-
Notifications
You must be signed in to change notification settings - Fork 8
/
servicePrincipal.ts
183 lines (174 loc) · 8.02 KB
/
servicePrincipal.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "./types/input";
import * as outputs from "./types/output";
import * as utilities from "./utilities";
/**
* Manages a Service Principal associated with an Application within Azure Active Directory.
*
* > **NOTE:** If you're authenticating using a Service Principal then it must have permissions to both `Read and write all applications` and `Sign in and read user profile` within the `Windows Azure Active Directory` API. Please see The Granting a Service Principal permission to manage AAD for the required steps.
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azuread from "@pulumi/azuread";
*
* const exampleApplication = new azuread.Application("example", {
* availableToOtherTenants: false,
* homepage: "http://homepage",
* identifierUris: ["http://uri"],
* oauth2AllowImplicitFlow: true,
* replyUrls: ["http://replyurl"],
* });
* const exampleServicePrincipal = new azuread.ServicePrincipal("example", {
* appRoleAssignmentRequired: false,
* applicationId: exampleApplication.applicationId,
* tags: [
* "example",
* "tags",
* "here",
* ],
* });
* ```
*
* > This content is derived from https://github.com/terraform-providers/terraform-provider-azuread/blob/master/website/docs/r/service_principal.html.markdown.
*/
export class ServicePrincipal extends pulumi.CustomResource {
/**
* Get an existing ServicePrincipal resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
*/
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServicePrincipalState, opts?: pulumi.CustomResourceOptions): ServicePrincipal {
return new ServicePrincipal(name, <any>state, { ...opts, id: id });
}
/** @internal */
public static readonly __pulumiType = 'azuread:index/servicePrincipal:ServicePrincipal';
/**
* Returns true if the given object is an instance of ServicePrincipal. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
public static isInstance(obj: any): obj is ServicePrincipal {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === ServicePrincipal.__pulumiType;
}
/**
* Does this Service Principal require an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application? Defaults to `false`.
*/
public readonly appRoleAssignmentRequired!: pulumi.Output<boolean | undefined>;
/**
* The ID of the Azure AD Application for which to create a Service Principal.
*/
public readonly applicationId!: pulumi.Output<string>;
/**
* The Display Name of the Azure Active Directory Application associated with this Service Principal.
*/
public /*out*/ readonly displayName!: pulumi.Output<string>;
/**
* A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a `oauth2Permission` block as documented below.
*/
public readonly oauth2Permissions!: pulumi.Output<outputs.ServicePrincipalOauth2Permission[]>;
/**
* The Service Principal's Object ID.
*/
public /*out*/ readonly objectId!: pulumi.Output<string>;
/**
* A list of tags to apply to the Service Principal.
*/
public readonly tags!: pulumi.Output<string[] | undefined>;
/**
* Create a ServicePrincipal resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: ServicePrincipalArgs, opts?: pulumi.CustomResourceOptions)
constructor(name: string, argsOrState?: ServicePrincipalArgs | ServicePrincipalState, opts?: pulumi.CustomResourceOptions) {
let inputs: pulumi.Inputs = {};
if (opts && opts.id) {
const state = argsOrState as ServicePrincipalState | undefined;
inputs["appRoleAssignmentRequired"] = state ? state.appRoleAssignmentRequired : undefined;
inputs["applicationId"] = state ? state.applicationId : undefined;
inputs["displayName"] = state ? state.displayName : undefined;
inputs["oauth2Permissions"] = state ? state.oauth2Permissions : undefined;
inputs["objectId"] = state ? state.objectId : undefined;
inputs["tags"] = state ? state.tags : undefined;
} else {
const args = argsOrState as ServicePrincipalArgs | undefined;
if (!args || args.applicationId === undefined) {
throw new Error("Missing required property 'applicationId'");
}
inputs["appRoleAssignmentRequired"] = args ? args.appRoleAssignmentRequired : undefined;
inputs["applicationId"] = args ? args.applicationId : undefined;
inputs["oauth2Permissions"] = args ? args.oauth2Permissions : undefined;
inputs["tags"] = args ? args.tags : undefined;
inputs["displayName"] = undefined /*out*/;
inputs["objectId"] = undefined /*out*/;
}
if (!opts) {
opts = {}
}
if (!opts.version) {
opts.version = utilities.getVersion();
}
super(ServicePrincipal.__pulumiType, name, inputs, opts);
}
}
/**
* Input properties used for looking up and filtering ServicePrincipal resources.
*/
export interface ServicePrincipalState {
/**
* Does this Service Principal require an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application? Defaults to `false`.
*/
readonly appRoleAssignmentRequired?: pulumi.Input<boolean>;
/**
* The ID of the Azure AD Application for which to create a Service Principal.
*/
readonly applicationId?: pulumi.Input<string>;
/**
* The Display Name of the Azure Active Directory Application associated with this Service Principal.
*/
readonly displayName?: pulumi.Input<string>;
/**
* A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a `oauth2Permission` block as documented below.
*/
readonly oauth2Permissions?: pulumi.Input<pulumi.Input<inputs.ServicePrincipalOauth2Permission>[]>;
/**
* The Service Principal's Object ID.
*/
readonly objectId?: pulumi.Input<string>;
/**
* A list of tags to apply to the Service Principal.
*/
readonly tags?: pulumi.Input<pulumi.Input<string>[]>;
}
/**
* The set of arguments for constructing a ServicePrincipal resource.
*/
export interface ServicePrincipalArgs {
/**
* Does this Service Principal require an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application? Defaults to `false`.
*/
readonly appRoleAssignmentRequired?: pulumi.Input<boolean>;
/**
* The ID of the Azure AD Application for which to create a Service Principal.
*/
readonly applicationId: pulumi.Input<string>;
/**
* A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a `oauth2Permission` block as documented below.
*/
readonly oauth2Permissions?: pulumi.Input<pulumi.Input<inputs.ServicePrincipalOauth2Permission>[]>;
/**
* A list of tags to apply to the Service Principal.
*/
readonly tags?: pulumi.Input<pulumi.Input<string>[]>;
}