Docs
PackagesAzure Active Directory (Azure AD) v5.52.0 published on Friday, Jun 14, 2024 by Pulumi
azuread.ApplicationAppRole
Explore with Pulumi AI
Azure Active Directory (Azure AD) v5.52.0 published on Friday, Jun 14, 2024 by Pulumi
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
import * as random from "@pulumi/random";
const example = new azuread.ApplicationRegistration("example", {displayName: "example"});
const exampleAdministrator = new random.RandomUuid("example_administrator", {});
const exampleAdminister = new azuread.ApplicationAppRole("example_administer", {
applicationId: example.id,
roleId: exampleAdministrator.id,
allowedMemberTypes: ["User"],
description: "My role description",
displayName: "Administer",
value: "admin",
});
import pulumi
import pulumi_azuread as azuread
import pulumi_random as random
example = azuread.ApplicationRegistration("example", display_name="example")
example_administrator = random.RandomUuid("example_administrator")
example_administer = azuread.ApplicationAppRole("example_administer",
application_id=example.id,
role_id=example_administrator.id,
allowed_member_types=["User"],
description="My role description",
display_name="Administer",
value="admin")
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi-random/sdk/v4/go/random"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := azuread.NewApplicationRegistration(ctx, "example", &azuread.ApplicationRegistrationArgs{
DisplayName: pulumi.String("example"),
})
if err != nil {
return err
}
exampleAdministrator, err := random.NewRandomUuid(ctx, "example_administrator", nil)
if err != nil {
return err
}
_, err = azuread.NewApplicationAppRole(ctx, "example_administer", &azuread.ApplicationAppRoleArgs{
ApplicationId: example.ID(),
RoleId: exampleAdministrator.ID(),
AllowedMemberTypes: pulumi.StringArray{
pulumi.String("User"),
},
Description: pulumi.String("My role description"),
DisplayName: pulumi.String("Administer"),
Value: pulumi.String("admin"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
using Random = Pulumi.Random;
return await Deployment.RunAsync(() =>
{
var example = new AzureAD.ApplicationRegistration("example", new()
{
DisplayName = "example",
});
var exampleAdministrator = new Random.RandomUuid("example_administrator");
var exampleAdminister = new AzureAD.ApplicationAppRole("example_administer", new()
{
ApplicationId = example.Id,
RoleId = exampleAdministrator.Id,
AllowedMemberTypes = new[]
{
"User",
},
Description = "My role description",
DisplayName = "Administer",
Value = "admin",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.ApplicationRegistration;
import com.pulumi.azuread.ApplicationRegistrationArgs;
import com.pulumi.random.RandomUuid;
import com.pulumi.azuread.ApplicationAppRole;
import com.pulumi.azuread.ApplicationAppRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ApplicationRegistration("example", ApplicationRegistrationArgs.builder()
.displayName("example")
.build());
var exampleAdministrator = new RandomUuid("exampleAdministrator");
var exampleAdminister = new ApplicationAppRole("exampleAdminister", ApplicationAppRoleArgs.builder()
.applicationId(example.id())
.roleId(exampleAdministrator.id())
.allowedMemberTypes("User")
.description("My role description")
.displayName("Administer")
.value("admin")
.build());
}
}
resources:
example:
type: azuread:ApplicationRegistration
properties:
displayName: example
exampleAdministrator:
type: random:RandomUuid
name: example_administrator
exampleAdminister:
type: azuread:ApplicationAppRole
name: example_administer
properties:
applicationId: ${example.id}
roleId: ${exampleAdministrator.id}
allowedMemberTypes:
- User
description: My role description
displayName: Administer
value: admin
Tip For managing more app roles, create additional instances of this resource
Usage with azuread.Application resource
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const example = new azuread.Application("example", {displayName: "example"});
const exampleAdminister = new azuread.ApplicationAppRole("example_administer", {applicationId: example.id});
import pulumi
import pulumi_azuread as azuread
example = azuread.Application("example", display_name="example")
example_administer = azuread.ApplicationAppRole("example_administer", application_id=example.id)
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := azuread.NewApplication(ctx, "example", &azuread.ApplicationArgs{
DisplayName: pulumi.String("example"),
})
if err != nil {
return err
}
_, err = azuread.NewApplicationAppRole(ctx, "example_administer", &azuread.ApplicationAppRoleArgs{
ApplicationId: example.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var example = new AzureAD.Application("example", new()
{
DisplayName = "example",
});
var exampleAdminister = new AzureAD.ApplicationAppRole("example_administer", new()
{
ApplicationId = example.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.Application;
import com.pulumi.azuread.ApplicationArgs;
import com.pulumi.azuread.ApplicationAppRole;
import com.pulumi.azuread.ApplicationAppRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Application("example", ApplicationArgs.builder()
.displayName("example")
.build());
var exampleAdminister = new ApplicationAppRole("exampleAdminister", ApplicationAppRoleArgs.builder()
.applicationId(example.id())
.build());
}
}
resources:
example:
type: azuread:Application
properties:
displayName: example
exampleAdminister:
type: azuread:ApplicationAppRole
name: example_administer
properties:
applicationId: ${example.id}
Create ApplicationAppRole Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ApplicationAppRole(name: string, args: ApplicationAppRoleArgs, opts?: CustomResourceOptions);@overload
def ApplicationAppRole(resource_name: str,
args: ApplicationAppRoleInitArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ApplicationAppRole(resource_name: str,
opts: Optional[ResourceOptions] = None,
allowed_member_types: Optional[Sequence[str]] = None,
application_id: Optional[str] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
role_id: Optional[str] = None,
value: Optional[str] = None)func NewApplicationAppRole(ctx *Context, name string, args ApplicationAppRoleArgs, opts ...ResourceOption) (*ApplicationAppRole, error)public ApplicationAppRole(string name, ApplicationAppRoleArgs args, CustomResourceOptions? opts = null)
public ApplicationAppRole(String name, ApplicationAppRoleArgs args)
public ApplicationAppRole(String name, ApplicationAppRoleArgs args, CustomResourceOptions options)
type: azuread:ApplicationAppRole
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ApplicationAppRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ApplicationAppRoleInitArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ApplicationAppRoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ApplicationAppRoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ApplicationAppRoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var applicationAppRoleResource = new AzureAD.ApplicationAppRole("applicationAppRoleResource", new()
{
AllowedMemberTypes = new[]
{
"string",
},
ApplicationId = "string",
Description = "string",
DisplayName = "string",
RoleId = "string",
Value = "string",
});
example, err := azuread.NewApplicationAppRole(ctx, "applicationAppRoleResource", &azuread.ApplicationAppRoleArgs{
AllowedMemberTypes: pulumi.StringArray{
pulumi.String("string"),
},
ApplicationId: pulumi.String("string"),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
RoleId: pulumi.String("string"),
Value: pulumi.String("string"),
})
var applicationAppRoleResource = new ApplicationAppRole("applicationAppRoleResource", ApplicationAppRoleArgs.builder()
.allowedMemberTypes("string")
.applicationId("string")
.description("string")
.displayName("string")
.roleId("string")
.value("string")
.build());
application_app_role_resource = azuread.ApplicationAppRole("applicationAppRoleResource",
allowed_member_types=["string"],
application_id="string",
description="string",
display_name="string",
role_id="string",
value="string")
const applicationAppRoleResource = new azuread.ApplicationAppRole("applicationAppRoleResource", {
allowedMemberTypes: ["string"],
applicationId: "string",
description: "string",
displayName: "string",
roleId: "string",
value: "string",
});
type: azuread:ApplicationAppRole
properties:
allowedMemberTypes:
- string
applicationId: string
description: string
displayName: string
roleId: string
value: string
ApplicationAppRole Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ApplicationAppRole resource accepts the following input properties:
- Allowed
Member List<string>Types - A set of values to specify whether this app role definition can be assigned to users and groups by setting to
User, or to other applications by setting toApplication, or to both. - Application
Id string - The resource ID of the application registration. Changing this forces a new resource to be created.
- Description string
- Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
- Display
Name string - Display name for the app role that appears during app role assignment and in consent experiences.
- Role
Id string - The unique identifier of the app role
- Value string
The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- Allowed
Member []stringTypes - A set of values to specify whether this app role definition can be assigned to users and groups by setting to
User, or to other applications by setting toApplication, or to both. - Application
Id string - The resource ID of the application registration. Changing this forces a new resource to be created.
- Description string
- Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
- Display
Name string - Display name for the app role that appears during app role assignment and in consent experiences.
- Role
Id string - The unique identifier of the app role
- Value string
The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- allowed
Member List<String>Types - A set of values to specify whether this app role definition can be assigned to users and groups by setting to
User, or to other applications by setting toApplication, or to both. - application
Id String - The resource ID of the application registration. Changing this forces a new resource to be created.
- description String
- Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
- display
Name String - Display name for the app role that appears during app role assignment and in consent experiences.
- role
Id String - The unique identifier of the app role
- value String
The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- allowed
Member string[]Types - A set of values to specify whether this app role definition can be assigned to users and groups by setting to
User, or to other applications by setting toApplication, or to both. - application
Id string - The resource ID of the application registration. Changing this forces a new resource to be created.
- description string
- Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
- display
Name string - Display name for the app role that appears during app role assignment and in consent experiences.
- role
Id string - The unique identifier of the app role
- value string
The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- allowed_
member_ Sequence[str]types - A set of values to specify whether this app role definition can be assigned to users and groups by setting to
User, or to other applications by setting toApplication, or to both. - application_
id str - The resource ID of the application registration. Changing this forces a new resource to be created.
- description str
- Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
- display_
name str - Display name for the app role that appears during app role assignment and in consent experiences.
- role_
id str - The unique identifier of the app role
- value str
The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- allowed
Member List<String>Types - A set of values to specify whether this app role definition can be assigned to users and groups by setting to
User, or to other applications by setting toApplication, or to both. - application
Id String - The resource ID of the application registration. Changing this forces a new resource to be created.
- description String
- Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
- display
Name String - Display name for the app role that appears during app role assignment and in consent experiences.
- role
Id String - The unique identifier of the app role
- value String
The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
Outputs
All input properties are implicitly available as output properties. Additionally, the ApplicationAppRole resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ApplicationAppRole Resource
Get an existing ApplicationAppRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ApplicationAppRoleState, opts?: CustomResourceOptions): ApplicationAppRole@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allowed_member_types: Optional[Sequence[str]] = None,
application_id: Optional[str] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
role_id: Optional[str] = None,
value: Optional[str] = None) -> ApplicationAppRolefunc GetApplicationAppRole(ctx *Context, name string, id IDInput, state *ApplicationAppRoleState, opts ...ResourceOption) (*ApplicationAppRole, error)public static ApplicationAppRole Get(string name, Input<string> id, ApplicationAppRoleState? state, CustomResourceOptions? opts = null)public static ApplicationAppRole get(String name, Output<String> id, ApplicationAppRoleState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allowed
Member List<string>Types - A set of values to specify whether this app role definition can be assigned to users and groups by setting to
User, or to other applications by setting toApplication, or to both. - Application
Id string - The resource ID of the application registration. Changing this forces a new resource to be created.
- Description string
- Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
- Display
Name string - Display name for the app role that appears during app role assignment and in consent experiences.
- Role
Id string - The unique identifier of the app role
- Value string
The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- Allowed
Member []stringTypes - A set of values to specify whether this app role definition can be assigned to users and groups by setting to
User, or to other applications by setting toApplication, or to both. - Application
Id string - The resource ID of the application registration. Changing this forces a new resource to be created.
- Description string
- Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
- Display
Name string - Display name for the app role that appears during app role assignment and in consent experiences.
- Role
Id string - The unique identifier of the app role
- Value string
The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- allowed
Member List<String>Types - A set of values to specify whether this app role definition can be assigned to users and groups by setting to
User, or to other applications by setting toApplication, or to both. - application
Id String - The resource ID of the application registration. Changing this forces a new resource to be created.
- description String
- Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
- display
Name String - Display name for the app role that appears during app role assignment and in consent experiences.
- role
Id String - The unique identifier of the app role
- value String
The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- allowed
Member string[]Types - A set of values to specify whether this app role definition can be assigned to users and groups by setting to
User, or to other applications by setting toApplication, or to both. - application
Id string - The resource ID of the application registration. Changing this forces a new resource to be created.
- description string
- Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
- display
Name string - Display name for the app role that appears during app role assignment and in consent experiences.
- role
Id string - The unique identifier of the app role
- value string
The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- allowed_
member_ Sequence[str]types - A set of values to specify whether this app role definition can be assigned to users and groups by setting to
User, or to other applications by setting toApplication, or to both. - application_
id str - The resource ID of the application registration. Changing this forces a new resource to be created.
- description str
- Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
- display_
name str - Display name for the app role that appears during app role assignment and in consent experiences.
- role_
id str - The unique identifier of the app role
- value str
The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- allowed
Member List<String>Types - A set of values to specify whether this app role definition can be assigned to users and groups by setting to
User, or to other applications by setting toApplication, or to both. - application
Id String - The resource ID of the application registration. Changing this forces a new resource to be created.
- description String
- Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
- display
Name String - Display name for the app role that appears during app role assignment and in consent experiences.
- role
Id String - The unique identifier of the app role
- value String
The value that is used for the
rolesclaim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
Import
Application App Roles can be imported using the object ID of the application and the ID of the app role, in the following format.
$ pulumi import azuread:index/applicationAppRole:ApplicationAppRole example /applications/00000000-0000-0000-0000-000000000000/appRoles/11111111-1111-1111-1111-111111111111
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Active Directory (Azure AD) pulumi/pulumi-azuread
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azureadTerraform Provider.
Azure Active Directory (Azure AD) v5.52.0 published on Friday, Jun 14, 2024 by Pulumi