* .input(builtin.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.roleDefinitionId()))
* .build()).result()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* exampleAssignment:
* type: azure:authorization:Assignment
* name: example
* properties:
* roleDefinitionName: Role Based Access Control Administrator
* scope: ${primary.id}
* principalId: ${example.objectId}
* principalType: ServicePrincipal
* description: Role Based Access Control Administrator role assignment with ABAC Condition.
* conditionVersion: '2.0'
* condition:
* fn::join:
* -
* - - |-
* (
* (
* !(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})
* )
* OR
* (
* @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
* - fn::invoke:
* Function: std:basename
* Arguments:
* input: ${builtin.roleDefinitionId}
* Return: result
* - |-
* }
* )
* )
* AND
* (
* (
* !(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})
* )
* OR
* (
* @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
* - fn::invoke:
* Function: std:basename
* Arguments:
* input: ${builtin.roleDefinitionId}
* Return: result
* - |
* }
* )
* )
* variables:
* primary:
* fn::invoke:
* Function: azure:core:getSubscription
* Arguments: {}
* example:
* fn::invoke:
* Function: azure:core:getClientConfig
* Arguments: {}
* builtin:
* fn::invoke:
* Function: azure:authorization:getRoleDefinition
* Arguments:
* name: Reader
* ```
*
* ## Import
* Role Assignments can be imported using the `resource id`, e.g.
* ```sh
* $ pulumi import azure:authorization/assignment:Assignment example /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000
* ```
* * for scope `Subscription`, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000`
* * for scope `Resource Group`, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000`
* * for scope referencing a Key Vault, the id format is `/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.KeyVault/vaults/vaultname/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000`
* text
* /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000|00000000-0000-0000-0000-000000000000
* @property condition The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.
* @property conditionVersion The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.
* @property delegatedManagedIdentityResourceId The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.
* > **NOTE:** this field is only used in cross tenant scenario.
* @property description The description for this Role Assignment. Changing this forces a new resource to be created.
* @property name A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
* @property principalId The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
* > **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications).
* @property principalType The type of the `principal_id`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.
* > **NOTE:** If one of `condition` or `condition_version` is set both fields must be present.
* @property roleDefinitionId The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `role_definition_name`.
* @property roleDefinitionName The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `role_definition_id`.
* @property scope The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
* @property skipServicePrincipalAadCheck If the `principal_id` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principal_id` is a `Service Principal` identity. Defaults to `false`.
* > **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail.
*/
public data class AssignmentArgs(
public val condition: Output? = null,
public val conditionVersion: Output? = null,
public val delegatedManagedIdentityResourceId: Output? = null,
public val description: Output? = null,
public val name: Output? = null,
public val principalId: Output? = null,
public val principalType: Output? = null,
public val roleDefinitionId: Output? = null,
public val roleDefinitionName: Output? = null,
public val scope: Output? = null,
public val skipServicePrincipalAadCheck: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.azure.authorization.AssignmentArgs =
com.pulumi.azure.authorization.AssignmentArgs.builder()
.condition(condition?.applyValue({ args0 -> args0 }))
.conditionVersion(conditionVersion?.applyValue({ args0 -> args0 }))
.delegatedManagedIdentityResourceId(
delegatedManagedIdentityResourceId?.applyValue({ args0 ->
args0
}),
)
.description(description?.applyValue({ args0 -> args0 }))
.name(name?.applyValue({ args0 -> args0 }))
.principalId(principalId?.applyValue({ args0 -> args0 }))
.principalType(principalType?.applyValue({ args0 -> args0 }))
.roleDefinitionId(roleDefinitionId?.applyValue({ args0 -> args0 }))
.roleDefinitionName(roleDefinitionName?.applyValue({ args0 -> args0 }))
.scope(scope?.applyValue({ args0 -> args0 }))
.skipServicePrincipalAadCheck(skipServicePrincipalAadCheck?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [AssignmentArgs].
*/
@PulumiTagMarker
public class AssignmentArgsBuilder internal constructor() {
private var condition: Output? = null
private var conditionVersion: Output? = null
private var delegatedManagedIdentityResourceId: Output? = null
private var description: Output? = null
private var name: Output? = null
private var principalId: Output? = null
private var principalType: Output? = null
private var roleDefinitionId: Output? = null
private var roleDefinitionName: Output? = null
private var scope: Output? = null
private var skipServicePrincipalAadCheck: Output? = null
/**
* @param value The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.
*/
@JvmName("hksedvurgnjusogn")
public suspend fun condition(`value`: Output) {
this.condition = value
}
/**
* @param value The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.
*/
@JvmName("uroonwxdeevrficv")
public suspend fun conditionVersion(`value`: Output) {
this.conditionVersion = value
}
/**
* @param value The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.
* > **NOTE:** this field is only used in cross tenant scenario.
*/
@JvmName("kkotuptvumxaqxfl")
public suspend fun delegatedManagedIdentityResourceId(`value`: Output) {
this.delegatedManagedIdentityResourceId = value
}
/**
* @param value The description for this Role Assignment. Changing this forces a new resource to be created.
*/
@JvmName("eewcqytlfgxyyenp")
public suspend fun description(`value`: Output) {
this.description = value
}
/**
* @param value A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
*/
@JvmName("sdqkgxcunvrhecho")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
* > **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications).
*/
@JvmName("montnfkilblygruq")
public suspend fun principalId(`value`: Output) {
this.principalId = value
}
/**
* @param value The type of the `principal_id`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.
* > **NOTE:** If one of `condition` or `condition_version` is set both fields must be present.
*/
@JvmName("dhepftjbrsefdcyr")
public suspend fun principalType(`value`: Output) {
this.principalType = value
}
/**
* @param value The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `role_definition_name`.
*/
@JvmName("trwebengklxsedrf")
public suspend fun roleDefinitionId(`value`: Output) {
this.roleDefinitionId = value
}
/**
* @param value The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `role_definition_id`.
*/
@JvmName("kxjudqtrgqwukcik")
public suspend fun roleDefinitionName(`value`: Output) {
this.roleDefinitionName = value
}
/**
* @param value The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
*/
@JvmName("fyxdlccmskcforfh")
public suspend fun scope(`value`: Output) {
this.scope = value
}
/**
* @param value If the `principal_id` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principal_id` is a `Service Principal` identity. Defaults to `false`.
* > **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail.
*/
@JvmName("soisuvdvfpgnnmge")
public suspend fun skipServicePrincipalAadCheck(`value`: Output) {
this.skipServicePrincipalAadCheck = value
}
/**
* @param value The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.
*/
@JvmName("hynrvphsnxfpusnj")
public suspend fun condition(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.condition = mapped
}
/**
* @param value The version of the condition. Possible values are `1.0` or `2.0`. Changing this forces a new resource to be created.
*/
@JvmName("whqhnyyeqspeckuf")
public suspend fun conditionVersion(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.conditionVersion = mapped
}
/**
* @param value The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.
* > **NOTE:** this field is only used in cross tenant scenario.
*/
@JvmName("nvaxltpqluejbsos")
public suspend fun delegatedManagedIdentityResourceId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.delegatedManagedIdentityResourceId = mapped
}
/**
* @param value The description for this Role Assignment. Changing this forces a new resource to be created.
*/
@JvmName("jjjtaegkpyobchss")
public suspend fun description(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.description = mapped
}
/**
* @param value A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
*/
@JvmName("jbnrrulbfxuvljgv")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
* > **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications).
*/
@JvmName("pnbdslydrkgmtvbi")
public suspend fun principalId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.principalId = mapped
}
/**
* @param value The type of the `principal_id`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.
* > **NOTE:** If one of `condition` or `condition_version` is set both fields must be present.
*/
@JvmName("vsjyjcoqtxshjynr")
public suspend fun principalType(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.principalType = mapped
}
/**
* @param value The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with `role_definition_name`.
*/
@JvmName("dqqnvqfrssolvgrn")
public suspend fun roleDefinitionId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.roleDefinitionId = mapped
}
/**
* @param value The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with `role_definition_id`.
*/
@JvmName("bpivabwsupkeywmd")
public suspend fun roleDefinitionName(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.roleDefinitionName = mapped
}
/**
* @param value The scope at which the Role Assignment applies to, such as `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333`, `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup`, or `/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM`, or `/providers/Microsoft.Management/managementGroups/myMG`. Changing this forces a new resource to be created.
*/
@JvmName("ekycfuwhuoyhisxd")
public suspend fun scope(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.scope = mapped
}
/**
* @param value If the `principal_id` is a newly provisioned `Service Principal` set this value to `true` to skip the `Azure Active Directory` check which may fail due to replication lag. This argument is only valid if the `principal_id` is a `Service Principal` identity. Defaults to `false`.
* > **NOTE:** If it is not a `Service Principal` identity it will cause the role assignment to fail.
*/
@JvmName("wyyjpabxprpulrlr")
public suspend fun skipServicePrincipalAadCheck(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.skipServicePrincipalAadCheck = mapped
}
internal fun build(): AssignmentArgs = AssignmentArgs(
condition = condition,
conditionVersion = conditionVersion,
delegatedManagedIdentityResourceId = delegatedManagedIdentityResourceId,
description = description,
name = name,
principalId = principalId,
principalType = principalType,
roleDefinitionId = roleDefinitionId,
roleDefinitionName = roleDefinitionName,
scope = scope,
skipServicePrincipalAadCheck = skipServicePrincipalAadCheck,
)
}
