From 71f27706bf3a58ecbda3fbeadfeb2bb2bfc21f31 Mon Sep 17 00:00:00 2001 From: Thomas Kappler Date: Wed, 9 Nov 2022 13:32:38 -0800 Subject: [PATCH] Upgrade terraform-provider-azuread to v2.30.0 (#318) --- .../cmd/pulumi-resource-azuread/schema.json | 206 +++++++++- provider/go.mod | 6 +- provider/go.sum | 9 +- provider/resources.go | 2 + provider/shim/go.mod | 2 +- provider/shim/go.sum | 4 +- sdk/dotnet/AppRoleAssignment.cs | 41 +- .../Inputs/SynchronizationJobScheduleArgs.cs | 38 ++ .../SynchronizationJobScheduleGetArgs.cs | 38 ++ .../SynchronizationSecretCredentialArgs.cs | 32 ++ .../SynchronizationSecretCredentialGetArgs.cs | 32 ++ .../Outputs/SynchronizationJobSchedule.cs | 42 ++ .../SynchronizationSecretCredential.cs | 35 ++ sdk/dotnet/SynchronizationJob.cs | 229 +++++++++++ sdk/dotnet/SynchronizationSecret.cs | 192 +++++++++ sdk/go/azuread/appRoleAssignment.go | 59 ++- sdk/go/azuread/init.go | 14 + sdk/go/azuread/pulumiTypes.go | 229 +++++++++++ sdk/go/azuread/synchronizationJob.go | 351 ++++++++++++++++ sdk/go/azuread/synchronizationSecret.go | 306 ++++++++++++++ .../com/pulumi/azuread/AppRoleAssignment.java | 55 ++- .../pulumi/azuread/AppRoleAssignmentArgs.java | 8 +- .../pulumi/azuread/SynchronizationJob.java | 222 +++++++++++ .../azuread/SynchronizationJobArgs.java | 160 ++++++++ .../pulumi/azuread/SynchronizationSecret.java | 179 +++++++++ .../azuread/SynchronizationSecretArgs.java | 133 ++++++ .../inputs/AppRoleAssignmentState.java | 8 +- .../SynchronizationJobScheduleArgs.java | 157 ++++++++ .../inputs/SynchronizationJobState.java | 207 ++++++++++ .../SynchronizationSecretCredentialArgs.java | 120 ++++++ .../inputs/SynchronizationSecretState.java | 132 ++++++ .../outputs/SynchronizationJobSchedule.java | 96 +++++ .../SynchronizationSecretCredential.java | 74 ++++ sdk/nodejs/appRoleAssignment.ts | 25 +- sdk/nodejs/index.ts | 10 + sdk/nodejs/synchronizationJob.ts | 188 +++++++++ sdk/nodejs/synchronizationSecret.ts | 150 +++++++ sdk/nodejs/tsconfig.json | 2 + sdk/nodejs/types/input.ts | 26 ++ sdk/nodejs/types/output.ts | 26 ++ sdk/python/pulumi_azuread/__init__.py | 18 + sdk/python/pulumi_azuread/_inputs.py | 94 +++++ .../pulumi_azuread/app_role_assignment.py | 14 +- sdk/python/pulumi_azuread/outputs.py | 74 ++++ .../pulumi_azuread/synchronization_job.py | 377 ++++++++++++++++++ .../pulumi_azuread/synchronization_secret.py | 281 +++++++++++++ 46 files changed, 4656 insertions(+), 47 deletions(-) create mode 100644 sdk/dotnet/Inputs/SynchronizationJobScheduleArgs.cs create mode 100644 sdk/dotnet/Inputs/SynchronizationJobScheduleGetArgs.cs create mode 100644 sdk/dotnet/Inputs/SynchronizationSecretCredentialArgs.cs create mode 100644 sdk/dotnet/Inputs/SynchronizationSecretCredentialGetArgs.cs create mode 100644 sdk/dotnet/Outputs/SynchronizationJobSchedule.cs create mode 100644 sdk/dotnet/Outputs/SynchronizationSecretCredential.cs create mode 100644 sdk/dotnet/SynchronizationJob.cs create mode 100644 sdk/dotnet/SynchronizationSecret.cs create mode 100644 sdk/go/azuread/synchronizationJob.go create mode 100644 sdk/go/azuread/synchronizationSecret.go create mode 100644 sdk/java/src/main/java/com/pulumi/azuread/SynchronizationJob.java create mode 100644 sdk/java/src/main/java/com/pulumi/azuread/SynchronizationJobArgs.java create mode 100644 sdk/java/src/main/java/com/pulumi/azuread/SynchronizationSecret.java create mode 100644 sdk/java/src/main/java/com/pulumi/azuread/SynchronizationSecretArgs.java create mode 100644 sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobScheduleArgs.java create mode 100644 sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobState.java create mode 100644 sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationSecretCredentialArgs.java create mode 100644 sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationSecretState.java create mode 100644 sdk/java/src/main/java/com/pulumi/azuread/outputs/SynchronizationJobSchedule.java create mode 100644 sdk/java/src/main/java/com/pulumi/azuread/outputs/SynchronizationSecretCredential.java create mode 100644 sdk/nodejs/synchronizationJob.ts create mode 100644 sdk/nodejs/synchronizationSecret.ts create mode 100644 sdk/python/pulumi_azuread/synchronization_job.py create mode 100644 sdk/python/pulumi_azuread/synchronization_secret.py diff --git a/provider/cmd/pulumi-resource-azuread/schema.json b/provider/cmd/pulumi-resource-azuread/schema.json index 93348e5e8..47cbbadbb 100644 --- a/provider/cmd/pulumi-resource-azuread/schema.json +++ b/provider/cmd/pulumi-resource-azuread/schema.json @@ -1531,6 +1531,74 @@ }, "type": "object" }, + "azuread:index/SynchronizationJobSchedule:SynchronizationJobSchedule": { + "properties": { + "expiration": { + "type": "string", + "description": "Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "string", + "description": "The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "state": { + "type": "string", + "description": "State of the job.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "expiration", + "interval", + "state" + ] + } + } + }, + "azuread:index/SynchronizationSecretCredential:SynchronizationSecretCredential": { + "properties": { + "key": { + "type": "string", + "description": "The key of the secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the secret.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key", + "value" + ] + }, "azuread:index/getApplicationApi:getApplicationApi": { "properties": { "knownClientApplications": { @@ -3169,11 +3237,11 @@ } }, "azuread:index/appRoleAssignment:AppRoleAssignment": { - "description": "Manages an app role assignment for a group, user or service principal. Can be used to grant admin consent for application permissions.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `AppRoleAssignment.ReadWrite.All` and `Application.Read.All`, or `AppRoleAssignment.ReadWrite.All` and `Directory.Read.All`, or `Application.ReadWrite.All`, or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n*App role assignment for accessing Microsoft Graph*\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst wellKnown = azuread.getApplicationPublishedAppIds({});\nconst msgraph = new azuread.ServicePrincipal(\"msgraph\", {\n applicationId: wellKnown.then(wellKnown =\u003e wellKnown.result?.MicrosoftGraph),\n useExisting: true,\n});\nconst exampleApplication = new azuread.Application(\"exampleApplication\", {\n displayName: \"example\",\n requiredResourceAccesses: [{\n resourceAppId: wellKnown.then(wellKnown =\u003e wellKnown.result?.MicrosoftGraph),\n resourceAccesses: [\n {\n id: msgraph.appRoleIds[\"User.Read.All\"],\n type: \"Role\",\n },\n {\n id: msgraph.oauth2PermissionScopeIds[\"User.ReadWrite\"],\n type: \"Scope\",\n },\n ],\n }],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"exampleServicePrincipal\", {applicationId: exampleApplication.applicationId});\nconst exampleAppRoleAssignment = new azuread.AppRoleAssignment(\"exampleAppRoleAssignment\", {\n appRoleId: msgraph.appRoleIds[\"User.Read.All\"],\n principalObjectId: exampleServicePrincipal.objectId,\n resourceObjectId: msgraph.objectId,\n});\n```\n```csharp\nusing System.Collections.Generic;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var wellKnown = AzureAD.GetApplicationPublishedAppIds.Invoke();\n\n var msgraph = new AzureAD.ServicePrincipal(\"msgraph\", new()\n {\n ApplicationId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n UseExisting = true,\n });\n\n var exampleApplication = new AzureAD.Application(\"exampleApplication\", new()\n {\n DisplayName = \"example\",\n RequiredResourceAccesses = new[]\n {\n new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs\n {\n ResourceAppId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n ResourceAccesses = new[]\n {\n new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n {\n Id = msgraph.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.User_Read_All),\n Type = \"Role\",\n },\n new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n {\n Id = msgraph.Oauth2PermissionScopeIds.Apply(oauth2PermissionScopeIds =\u003e oauth2PermissionScopeIds.User_ReadWrite),\n Type = \"Scope\",\n },\n },\n },\n },\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"exampleServicePrincipal\", new()\n {\n ApplicationId = exampleApplication.ApplicationId,\n });\n\n var exampleAppRoleAssignment = new AzureAD.AppRoleAssignment(\"exampleAppRoleAssignment\", new()\n {\n AppRoleId = msgraph.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.User_Read_All),\n PrincipalObjectId = exampleServicePrincipal.ObjectId,\n ResourceObjectId = msgraph.ObjectId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twellKnown, err := azuread.GetApplicationPublishedAppIds(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmsgraph, err := azuread.NewServicePrincipal(ctx, \"msgraph\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tApplicationId: pulumi.String(wellKnown.Result.MicrosoftGraph),\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplication, err := azuread.NewApplication(ctx, \"exampleApplication\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tRequiredResourceAccesses: ApplicationRequiredResourceAccessArray{\n\t\t\t\t\u0026ApplicationRequiredResourceAccessArgs{\n\t\t\t\t\tResourceAppId: pulumi.String(wellKnown.Result.MicrosoftGraph),\n\t\t\t\t\tResourceAccesses: ApplicationRequiredResourceAccessResourceAccessArray{\n\t\t\t\t\t\t\u0026ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: msgraph.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn appRoleIds.User.Read.All, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Role\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: msgraph.Oauth2PermissionScopeIds.ApplyT(func(oauth2PermissionScopeIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn oauth2PermissionScopeIds.User.ReadWrite, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Scope\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"exampleServicePrincipal\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tApplicationId: exampleApplication.ApplicationId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAppRoleAssignment(ctx, \"exampleAppRoleAssignment\", \u0026azuread.AppRoleAssignmentArgs{\n\t\t\tAppRoleId: msgraph.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\treturn appRoleIds.User.Read.All, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tPrincipalObjectId: exampleServicePrincipal.ObjectId,\n\t\t\tResourceObjectId: msgraph.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;\nimport com.pulumi.azuread.AppRoleAssignment;\nimport com.pulumi.azuread.AppRoleAssignmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var wellKnown = AzureadFunctions.getApplicationPublishedAppIds();\n\n var msgraph = new ServicePrincipal(\"msgraph\", ServicePrincipalArgs.builder() \n .applicationId(wellKnown.applyValue(getApplicationPublishedAppIdsResult -\u003e getApplicationPublishedAppIdsResult.result().MicrosoftGraph()))\n .useExisting(true)\n .build());\n\n var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder() \n .displayName(\"example\")\n .requiredResourceAccesses(ApplicationRequiredResourceAccessArgs.builder()\n .resourceAppId(wellKnown.applyValue(getApplicationPublishedAppIdsResult -\u003e getApplicationPublishedAppIdsResult.result().MicrosoftGraph()))\n .resourceAccesses( \n ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n .id(msgraph.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.User.Read.All()))\n .type(\"Role\")\n .build(),\n ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n .id(msgraph.oauth2PermissionScopeIds().applyValue(oauth2PermissionScopeIds -\u003e oauth2PermissionScopeIds.User.ReadWrite()))\n .type(\"Scope\")\n .build())\n .build())\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder() \n .applicationId(exampleApplication.applicationId())\n .build());\n\n var exampleAppRoleAssignment = new AppRoleAssignment(\"exampleAppRoleAssignment\", AppRoleAssignmentArgs.builder() \n .appRoleId(msgraph.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.User.Read.All()))\n .principalObjectId(exampleServicePrincipal.objectId())\n .resourceObjectId(msgraph.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n msgraph:\n type: azuread:ServicePrincipal\n properties:\n applicationId: ${wellKnown.result.MicrosoftGraph}\n useExisting: true\n exampleApplication:\n type: azuread:Application\n properties:\n displayName: example\n requiredResourceAccesses:\n - resourceAppId: ${wellKnown.result.MicrosoftGraph}\n resourceAccesses:\n - id: ${msgraph.appRoleIds\"User.Read.All\"[%!s(MISSING)]}\n type: Role\n - id: ${msgraph.oauth2PermissionScopeIds\"User.ReadWrite\"[%!s(MISSING)]}\n type: Scope\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n properties:\n applicationId: ${exampleApplication.applicationId}\n exampleAppRoleAssignment:\n type: azuread:AppRoleAssignment\n properties:\n appRoleId: ${msgraph.appRoleIds\"User.Read.All\"[%!s(MISSING)]}\n principalObjectId: ${exampleServicePrincipal.objectId}\n resourceObjectId: ${msgraph.objectId}\nvariables:\n wellKnown:\n Fn::Invoke:\n Function: azuread:getApplicationPublishedAppIds\n Arguments: {}\n```\n\n*App role assignment for internal application*\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst internalApplication = new azuread.Application(\"internalApplication\", {\n displayName: \"internal\",\n appRoles: [{\n allowedMemberTypes: [\"Application\"],\n description: \"Apps can query the database\",\n displayName: \"Query\",\n enabled: true,\n id: \"00000000-0000-0000-0000-111111111111\",\n value: \"Query.All\",\n }],\n});\nconst internalServicePrincipal = new azuread.ServicePrincipal(\"internalServicePrincipal\", {applicationId: internalApplication.applicationId});\nconst exampleApplication = new azuread.Application(\"exampleApplication\", {\n displayName: \"example\",\n requiredResourceAccesses: [{\n resourceAppId: internalApplication.applicationId,\n resourceAccesses: [{\n id: internalServicePrincipal.appRoleIds[\"Query.All\"],\n type: \"Role\",\n }],\n }],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"exampleServicePrincipal\", {applicationId: exampleApplication.applicationId});\nconst exampleAppRoleAssignment = new azuread.AppRoleAssignment(\"exampleAppRoleAssignment\", {\n appRoleId: internalServicePrincipal.appRoleIds[\"Query.All\"],\n principalObjectId: exampleServicePrincipal.objectId,\n resourceObjectId: internalServicePrincipal.objectId,\n});\n```\n```csharp\nusing System.Collections.Generic;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var internalApplication = new AzureAD.Application(\"internalApplication\", new()\n {\n DisplayName = \"internal\",\n AppRoles = new[]\n {\n new AzureAD.Inputs.ApplicationAppRoleArgs\n {\n AllowedMemberTypes = new[]\n {\n \"Application\",\n },\n Description = \"Apps can query the database\",\n DisplayName = \"Query\",\n Enabled = true,\n Id = \"00000000-0000-0000-0000-111111111111\",\n Value = \"Query.All\",\n },\n },\n });\n\n var internalServicePrincipal = new AzureAD.ServicePrincipal(\"internalServicePrincipal\", new()\n {\n ApplicationId = internalApplication.ApplicationId,\n });\n\n var exampleApplication = new AzureAD.Application(\"exampleApplication\", new()\n {\n DisplayName = \"example\",\n RequiredResourceAccesses = new[]\n {\n new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs\n {\n ResourceAppId = internalApplication.ApplicationId,\n ResourceAccesses = new[]\n {\n new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n {\n Id = internalServicePrincipal.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.Query_All),\n Type = \"Role\",\n },\n },\n },\n },\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"exampleServicePrincipal\", new()\n {\n ApplicationId = exampleApplication.ApplicationId,\n });\n\n var exampleAppRoleAssignment = new AzureAD.AppRoleAssignment(\"exampleAppRoleAssignment\", new()\n {\n AppRoleId = internalServicePrincipal.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.Query_All),\n PrincipalObjectId = exampleServicePrincipal.ObjectId,\n ResourceObjectId = internalServicePrincipal.ObjectId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinternalApplication, err := azuread.NewApplication(ctx, \"internalApplication\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"internal\"),\n\t\t\tAppRoles: ApplicationAppRoleArray{\n\t\t\t\t\u0026ApplicationAppRoleArgs{\n\t\t\t\t\tAllowedMemberTypes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"Application\"),\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"Apps can query the database\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"Query\"),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tId: pulumi.String(\"00000000-0000-0000-0000-111111111111\"),\n\t\t\t\t\tValue: pulumi.String(\"Query.All\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternalServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"internalServicePrincipal\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tApplicationId: internalApplication.ApplicationId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplication, err := azuread.NewApplication(ctx, \"exampleApplication\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tRequiredResourceAccesses: ApplicationRequiredResourceAccessArray{\n\t\t\t\t\u0026ApplicationRequiredResourceAccessArgs{\n\t\t\t\t\tResourceAppId: internalApplication.ApplicationId,\n\t\t\t\t\tResourceAccesses: ApplicationRequiredResourceAccessResourceAccessArray{\n\t\t\t\t\t\t\u0026ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: internalServicePrincipal.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn appRoleIds.Query.All, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Role\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"exampleServicePrincipal\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tApplicationId: exampleApplication.ApplicationId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAppRoleAssignment(ctx, \"exampleAppRoleAssignment\", \u0026azuread.AppRoleAssignmentArgs{\n\t\t\tAppRoleId: internalServicePrincipal.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\treturn appRoleIds.Query.All, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tPrincipalObjectId: exampleServicePrincipal.ObjectId,\n\t\t\tResourceObjectId: internalServicePrincipal.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationAppRoleArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;\nimport com.pulumi.azuread.AppRoleAssignment;\nimport com.pulumi.azuread.AppRoleAssignmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var internalApplication = new Application(\"internalApplication\", ApplicationArgs.builder() \n .displayName(\"internal\")\n .appRoles(ApplicationAppRoleArgs.builder()\n .allowedMemberTypes(\"Application\")\n .description(\"Apps can query the database\")\n .displayName(\"Query\")\n .enabled(true)\n .id(\"00000000-0000-0000-0000-111111111111\")\n .value(\"Query.All\")\n .build())\n .build());\n\n var internalServicePrincipal = new ServicePrincipal(\"internalServicePrincipal\", ServicePrincipalArgs.builder() \n .applicationId(internalApplication.applicationId())\n .build());\n\n var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder() \n .displayName(\"example\")\n .requiredResourceAccesses(ApplicationRequiredResourceAccessArgs.builder()\n .resourceAppId(internalApplication.applicationId())\n .resourceAccesses(ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n .id(internalServicePrincipal.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.Query.All()))\n .type(\"Role\")\n .build())\n .build())\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder() \n .applicationId(exampleApplication.applicationId())\n .build());\n\n var exampleAppRoleAssignment = new AppRoleAssignment(\"exampleAppRoleAssignment\", AppRoleAssignmentArgs.builder() \n .appRoleId(internalServicePrincipal.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.Query.All()))\n .principalObjectId(exampleServicePrincipal.objectId())\n .resourceObjectId(internalServicePrincipal.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n internalApplication:\n type: azuread:Application\n properties:\n displayName: internal\n appRoles:\n - allowedMemberTypes:\n - Application\n description: Apps can query the database\n displayName: Query\n enabled: true\n id: 00000000-0000-0000-0000-111111111111\n value: Query.All\n internalServicePrincipal:\n type: azuread:ServicePrincipal\n properties:\n applicationId: ${internalApplication.applicationId}\n exampleApplication:\n type: azuread:Application\n properties:\n displayName: example\n requiredResourceAccesses:\n - resourceAppId: ${internalApplication.applicationId}\n resourceAccesses:\n - id: ${internalServicePrincipal.appRoleIds\"Query.All\"[%!s(MISSING)]}\n type: Role\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n properties:\n applicationId: ${exampleApplication.applicationId}\n exampleAppRoleAssignment:\n type: azuread:AppRoleAssignment\n properties:\n appRoleId: ${internalServicePrincipal.appRoleIds\"Query.All\"[%!s(MISSING)]}\n principalObjectId: ${exampleServicePrincipal.objectId}\n resourceObjectId: ${internalServicePrincipal.objectId}\n```\n\n*Assign a user and group to an internal application*\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst exampleDomains = azuread.getDomains({\n onlyInitial: true,\n});\nconst internalApplication = new azuread.Application(\"internalApplication\", {\n displayName: \"internal\",\n appRoles: [{\n allowedMemberTypes: [\n \"Application\",\n \"User\",\n ],\n description: \"Admins can perform all task actions\",\n displayName: \"Admin\",\n enabled: true,\n id: \"00000000-0000-0000-0000-222222222222\",\n value: \"Admin.All\",\n }],\n});\nconst internalServicePrincipal = new azuread.ServicePrincipal(\"internalServicePrincipal\", {applicationId: internalApplication.applicationId});\nconst exampleGroup = new azuread.Group(\"exampleGroup\", {\n displayName: \"example\",\n securityEnabled: true,\n});\nconst exampleAppRoleAssignment = new azuread.AppRoleAssignment(\"exampleAppRoleAssignment\", {\n appRoleId: internalServicePrincipal.appRoleIds[\"Admin.All\"],\n principalObjectId: exampleGroup.objectId,\n resourceObjectId: internalServicePrincipal.objectId,\n});\nconst exampleUser = new azuread.User(\"exampleUser\", {\n displayName: \"D. Duck\",\n password: \"SecretP@sswd99!\",\n userPrincipalName: exampleDomains.then(exampleDomains =\u003e `d.duck@${exampleDomains.domains?[0]?.domainName}`),\n});\nconst exampleIndex_appRoleAssignmentAppRoleAssignment = new azuread.AppRoleAssignment(\"exampleIndex/appRoleAssignmentAppRoleAssignment\", {\n appRoleId: internalServicePrincipal.appRoleIds[\"Admin.All\"],\n principalObjectId: exampleUser.objectId,\n resourceObjectId: internalServicePrincipal.objectId,\n});\n```\n```csharp\nusing System.Collections.Generic;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleDomains = AzureAD.GetDomains.Invoke(new()\n {\n OnlyInitial = true,\n });\n\n var internalApplication = new AzureAD.Application(\"internalApplication\", new()\n {\n DisplayName = \"internal\",\n AppRoles = new[]\n {\n new AzureAD.Inputs.ApplicationAppRoleArgs\n {\n AllowedMemberTypes = new[]\n {\n \"Application\",\n \"User\",\n },\n Description = \"Admins can perform all task actions\",\n DisplayName = \"Admin\",\n Enabled = true,\n Id = \"00000000-0000-0000-0000-222222222222\",\n Value = \"Admin.All\",\n },\n },\n });\n\n var internalServicePrincipal = new AzureAD.ServicePrincipal(\"internalServicePrincipal\", new()\n {\n ApplicationId = internalApplication.ApplicationId,\n });\n\n var exampleGroup = new AzureAD.Group(\"exampleGroup\", new()\n {\n DisplayName = \"example\",\n SecurityEnabled = true,\n });\n\n var exampleAppRoleAssignment = new AzureAD.AppRoleAssignment(\"exampleAppRoleAssignment\", new()\n {\n AppRoleId = internalServicePrincipal.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.Admin_All),\n PrincipalObjectId = exampleGroup.ObjectId,\n ResourceObjectId = internalServicePrincipal.ObjectId,\n });\n\n var exampleUser = new AzureAD.User(\"exampleUser\", new()\n {\n DisplayName = \"D. Duck\",\n Password = \"SecretP@sswd99!\",\n UserPrincipalName = $\"d.duck@{exampleDomains.Apply(getDomainsResult =\u003e getDomainsResult.Domains[0]?.DomainName)}\",\n });\n\n var exampleIndex_appRoleAssignmentAppRoleAssignment = new AzureAD.AppRoleAssignment(\"exampleIndex/appRoleAssignmentAppRoleAssignment\", new()\n {\n AppRoleId = internalServicePrincipal.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.Admin_All),\n PrincipalObjectId = exampleUser.ObjectId,\n ResourceObjectId = internalServicePrincipal.ObjectId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleDomains, err := azuread.GetDomains(ctx, \u0026GetDomainsArgs{\n\t\t\tOnlyInitial: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternalApplication, err := azuread.NewApplication(ctx, \"internalApplication\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"internal\"),\n\t\t\tAppRoles: ApplicationAppRoleArray{\n\t\t\t\t\u0026ApplicationAppRoleArgs{\n\t\t\t\t\tAllowedMemberTypes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"Application\"),\n\t\t\t\t\t\tpulumi.String(\"User\"),\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"Admins can perform all task actions\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"Admin\"),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tId: pulumi.String(\"00000000-0000-0000-0000-222222222222\"),\n\t\t\t\t\tValue: pulumi.String(\"Admin.All\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternalServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"internalServicePrincipal\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tApplicationId: internalApplication.ApplicationId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGroup, err := azuread.NewGroup(ctx, \"exampleGroup\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAppRoleAssignment(ctx, \"exampleAppRoleAssignment\", \u0026azuread.AppRoleAssignmentArgs{\n\t\t\tAppRoleId: internalServicePrincipal.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\treturn appRoleIds.Admin.All, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tPrincipalObjectId: exampleGroup.ObjectId,\n\t\t\tResourceObjectId: internalServicePrincipal.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleUser, err := azuread.NewUser(ctx, \"exampleUser\", \u0026azuread.UserArgs{\n\t\t\tDisplayName: pulumi.String(\"D. Duck\"),\n\t\t\tPassword: pulumi.String(\"SecretP@sswd99!\"),\n\t\t\tUserPrincipalName: pulumi.String(fmt.Sprintf(\"d.duck@%v\", exampleDomains.Domains[0].DomainName)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAppRoleAssignment(ctx, \"exampleIndex/appRoleAssignmentAppRoleAssignment\", \u0026azuread.AppRoleAssignmentArgs{\n\t\t\tAppRoleId: internalServicePrincipal.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\treturn appRoleIds.Admin.All, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tPrincipalObjectId: exampleUser.ObjectId,\n\t\t\tResourceObjectId: internalServicePrincipal.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetDomainsArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationAppRoleArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.AppRoleAssignment;\nimport com.pulumi.azuread.AppRoleAssignmentArgs;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var exampleDomains = AzureadFunctions.getDomains(GetDomainsArgs.builder()\n .onlyInitial(true)\n .build());\n\n var internalApplication = new Application(\"internalApplication\", ApplicationArgs.builder() \n .displayName(\"internal\")\n .appRoles(ApplicationAppRoleArgs.builder()\n .allowedMemberTypes( \n \"Application\",\n \"User\")\n .description(\"Admins can perform all task actions\")\n .displayName(\"Admin\")\n .enabled(true)\n .id(\"00000000-0000-0000-0000-222222222222\")\n .value(\"Admin.All\")\n .build())\n .build());\n\n var internalServicePrincipal = new ServicePrincipal(\"internalServicePrincipal\", ServicePrincipalArgs.builder() \n .applicationId(internalApplication.applicationId())\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .displayName(\"example\")\n .securityEnabled(true)\n .build());\n\n var exampleAppRoleAssignment = new AppRoleAssignment(\"exampleAppRoleAssignment\", AppRoleAssignmentArgs.builder() \n .appRoleId(internalServicePrincipal.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.Admin.All()))\n .principalObjectId(exampleGroup.objectId())\n .resourceObjectId(internalServicePrincipal.objectId())\n .build());\n\n var exampleUser = new User(\"exampleUser\", UserArgs.builder() \n .displayName(\"D. Duck\")\n .password(\"SecretP@sswd99!\")\n .userPrincipalName(String.format(\"d.duck@%s\", exampleDomains.applyValue(getDomainsResult -\u003e getDomainsResult.domains()[0].domainName())))\n .build());\n\n var exampleIndex_appRoleAssignmentAppRoleAssignment = new AppRoleAssignment(\"exampleIndex/appRoleAssignmentAppRoleAssignment\", AppRoleAssignmentArgs.builder() \n .appRoleId(internalServicePrincipal.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.Admin.All()))\n .principalObjectId(exampleUser.objectId())\n .resourceObjectId(internalServicePrincipal.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n internalApplication:\n type: azuread:Application\n properties:\n displayName: internal\n appRoles:\n - allowedMemberTypes:\n - Application\n - User\n description: Admins can perform all task actions\n displayName: Admin\n enabled: true\n id: 00000000-0000-0000-0000-222222222222\n value: Admin.All\n internalServicePrincipal:\n type: azuread:ServicePrincipal\n properties:\n applicationId: ${internalApplication.applicationId}\n exampleGroup:\n type: azuread:Group\n properties:\n displayName: example\n securityEnabled: true\n exampleAppRoleAssignment:\n type: azuread:AppRoleAssignment\n properties:\n appRoleId: ${internalServicePrincipal.appRoleIds\"Admin.All\"[%!s(MISSING)]}\n principalObjectId: ${exampleGroup.objectId}\n resourceObjectId: ${internalServicePrincipal.objectId}\n exampleUser:\n type: azuread:User\n properties:\n displayName: D. Duck\n password: SecretP@sswd99!\n userPrincipalName: d.duck@${exampleDomains.domains[0].domainName}\n exampleIndex/appRoleAssignmentAppRoleAssignment:\n type: azuread:AppRoleAssignment\n properties:\n appRoleId: ${internalServicePrincipal.appRoleIds\"Admin.All\"[%!s(MISSING)]}\n principalObjectId: ${exampleUser.objectId}\n resourceObjectId: ${internalServicePrincipal.objectId}\nvariables:\n exampleDomains:\n Fn::Invoke:\n Function: azuread:getDomains\n Arguments:\n onlyInitial: true\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApp role assignments can be imported using the object ID of the service principal representing the resource and the ID of the app role assignment (note_not_ the ID of the app role), e.g.\n\n```sh\n $ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example 00000000-0000-0000-0000-000000000000/appRoleAssignment/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz\n```\n\n -\u003e This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `{ResourcePrincipalID}/appRoleAssignment/{AppRoleAssignmentID}`. ", + "description": "Manages an app role assignment for a group, user or service principal. Can be used to grant admin consent for application permissions.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `AppRoleAssignment.ReadWrite.All` and `Application.Read.All`, or `AppRoleAssignment.ReadWrite.All` and `Directory.Read.All`, or `Application.ReadWrite.All`, or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Application Administrator` or `Global Administrator`\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n*App role assignment for accessing Microsoft Graph*\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst wellKnown = azuread.getApplicationPublishedAppIds({});\nconst msgraph = new azuread.ServicePrincipal(\"msgraph\", {\n applicationId: wellKnown.then(wellKnown =\u003e wellKnown.result?.MicrosoftGraph),\n useExisting: true,\n});\nconst exampleApplication = new azuread.Application(\"exampleApplication\", {\n displayName: \"example\",\n requiredResourceAccesses: [{\n resourceAppId: wellKnown.then(wellKnown =\u003e wellKnown.result?.MicrosoftGraph),\n resourceAccesses: [\n {\n id: msgraph.appRoleIds[\"User.Read.All\"],\n type: \"Role\",\n },\n {\n id: msgraph.oauth2PermissionScopeIds[\"User.ReadWrite\"],\n type: \"Scope\",\n },\n ],\n }],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"exampleServicePrincipal\", {applicationId: exampleApplication.applicationId});\nconst exampleAppRoleAssignment = new azuread.AppRoleAssignment(\"exampleAppRoleAssignment\", {\n appRoleId: msgraph.appRoleIds[\"User.Read.All\"],\n principalObjectId: exampleServicePrincipal.objectId,\n resourceObjectId: msgraph.objectId,\n});\n```\n```csharp\nusing System.Collections.Generic;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var wellKnown = AzureAD.GetApplicationPublishedAppIds.Invoke();\n\n var msgraph = new AzureAD.ServicePrincipal(\"msgraph\", new()\n {\n ApplicationId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n UseExisting = true,\n });\n\n var exampleApplication = new AzureAD.Application(\"exampleApplication\", new()\n {\n DisplayName = \"example\",\n RequiredResourceAccesses = new[]\n {\n new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs\n {\n ResourceAppId = wellKnown.Apply(getApplicationPublishedAppIdsResult =\u003e getApplicationPublishedAppIdsResult.Result?.MicrosoftGraph),\n ResourceAccesses = new[]\n {\n new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n {\n Id = msgraph.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.User_Read_All),\n Type = \"Role\",\n },\n new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n {\n Id = msgraph.Oauth2PermissionScopeIds.Apply(oauth2PermissionScopeIds =\u003e oauth2PermissionScopeIds.User_ReadWrite),\n Type = \"Scope\",\n },\n },\n },\n },\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"exampleServicePrincipal\", new()\n {\n ApplicationId = exampleApplication.ApplicationId,\n });\n\n var exampleAppRoleAssignment = new AzureAD.AppRoleAssignment(\"exampleAppRoleAssignment\", new()\n {\n AppRoleId = msgraph.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.User_Read_All),\n PrincipalObjectId = exampleServicePrincipal.ObjectId,\n ResourceObjectId = msgraph.ObjectId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twellKnown, err := azuread.GetApplicationPublishedAppIds(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmsgraph, err := azuread.NewServicePrincipal(ctx, \"msgraph\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tApplicationId: pulumi.String(wellKnown.Result.MicrosoftGraph),\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplication, err := azuread.NewApplication(ctx, \"exampleApplication\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tRequiredResourceAccesses: ApplicationRequiredResourceAccessArray{\n\t\t\t\t\u0026ApplicationRequiredResourceAccessArgs{\n\t\t\t\t\tResourceAppId: pulumi.String(wellKnown.Result.MicrosoftGraph),\n\t\t\t\t\tResourceAccesses: ApplicationRequiredResourceAccessResourceAccessArray{\n\t\t\t\t\t\t\u0026ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: msgraph.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn appRoleIds.User.Read.All, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Role\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: msgraph.Oauth2PermissionScopeIds.ApplyT(func(oauth2PermissionScopeIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn oauth2PermissionScopeIds.User.ReadWrite, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Scope\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"exampleServicePrincipal\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tApplicationId: exampleApplication.ApplicationId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAppRoleAssignment(ctx, \"exampleAppRoleAssignment\", \u0026azuread.AppRoleAssignmentArgs{\n\t\t\tAppRoleId: msgraph.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\treturn appRoleIds.User.Read.All, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tPrincipalObjectId: exampleServicePrincipal.ObjectId,\n\t\t\tResourceObjectId: msgraph.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;\nimport com.pulumi.azuread.AppRoleAssignment;\nimport com.pulumi.azuread.AppRoleAssignmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var wellKnown = AzureadFunctions.getApplicationPublishedAppIds();\n\n var msgraph = new ServicePrincipal(\"msgraph\", ServicePrincipalArgs.builder() \n .applicationId(wellKnown.applyValue(getApplicationPublishedAppIdsResult -\u003e getApplicationPublishedAppIdsResult.result().MicrosoftGraph()))\n .useExisting(true)\n .build());\n\n var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder() \n .displayName(\"example\")\n .requiredResourceAccesses(ApplicationRequiredResourceAccessArgs.builder()\n .resourceAppId(wellKnown.applyValue(getApplicationPublishedAppIdsResult -\u003e getApplicationPublishedAppIdsResult.result().MicrosoftGraph()))\n .resourceAccesses( \n ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n .id(msgraph.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.User.Read.All()))\n .type(\"Role\")\n .build(),\n ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n .id(msgraph.oauth2PermissionScopeIds().applyValue(oauth2PermissionScopeIds -\u003e oauth2PermissionScopeIds.User.ReadWrite()))\n .type(\"Scope\")\n .build())\n .build())\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder() \n .applicationId(exampleApplication.applicationId())\n .build());\n\n var exampleAppRoleAssignment = new AppRoleAssignment(\"exampleAppRoleAssignment\", AppRoleAssignmentArgs.builder() \n .appRoleId(msgraph.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.User.Read.All()))\n .principalObjectId(exampleServicePrincipal.objectId())\n .resourceObjectId(msgraph.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n msgraph:\n type: azuread:ServicePrincipal\n properties:\n applicationId: ${wellKnown.result.MicrosoftGraph}\n useExisting: true\n exampleApplication:\n type: azuread:Application\n properties:\n displayName: example\n requiredResourceAccesses:\n - resourceAppId: ${wellKnown.result.MicrosoftGraph}\n resourceAccesses:\n - id: ${msgraph.appRoleIds\"User.Read.All\"[%!s(MISSING)]}\n type: Role\n - id: ${msgraph.oauth2PermissionScopeIds\"User.ReadWrite\"[%!s(MISSING)]}\n type: Scope\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n properties:\n applicationId: ${exampleApplication.applicationId}\n exampleAppRoleAssignment:\n type: azuread:AppRoleAssignment\n properties:\n appRoleId: ${msgraph.appRoleIds\"User.Read.All\"[%!s(MISSING)]}\n principalObjectId: ${exampleServicePrincipal.objectId}\n resourceObjectId: ${msgraph.objectId}\nvariables:\n wellKnown:\n Fn::Invoke:\n Function: azuread:getApplicationPublishedAppIds\n Arguments: {}\n```\n\n*App role assignment for internal application*\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst internalApplication = new azuread.Application(\"internalApplication\", {\n displayName: \"internal\",\n appRoles: [{\n allowedMemberTypes: [\"Application\"],\n description: \"Apps can query the database\",\n displayName: \"Query\",\n enabled: true,\n id: \"00000000-0000-0000-0000-111111111111\",\n value: \"Query.All\",\n }],\n});\nconst internalServicePrincipal = new azuread.ServicePrincipal(\"internalServicePrincipal\", {applicationId: internalApplication.applicationId});\nconst exampleApplication = new azuread.Application(\"exampleApplication\", {\n displayName: \"example\",\n requiredResourceAccesses: [{\n resourceAppId: internalApplication.applicationId,\n resourceAccesses: [{\n id: internalServicePrincipal.appRoleIds[\"Query.All\"],\n type: \"Role\",\n }],\n }],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"exampleServicePrincipal\", {applicationId: exampleApplication.applicationId});\nconst exampleAppRoleAssignment = new azuread.AppRoleAssignment(\"exampleAppRoleAssignment\", {\n appRoleId: internalServicePrincipal.appRoleIds[\"Query.All\"],\n principalObjectId: exampleServicePrincipal.objectId,\n resourceObjectId: internalServicePrincipal.objectId,\n});\n```\n```csharp\nusing System.Collections.Generic;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var internalApplication = new AzureAD.Application(\"internalApplication\", new()\n {\n DisplayName = \"internal\",\n AppRoles = new[]\n {\n new AzureAD.Inputs.ApplicationAppRoleArgs\n {\n AllowedMemberTypes = new[]\n {\n \"Application\",\n },\n Description = \"Apps can query the database\",\n DisplayName = \"Query\",\n Enabled = true,\n Id = \"00000000-0000-0000-0000-111111111111\",\n Value = \"Query.All\",\n },\n },\n });\n\n var internalServicePrincipal = new AzureAD.ServicePrincipal(\"internalServicePrincipal\", new()\n {\n ApplicationId = internalApplication.ApplicationId,\n });\n\n var exampleApplication = new AzureAD.Application(\"exampleApplication\", new()\n {\n DisplayName = \"example\",\n RequiredResourceAccesses = new[]\n {\n new AzureAD.Inputs.ApplicationRequiredResourceAccessArgs\n {\n ResourceAppId = internalApplication.ApplicationId,\n ResourceAccesses = new[]\n {\n new AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs\n {\n Id = internalServicePrincipal.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.Query_All),\n Type = \"Role\",\n },\n },\n },\n },\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"exampleServicePrincipal\", new()\n {\n ApplicationId = exampleApplication.ApplicationId,\n });\n\n var exampleAppRoleAssignment = new AzureAD.AppRoleAssignment(\"exampleAppRoleAssignment\", new()\n {\n AppRoleId = internalServicePrincipal.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.Query_All),\n PrincipalObjectId = exampleServicePrincipal.ObjectId,\n ResourceObjectId = internalServicePrincipal.ObjectId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinternalApplication, err := azuread.NewApplication(ctx, \"internalApplication\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"internal\"),\n\t\t\tAppRoles: ApplicationAppRoleArray{\n\t\t\t\t\u0026ApplicationAppRoleArgs{\n\t\t\t\t\tAllowedMemberTypes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"Application\"),\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"Apps can query the database\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"Query\"),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tId: pulumi.String(\"00000000-0000-0000-0000-111111111111\"),\n\t\t\t\t\tValue: pulumi.String(\"Query.All\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternalServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"internalServicePrincipal\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tApplicationId: internalApplication.ApplicationId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplication, err := azuread.NewApplication(ctx, \"exampleApplication\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tRequiredResourceAccesses: ApplicationRequiredResourceAccessArray{\n\t\t\t\t\u0026ApplicationRequiredResourceAccessArgs{\n\t\t\t\t\tResourceAppId: internalApplication.ApplicationId,\n\t\t\t\t\tResourceAccesses: ApplicationRequiredResourceAccessResourceAccessArray{\n\t\t\t\t\t\t\u0026ApplicationRequiredResourceAccessResourceAccessArgs{\n\t\t\t\t\t\t\tId: internalServicePrincipal.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\t\t\t\t\treturn appRoleIds.Query.All, nil\n\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\tType: pulumi.String(\"Role\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"exampleServicePrincipal\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tApplicationId: exampleApplication.ApplicationId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAppRoleAssignment(ctx, \"exampleAppRoleAssignment\", \u0026azuread.AppRoleAssignmentArgs{\n\t\t\tAppRoleId: internalServicePrincipal.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\treturn appRoleIds.Query.All, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tPrincipalObjectId: exampleServicePrincipal.ObjectId,\n\t\t\tResourceObjectId: internalServicePrincipal.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationAppRoleArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.inputs.ApplicationRequiredResourceAccessArgs;\nimport com.pulumi.azuread.AppRoleAssignment;\nimport com.pulumi.azuread.AppRoleAssignmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var internalApplication = new Application(\"internalApplication\", ApplicationArgs.builder() \n .displayName(\"internal\")\n .appRoles(ApplicationAppRoleArgs.builder()\n .allowedMemberTypes(\"Application\")\n .description(\"Apps can query the database\")\n .displayName(\"Query\")\n .enabled(true)\n .id(\"00000000-0000-0000-0000-111111111111\")\n .value(\"Query.All\")\n .build())\n .build());\n\n var internalServicePrincipal = new ServicePrincipal(\"internalServicePrincipal\", ServicePrincipalArgs.builder() \n .applicationId(internalApplication.applicationId())\n .build());\n\n var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder() \n .displayName(\"example\")\n .requiredResourceAccesses(ApplicationRequiredResourceAccessArgs.builder()\n .resourceAppId(internalApplication.applicationId())\n .resourceAccesses(ApplicationRequiredResourceAccessResourceAccessArgs.builder()\n .id(internalServicePrincipal.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.Query.All()))\n .type(\"Role\")\n .build())\n .build())\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder() \n .applicationId(exampleApplication.applicationId())\n .build());\n\n var exampleAppRoleAssignment = new AppRoleAssignment(\"exampleAppRoleAssignment\", AppRoleAssignmentArgs.builder() \n .appRoleId(internalServicePrincipal.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.Query.All()))\n .principalObjectId(exampleServicePrincipal.objectId())\n .resourceObjectId(internalServicePrincipal.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n internalApplication:\n type: azuread:Application\n properties:\n displayName: internal\n appRoles:\n - allowedMemberTypes:\n - Application\n description: Apps can query the database\n displayName: Query\n enabled: true\n id: 00000000-0000-0000-0000-111111111111\n value: Query.All\n internalServicePrincipal:\n type: azuread:ServicePrincipal\n properties:\n applicationId: ${internalApplication.applicationId}\n exampleApplication:\n type: azuread:Application\n properties:\n displayName: example\n requiredResourceAccesses:\n - resourceAppId: ${internalApplication.applicationId}\n resourceAccesses:\n - id: ${internalServicePrincipal.appRoleIds\"Query.All\"[%!s(MISSING)]}\n type: Role\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n properties:\n applicationId: ${exampleApplication.applicationId}\n exampleAppRoleAssignment:\n type: azuread:AppRoleAssignment\n properties:\n appRoleId: ${internalServicePrincipal.appRoleIds\"Query.All\"[%!s(MISSING)]}\n principalObjectId: ${exampleServicePrincipal.objectId}\n resourceObjectId: ${internalServicePrincipal.objectId}\n```\n\n*Assign a user and group to an internal application*\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst exampleDomains = azuread.getDomains({\n onlyInitial: true,\n});\nconst internalApplication = new azuread.Application(\"internalApplication\", {\n displayName: \"internal\",\n appRoles: [{\n allowedMemberTypes: [\n \"Application\",\n \"User\",\n ],\n description: \"Admins can perform all task actions\",\n displayName: \"Admin\",\n enabled: true,\n id: \"00000000-0000-0000-0000-222222222222\",\n value: \"Admin.All\",\n }],\n});\nconst internalServicePrincipal = new azuread.ServicePrincipal(\"internalServicePrincipal\", {applicationId: internalApplication.applicationId});\nconst exampleGroup = new azuread.Group(\"exampleGroup\", {\n displayName: \"example\",\n securityEnabled: true,\n});\nconst exampleAppRoleAssignment = new azuread.AppRoleAssignment(\"exampleAppRoleAssignment\", {\n appRoleId: internalServicePrincipal.appRoleIds[\"Admin.All\"],\n principalObjectId: exampleGroup.objectId,\n resourceObjectId: internalServicePrincipal.objectId,\n});\nconst exampleUser = new azuread.User(\"exampleUser\", {\n displayName: \"D. Duck\",\n password: \"SecretP@sswd99!\",\n userPrincipalName: exampleDomains.then(exampleDomains =\u003e `d.duck@${exampleDomains.domains?[0]?.domainName}`),\n});\nconst exampleIndex_appRoleAssignmentAppRoleAssignment = new azuread.AppRoleAssignment(\"exampleIndex/appRoleAssignmentAppRoleAssignment\", {\n appRoleId: internalServicePrincipal.appRoleIds[\"Admin.All\"],\n principalObjectId: exampleUser.objectId,\n resourceObjectId: internalServicePrincipal.objectId,\n});\n```\n```csharp\nusing System.Collections.Generic;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleDomains = AzureAD.GetDomains.Invoke(new()\n {\n OnlyInitial = true,\n });\n\n var internalApplication = new AzureAD.Application(\"internalApplication\", new()\n {\n DisplayName = \"internal\",\n AppRoles = new[]\n {\n new AzureAD.Inputs.ApplicationAppRoleArgs\n {\n AllowedMemberTypes = new[]\n {\n \"Application\",\n \"User\",\n },\n Description = \"Admins can perform all task actions\",\n DisplayName = \"Admin\",\n Enabled = true,\n Id = \"00000000-0000-0000-0000-222222222222\",\n Value = \"Admin.All\",\n },\n },\n });\n\n var internalServicePrincipal = new AzureAD.ServicePrincipal(\"internalServicePrincipal\", new()\n {\n ApplicationId = internalApplication.ApplicationId,\n });\n\n var exampleGroup = new AzureAD.Group(\"exampleGroup\", new()\n {\n DisplayName = \"example\",\n SecurityEnabled = true,\n });\n\n var exampleAppRoleAssignment = new AzureAD.AppRoleAssignment(\"exampleAppRoleAssignment\", new()\n {\n AppRoleId = internalServicePrincipal.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.Admin_All),\n PrincipalObjectId = exampleGroup.ObjectId,\n ResourceObjectId = internalServicePrincipal.ObjectId,\n });\n\n var exampleUser = new AzureAD.User(\"exampleUser\", new()\n {\n DisplayName = \"D. Duck\",\n Password = \"SecretP@sswd99!\",\n UserPrincipalName = $\"d.duck@{exampleDomains.Apply(getDomainsResult =\u003e getDomainsResult.Domains[0]?.DomainName)}\",\n });\n\n var exampleIndex_appRoleAssignmentAppRoleAssignment = new AzureAD.AppRoleAssignment(\"exampleIndex/appRoleAssignmentAppRoleAssignment\", new()\n {\n AppRoleId = internalServicePrincipal.AppRoleIds.Apply(appRoleIds =\u003e appRoleIds.Admin_All),\n PrincipalObjectId = exampleUser.ObjectId,\n ResourceObjectId = internalServicePrincipal.ObjectId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleDomains, err := azuread.GetDomains(ctx, \u0026GetDomainsArgs{\n\t\t\tOnlyInitial: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternalApplication, err := azuread.NewApplication(ctx, \"internalApplication\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"internal\"),\n\t\t\tAppRoles: ApplicationAppRoleArray{\n\t\t\t\t\u0026ApplicationAppRoleArgs{\n\t\t\t\t\tAllowedMemberTypes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"Application\"),\n\t\t\t\t\t\tpulumi.String(\"User\"),\n\t\t\t\t\t},\n\t\t\t\t\tDescription: pulumi.String(\"Admins can perform all task actions\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"Admin\"),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tId: pulumi.String(\"00000000-0000-0000-0000-222222222222\"),\n\t\t\t\t\tValue: pulumi.String(\"Admin.All\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternalServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"internalServicePrincipal\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tApplicationId: internalApplication.ApplicationId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGroup, err := azuread.NewGroup(ctx, \"exampleGroup\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAppRoleAssignment(ctx, \"exampleAppRoleAssignment\", \u0026azuread.AppRoleAssignmentArgs{\n\t\t\tAppRoleId: internalServicePrincipal.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\treturn appRoleIds.Admin.All, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tPrincipalObjectId: exampleGroup.ObjectId,\n\t\t\tResourceObjectId: internalServicePrincipal.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleUser, err := azuread.NewUser(ctx, \"exampleUser\", \u0026azuread.UserArgs{\n\t\t\tDisplayName: pulumi.String(\"D. Duck\"),\n\t\t\tPassword: pulumi.String(\"SecretP@sswd99!\"),\n\t\t\tUserPrincipalName: pulumi.String(fmt.Sprintf(\"d.duck@%v\", exampleDomains.Domains[0].DomainName)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAppRoleAssignment(ctx, \"exampleIndex/appRoleAssignmentAppRoleAssignment\", \u0026azuread.AppRoleAssignmentArgs{\n\t\t\tAppRoleId: internalServicePrincipal.AppRoleIds.ApplyT(func(appRoleIds map[string]string) (string, error) {\n\t\t\t\treturn appRoleIds.Admin.All, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tPrincipalObjectId: exampleUser.ObjectId,\n\t\t\tResourceObjectId: internalServicePrincipal.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetDomainsArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationAppRoleArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.AppRoleAssignment;\nimport com.pulumi.azuread.AppRoleAssignmentArgs;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var exampleDomains = AzureadFunctions.getDomains(GetDomainsArgs.builder()\n .onlyInitial(true)\n .build());\n\n var internalApplication = new Application(\"internalApplication\", ApplicationArgs.builder() \n .displayName(\"internal\")\n .appRoles(ApplicationAppRoleArgs.builder()\n .allowedMemberTypes( \n \"Application\",\n \"User\")\n .description(\"Admins can perform all task actions\")\n .displayName(\"Admin\")\n .enabled(true)\n .id(\"00000000-0000-0000-0000-222222222222\")\n .value(\"Admin.All\")\n .build())\n .build());\n\n var internalServicePrincipal = new ServicePrincipal(\"internalServicePrincipal\", ServicePrincipalArgs.builder() \n .applicationId(internalApplication.applicationId())\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .displayName(\"example\")\n .securityEnabled(true)\n .build());\n\n var exampleAppRoleAssignment = new AppRoleAssignment(\"exampleAppRoleAssignment\", AppRoleAssignmentArgs.builder() \n .appRoleId(internalServicePrincipal.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.Admin.All()))\n .principalObjectId(exampleGroup.objectId())\n .resourceObjectId(internalServicePrincipal.objectId())\n .build());\n\n var exampleUser = new User(\"exampleUser\", UserArgs.builder() \n .displayName(\"D. Duck\")\n .password(\"SecretP@sswd99!\")\n .userPrincipalName(String.format(\"d.duck@%s\", exampleDomains.applyValue(getDomainsResult -\u003e getDomainsResult.domains()[0].domainName())))\n .build());\n\n var exampleIndex_appRoleAssignmentAppRoleAssignment = new AppRoleAssignment(\"exampleIndex/appRoleAssignmentAppRoleAssignment\", AppRoleAssignmentArgs.builder() \n .appRoleId(internalServicePrincipal.appRoleIds().applyValue(appRoleIds -\u003e appRoleIds.Admin.All()))\n .principalObjectId(exampleUser.objectId())\n .resourceObjectId(internalServicePrincipal.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n internalApplication:\n type: azuread:Application\n properties:\n displayName: internal\n appRoles:\n - allowedMemberTypes:\n - Application\n - User\n description: Admins can perform all task actions\n displayName: Admin\n enabled: true\n id: 00000000-0000-0000-0000-222222222222\n value: Admin.All\n internalServicePrincipal:\n type: azuread:ServicePrincipal\n properties:\n applicationId: ${internalApplication.applicationId}\n exampleGroup:\n type: azuread:Group\n properties:\n displayName: example\n securityEnabled: true\n exampleAppRoleAssignment:\n type: azuread:AppRoleAssignment\n properties:\n appRoleId: ${internalServicePrincipal.appRoleIds\"Admin.All\"[%!s(MISSING)]}\n principalObjectId: ${exampleGroup.objectId}\n resourceObjectId: ${internalServicePrincipal.objectId}\n exampleUser:\n type: azuread:User\n properties:\n displayName: D. Duck\n password: SecretP@sswd99!\n userPrincipalName: d.duck@${exampleDomains.domains[0].domainName}\n exampleIndex/appRoleAssignmentAppRoleAssignment:\n type: azuread:AppRoleAssignment\n properties:\n appRoleId: ${internalServicePrincipal.appRoleIds\"Admin.All\"[%!s(MISSING)]}\n principalObjectId: ${exampleUser.objectId}\n resourceObjectId: ${internalServicePrincipal.objectId}\nvariables:\n exampleDomains:\n Fn::Invoke:\n Function: azuread:getDomains\n Arguments:\n onlyInitial: true\n```\n\n*Assign a group to the default app role for an internal application*\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst internalApplication = new azuread.Application(\"internalApplication\", {displayName: \"internal\"});\nconst internalServicePrincipal = new azuread.ServicePrincipal(\"internalServicePrincipal\", {applicationId: internalApplication.applicationId});\nconst exampleGroup = new azuread.Group(\"exampleGroup\", {\n displayName: \"example\",\n securityEnabled: true,\n});\nconst exampleAppRoleAssignment = new azuread.AppRoleAssignment(\"exampleAppRoleAssignment\", {\n appRoleId: \"00000000-0000-0000-0000-000000000000\",\n principalObjectId: exampleGroup.objectId,\n resourceObjectId: internalServicePrincipal.objectId,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ninternal_application = azuread.Application(\"internalApplication\", display_name=\"internal\")\ninternal_service_principal = azuread.ServicePrincipal(\"internalServicePrincipal\", application_id=internal_application.application_id)\nexample_group = azuread.Group(\"exampleGroup\",\n display_name=\"example\",\n security_enabled=True)\nexample_app_role_assignment = azuread.AppRoleAssignment(\"exampleAppRoleAssignment\",\n app_role_id=\"00000000-0000-0000-0000-000000000000\",\n principal_object_id=example_group.object_id,\n resource_object_id=internal_service_principal.object_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var internalApplication = new AzureAD.Application(\"internalApplication\", new()\n {\n DisplayName = \"internal\",\n });\n\n var internalServicePrincipal = new AzureAD.ServicePrincipal(\"internalServicePrincipal\", new()\n {\n ApplicationId = internalApplication.ApplicationId,\n });\n\n var exampleGroup = new AzureAD.Group(\"exampleGroup\", new()\n {\n DisplayName = \"example\",\n SecurityEnabled = true,\n });\n\n var exampleAppRoleAssignment = new AzureAD.AppRoleAssignment(\"exampleAppRoleAssignment\", new()\n {\n AppRoleId = \"00000000-0000-0000-0000-000000000000\",\n PrincipalObjectId = exampleGroup.ObjectId,\n ResourceObjectId = internalServicePrincipal.ObjectId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinternalApplication, err := azuread.NewApplication(ctx, \"internalApplication\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"internal\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternalServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"internalServicePrincipal\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tApplicationId: internalApplication.ApplicationId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGroup, err := azuread.NewGroup(ctx, \"exampleGroup\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewAppRoleAssignment(ctx, \"exampleAppRoleAssignment\", \u0026azuread.AppRoleAssignmentArgs{\n\t\t\tAppRoleId: pulumi.String(\"00000000-0000-0000-0000-000000000000\"),\n\t\t\tPrincipalObjectId: exampleGroup.ObjectId,\n\t\t\tResourceObjectId: internalServicePrincipal.ObjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.AppRoleAssignment;\nimport com.pulumi.azuread.AppRoleAssignmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var internalApplication = new Application(\"internalApplication\", ApplicationArgs.builder() \n .displayName(\"internal\")\n .build());\n\n var internalServicePrincipal = new ServicePrincipal(\"internalServicePrincipal\", ServicePrincipalArgs.builder() \n .applicationId(internalApplication.applicationId())\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .displayName(\"example\")\n .securityEnabled(true)\n .build());\n\n var exampleAppRoleAssignment = new AppRoleAssignment(\"exampleAppRoleAssignment\", AppRoleAssignmentArgs.builder() \n .appRoleId(\"00000000-0000-0000-0000-000000000000\")\n .principalObjectId(exampleGroup.objectId())\n .resourceObjectId(internalServicePrincipal.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n internalApplication:\n type: azuread:Application\n properties:\n displayName: internal\n internalServicePrincipal:\n type: azuread:ServicePrincipal\n properties:\n applicationId: ${internalApplication.applicationId}\n exampleGroup:\n type: azuread:Group\n properties:\n displayName: example\n securityEnabled: true\n exampleAppRoleAssignment:\n type: azuread:AppRoleAssignment\n properties:\n appRoleId: 00000000-0000-0000-0000-000000000000\n principalObjectId: ${exampleGroup.objectId}\n resourceObjectId: ${internalServicePrincipal.objectId}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApp role assignments can be imported using the object ID of the service principal representing the resource and the ID of the app role assignment (note_not_ the ID of the app role), e.g.\n\n```sh\n $ pulumi import azuread:index/appRoleAssignment:AppRoleAssignment example 00000000-0000-0000-0000-000000000000/appRoleAssignment/aaBBcDDeFG6h5JKLMN2PQrrssTTUUvWWxxxxxyyyzzz\n```\n\n -\u003e This ID format is unique to Terraform and is composed of the Resource Service Principal Object ID and the ID of the App Role Assignment in the format `{ResourcePrincipalID}/appRoleAssignment/{AppRoleAssignmentID}`. ", "properties": { "appRoleId": { "type": "string", - "description": "The ID of the app role to be assigned. Changing this forces a new resource to be created.\n" + "description": "The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created.\n" }, "principalDisplayName": { "type": "string", @@ -3207,7 +3275,7 @@ "inputProperties": { "appRoleId": { "type": "string", - "description": "The ID of the app role to be assigned. Changing this forces a new resource to be created.\n", + "description": "The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created.\n", "willReplaceOnChanges": true }, "principalObjectId": { @@ -3231,7 +3299,7 @@ "properties": { "appRoleId": { "type": "string", - "description": "The ID of the app role to be assigned. Changing this forces a new resource to be created.\n", + "description": "The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created.\n", "willReplaceOnChanges": true }, "principalDisplayName": { @@ -6086,6 +6154,136 @@ "type": "object" } }, + "azuread:index/synchronizationJob:SynchronizationJob": { + "description": "Manages a synchronization job associated with a service principal (enterprise application) within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All`\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n*Basic example*\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst exampleApplicationTemplate = azuread.getApplicationTemplate({\n displayName: \"Azure Databricks SCIM Provisioning Connector\",\n});\nconst exampleApplication = new azuread.Application(\"exampleApplication\", {\n displayName: \"example\",\n templateId: exampleApplicationTemplate.then(exampleApplicationTemplate =\u003e exampleApplicationTemplate.templateId),\n featureTags: [{\n enterprise: true,\n gallery: true,\n }],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"exampleServicePrincipal\", {\n applicationId: exampleApplication.applicationId,\n useExisting: true,\n});\nconst exampleSynchronizationSecret = new azuread.SynchronizationSecret(\"exampleSynchronizationSecret\", {\n servicePrincipalId: exampleServicePrincipal.id,\n credentials: [\n {\n key: \"BaseAddress\",\n value: \"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\",\n },\n {\n key: \"SecretToken\",\n value: \"some-token\",\n },\n ],\n});\nconst exampleSynchronizationJob = new azuread.SynchronizationJob(\"exampleSynchronizationJob\", {\n servicePrincipalId: exampleServicePrincipal.id,\n templateId: \"dataBricks\",\n enabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample_application_template = azuread.get_application_template(display_name=\"Azure Databricks SCIM Provisioning Connector\")\nexample_application = azuread.Application(\"exampleApplication\",\n display_name=\"example\",\n template_id=example_application_template.template_id,\n feature_tags=[azuread.ApplicationFeatureTagArgs(\n enterprise=True,\n gallery=True,\n )])\nexample_service_principal = azuread.ServicePrincipal(\"exampleServicePrincipal\",\n application_id=example_application.application_id,\n use_existing=True)\nexample_synchronization_secret = azuread.SynchronizationSecret(\"exampleSynchronizationSecret\",\n service_principal_id=example_service_principal.id,\n credentials=[\n azuread.SynchronizationSecretCredentialArgs(\n key=\"BaseAddress\",\n value=\"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\",\n ),\n azuread.SynchronizationSecretCredentialArgs(\n key=\"SecretToken\",\n value=\"some-token\",\n ),\n ])\nexample_synchronization_job = azuread.SynchronizationJob(\"exampleSynchronizationJob\",\n service_principal_id=example_service_principal.id,\n template_id=\"dataBricks\",\n enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleApplicationTemplate = AzureAD.GetApplicationTemplate.Invoke(new()\n {\n DisplayName = \"Azure Databricks SCIM Provisioning Connector\",\n });\n\n var exampleApplication = new AzureAD.Application(\"exampleApplication\", new()\n {\n DisplayName = \"example\",\n TemplateId = exampleApplicationTemplate.Apply(getApplicationTemplateResult =\u003e getApplicationTemplateResult.TemplateId),\n FeatureTags = new[]\n {\n new AzureAD.Inputs.ApplicationFeatureTagArgs\n {\n Enterprise = true,\n Gallery = true,\n },\n },\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"exampleServicePrincipal\", new()\n {\n ApplicationId = exampleApplication.ApplicationId,\n UseExisting = true,\n });\n\n var exampleSynchronizationSecret = new AzureAD.SynchronizationSecret(\"exampleSynchronizationSecret\", new()\n {\n ServicePrincipalId = exampleServicePrincipal.Id,\n Credentials = new[]\n {\n new AzureAD.Inputs.SynchronizationSecretCredentialArgs\n {\n Key = \"BaseAddress\",\n Value = \"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\",\n },\n new AzureAD.Inputs.SynchronizationSecretCredentialArgs\n {\n Key = \"SecretToken\",\n Value = \"some-token\",\n },\n },\n });\n\n var exampleSynchronizationJob = new AzureAD.SynchronizationJob(\"exampleSynchronizationJob\", new()\n {\n ServicePrincipalId = exampleServicePrincipal.Id,\n TemplateId = \"dataBricks\",\n Enabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleApplicationTemplate, err := azuread.GetApplicationTemplate(ctx, \u0026GetApplicationTemplateArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Azure Databricks SCIM Provisioning Connector\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplication, err := azuread.NewApplication(ctx, \"exampleApplication\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tTemplateId: pulumi.String(exampleApplicationTemplate.TemplateId),\n\t\t\tFeatureTags: ApplicationFeatureTagArray{\n\t\t\t\t\u0026ApplicationFeatureTagArgs{\n\t\t\t\t\tEnterprise: pulumi.Bool(true),\n\t\t\t\t\tGallery: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"exampleServicePrincipal\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tApplicationId: exampleApplication.ApplicationId,\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewSynchronizationSecret(ctx, \"exampleSynchronizationSecret\", \u0026azuread.SynchronizationSecretArgs{\n\t\t\tServicePrincipalId: exampleServicePrincipal.ID(),\n\t\t\tCredentials: SynchronizationSecretCredentialArray{\n\t\t\t\t\u0026SynchronizationSecretCredentialArgs{\n\t\t\t\t\tKey: pulumi.String(\"BaseAddress\"),\n\t\t\t\t\tValue: pulumi.String(\"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\"),\n\t\t\t\t},\n\t\t\t\t\u0026SynchronizationSecretCredentialArgs{\n\t\t\t\t\tKey: pulumi.String(\"SecretToken\"),\n\t\t\t\t\tValue: pulumi.String(\"some-token\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewSynchronizationJob(ctx, \"exampleSynchronizationJob\", \u0026azuread.SynchronizationJobArgs{\n\t\t\tServicePrincipalId: exampleServicePrincipal.ID(),\n\t\t\tTemplateId: pulumi.String(\"dataBricks\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetApplicationTemplateArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationFeatureTagArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.SynchronizationSecret;\nimport com.pulumi.azuread.SynchronizationSecretArgs;\nimport com.pulumi.azuread.inputs.SynchronizationSecretCredentialArgs;\nimport com.pulumi.azuread.SynchronizationJob;\nimport com.pulumi.azuread.SynchronizationJobArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var exampleApplicationTemplate = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder()\n .displayName(\"Azure Databricks SCIM Provisioning Connector\")\n .build());\n\n var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder() \n .displayName(\"example\")\n .templateId(exampleApplicationTemplate.applyValue(getApplicationTemplateResult -\u003e getApplicationTemplateResult.templateId()))\n .featureTags(ApplicationFeatureTagArgs.builder()\n .enterprise(true)\n .gallery(true)\n .build())\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder() \n .applicationId(exampleApplication.applicationId())\n .useExisting(true)\n .build());\n\n var exampleSynchronizationSecret = new SynchronizationSecret(\"exampleSynchronizationSecret\", SynchronizationSecretArgs.builder() \n .servicePrincipalId(exampleServicePrincipal.id())\n .credentials( \n SynchronizationSecretCredentialArgs.builder()\n .key(\"BaseAddress\")\n .value(\"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\")\n .build(),\n SynchronizationSecretCredentialArgs.builder()\n .key(\"SecretToken\")\n .value(\"some-token\")\n .build())\n .build());\n\n var exampleSynchronizationJob = new SynchronizationJob(\"exampleSynchronizationJob\", SynchronizationJobArgs.builder() \n .servicePrincipalId(exampleServicePrincipal.id())\n .templateId(\"dataBricks\")\n .enabled(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleApplication:\n type: azuread:Application\n properties:\n displayName: example\n templateId: ${exampleApplicationTemplate.templateId}\n featureTags:\n - enterprise: true\n gallery: true\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n properties:\n applicationId: ${exampleApplication.applicationId}\n useExisting: true\n exampleSynchronizationSecret:\n type: azuread:SynchronizationSecret\n properties:\n servicePrincipalId: ${exampleServicePrincipal.id}\n credentials:\n - key: BaseAddress\n value: https://adb-example.azuredatabricks.net/api/2.0/preview/scim\n - key: SecretToken\n value: some-token\n exampleSynchronizationJob:\n type: azuread:SynchronizationJob\n properties:\n servicePrincipalId: ${exampleServicePrincipal.id}\n templateId: dataBricks\n enabled: true\nvariables:\n exampleApplicationTemplate:\n Fn::Invoke:\n Function: azuread:getApplicationTemplate\n Arguments:\n displayName: Azure Databricks SCIM Provisioning Connector\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSynchronization jobs can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import azuread:index/synchronizationJob:SynchronizationJob example 00000000-0000-0000-0000-000000000000/job/dataBricks.f5532fc709734b1a90e8a1fa9fd03a82.8442fd39-2183-419c-8732-74b6ce866bd5\n```\n\n -\u003e This ID format is unique to Terraform and is composed of the Service Principal Object ID and the ID of the Synchronization Job Id in the format `{servicePrincipalId}/job/{jobId}`. ", + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether or not the provisioning job is enabled. Default state is `true`.\n" + }, + "schedules": { + "type": "array", + "items": { + "$ref": "#/types/azuread:index/SynchronizationJobSchedule:SynchronizationJobSchedule" + }, + "description": "A `schedule` list as documented below.\n" + }, + "servicePrincipalId": { + "type": "string", + "description": "The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created.\n" + }, + "templateId": { + "type": "string", + "description": "Identifier of the synchronization template this job is based on.\n" + } + }, + "required": [ + "schedules", + "servicePrincipalId", + "templateId" + ], + "inputProperties": { + "enabled": { + "type": "boolean", + "description": "Whether or not the provisioning job is enabled. Default state is `true`.\n" + }, + "servicePrincipalId": { + "type": "string", + "description": "The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created.\n", + "willReplaceOnChanges": true + }, + "templateId": { + "type": "string", + "description": "Identifier of the synchronization template this job is based on.\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "servicePrincipalId", + "templateId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SynchronizationJob resources.\n", + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether or not the provisioning job is enabled. Default state is `true`.\n" + }, + "schedules": { + "type": "array", + "items": { + "$ref": "#/types/azuread:index/SynchronizationJobSchedule:SynchronizationJobSchedule" + }, + "description": "A `schedule` list as documented below.\n" + }, + "servicePrincipalId": { + "type": "string", + "description": "The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created.\n", + "willReplaceOnChanges": true + }, + "templateId": { + "type": "string", + "description": "Identifier of the synchronization template this job is based on.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, + "azuread:index/synchronizationSecret:SynchronizationSecret": { + "description": "Manages synchronization secrets associated with a service principal (enterprise application) within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All`\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n*Basic example*\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst exampleApplicationTemplate = azuread.getApplicationTemplate({\n displayName: \"Azure Databricks SCIM Provisioning Connector\",\n});\nconst exampleApplication = new azuread.Application(\"exampleApplication\", {\n displayName: \"example\",\n templateId: exampleApplicationTemplate.then(exampleApplicationTemplate =\u003e exampleApplicationTemplate.templateId),\n featureTags: [{\n enterprise: true,\n gallery: true,\n }],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"exampleServicePrincipal\", {\n applicationId: exampleApplication.applicationId,\n useExisting: true,\n});\nconst exampleSynchronizationSecret = new azuread.SynchronizationSecret(\"exampleSynchronizationSecret\", {\n servicePrincipalId: exampleServicePrincipal.id,\n credentials: [\n {\n key: \"BaseAddress\",\n value: \"abc\",\n },\n {\n key: \"SecretToken\",\n value: \"some-token\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample_application_template = azuread.get_application_template(display_name=\"Azure Databricks SCIM Provisioning Connector\")\nexample_application = azuread.Application(\"exampleApplication\",\n display_name=\"example\",\n template_id=example_application_template.template_id,\n feature_tags=[azuread.ApplicationFeatureTagArgs(\n enterprise=True,\n gallery=True,\n )])\nexample_service_principal = azuread.ServicePrincipal(\"exampleServicePrincipal\",\n application_id=example_application.application_id,\n use_existing=True)\nexample_synchronization_secret = azuread.SynchronizationSecret(\"exampleSynchronizationSecret\",\n service_principal_id=example_service_principal.id,\n credentials=[\n azuread.SynchronizationSecretCredentialArgs(\n key=\"BaseAddress\",\n value=\"abc\",\n ),\n azuread.SynchronizationSecretCredentialArgs(\n key=\"SecretToken\",\n value=\"some-token\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleApplicationTemplate = AzureAD.GetApplicationTemplate.Invoke(new()\n {\n DisplayName = \"Azure Databricks SCIM Provisioning Connector\",\n });\n\n var exampleApplication = new AzureAD.Application(\"exampleApplication\", new()\n {\n DisplayName = \"example\",\n TemplateId = exampleApplicationTemplate.Apply(getApplicationTemplateResult =\u003e getApplicationTemplateResult.TemplateId),\n FeatureTags = new[]\n {\n new AzureAD.Inputs.ApplicationFeatureTagArgs\n {\n Enterprise = true,\n Gallery = true,\n },\n },\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"exampleServicePrincipal\", new()\n {\n ApplicationId = exampleApplication.ApplicationId,\n UseExisting = true,\n });\n\n var exampleSynchronizationSecret = new AzureAD.SynchronizationSecret(\"exampleSynchronizationSecret\", new()\n {\n ServicePrincipalId = exampleServicePrincipal.Id,\n Credentials = new[]\n {\n new AzureAD.Inputs.SynchronizationSecretCredentialArgs\n {\n Key = \"BaseAddress\",\n Value = \"abc\",\n },\n new AzureAD.Inputs.SynchronizationSecretCredentialArgs\n {\n Key = \"SecretToken\",\n Value = \"some-token\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleApplicationTemplate, err := azuread.GetApplicationTemplate(ctx, \u0026GetApplicationTemplateArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Azure Databricks SCIM Provisioning Connector\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplication, err := azuread.NewApplication(ctx, \"exampleApplication\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tTemplateId: pulumi.String(exampleApplicationTemplate.TemplateId),\n\t\t\tFeatureTags: ApplicationFeatureTagArray{\n\t\t\t\t\u0026ApplicationFeatureTagArgs{\n\t\t\t\t\tEnterprise: pulumi.Bool(true),\n\t\t\t\t\tGallery: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"exampleServicePrincipal\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tApplicationId: exampleApplication.ApplicationId,\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewSynchronizationSecret(ctx, \"exampleSynchronizationSecret\", \u0026azuread.SynchronizationSecretArgs{\n\t\t\tServicePrincipalId: exampleServicePrincipal.ID(),\n\t\t\tCredentials: SynchronizationSecretCredentialArray{\n\t\t\t\t\u0026SynchronizationSecretCredentialArgs{\n\t\t\t\t\tKey: pulumi.String(\"BaseAddress\"),\n\t\t\t\t\tValue: pulumi.String(\"abc\"),\n\t\t\t\t},\n\t\t\t\t\u0026SynchronizationSecretCredentialArgs{\n\t\t\t\t\tKey: pulumi.String(\"SecretToken\"),\n\t\t\t\t\tValue: pulumi.String(\"some-token\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetApplicationTemplateArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationFeatureTagArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.SynchronizationSecret;\nimport com.pulumi.azuread.SynchronizationSecretArgs;\nimport com.pulumi.azuread.inputs.SynchronizationSecretCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var exampleApplicationTemplate = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder()\n .displayName(\"Azure Databricks SCIM Provisioning Connector\")\n .build());\n\n var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder() \n .displayName(\"example\")\n .templateId(exampleApplicationTemplate.applyValue(getApplicationTemplateResult -\u003e getApplicationTemplateResult.templateId()))\n .featureTags(ApplicationFeatureTagArgs.builder()\n .enterprise(true)\n .gallery(true)\n .build())\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder() \n .applicationId(exampleApplication.applicationId())\n .useExisting(true)\n .build());\n\n var exampleSynchronizationSecret = new SynchronizationSecret(\"exampleSynchronizationSecret\", SynchronizationSecretArgs.builder() \n .servicePrincipalId(exampleServicePrincipal.id())\n .credentials( \n SynchronizationSecretCredentialArgs.builder()\n .key(\"BaseAddress\")\n .value(\"abc\")\n .build(),\n SynchronizationSecretCredentialArgs.builder()\n .key(\"SecretToken\")\n .value(\"some-token\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleApplication:\n type: azuread:Application\n properties:\n displayName: example\n templateId: ${exampleApplicationTemplate.templateId}\n featureTags:\n - enterprise: true\n gallery: true\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n properties:\n applicationId: ${exampleApplication.applicationId}\n useExisting: true\n exampleSynchronizationSecret:\n type: azuread:SynchronizationSecret\n properties:\n servicePrincipalId: ${exampleServicePrincipal.id}\n credentials:\n - key: BaseAddress\n value: abc\n - key: SecretToken\n value: some-token\nvariables:\n exampleApplicationTemplate:\n Fn::Invoke:\n Function: azuread:getApplicationTemplate\n Arguments:\n displayName: Azure Databricks SCIM Provisioning Connector\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource does not support importing. ", + "properties": { + "credentials": { + "type": "array", + "items": { + "$ref": "#/types/azuread:index/SynchronizationSecretCredential:SynchronizationSecretCredential" + }, + "description": "One or more `credential` blocks as documented below.\n" + }, + "servicePrincipalId": { + "type": "string", + "description": "The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created.\n" + } + }, + "required": [ + "servicePrincipalId" + ], + "inputProperties": { + "credentials": { + "type": "array", + "items": { + "$ref": "#/types/azuread:index/SynchronizationSecretCredential:SynchronizationSecretCredential" + }, + "description": "One or more `credential` blocks as documented below.\n" + }, + "servicePrincipalId": { + "type": "string", + "description": "The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created.\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "servicePrincipalId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SynchronizationSecret resources.\n", + "properties": { + "credentials": { + "type": "array", + "items": { + "$ref": "#/types/azuread:index/SynchronizationSecretCredential:SynchronizationSecretCredential" + }, + "description": "One or more `credential` blocks as documented below.\n" + }, + "servicePrincipalId": { + "type": "string", + "description": "The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, "azuread:index/user:User": { "description": "Manages a user within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `User.ReadWrite.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `User Administrator` or `Global Administrator`\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.User(\"example\", {\n displayName: \"J. Doe\",\n mailNickname: \"jdoe\",\n password: \"SecretP@sswd99!\",\n userPrincipalName: \"jdoe@hashicorp.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.User(\"example\",\n display_name=\"J. Doe\",\n mail_nickname=\"jdoe\",\n password=\"SecretP@sswd99!\",\n user_principal_name=\"jdoe@hashicorp.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.User(\"example\", new()\n {\n DisplayName = \"J. Doe\",\n MailNickname = \"jdoe\",\n Password = \"SecretP@sswd99!\",\n UserPrincipalName = \"jdoe@hashicorp.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewUser(ctx, \"example\", \u0026azuread.UserArgs{\n\t\t\tDisplayName: pulumi.String(\"J. Doe\"),\n\t\t\tMailNickname: pulumi.String(\"jdoe\"),\n\t\t\tPassword: pulumi.String(\"SecretP@sswd99!\"),\n\t\t\tUserPrincipalName: pulumi.String(\"jdoe@hashicorp.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new User(\"example\", UserArgs.builder() \n .displayName(\"J. Doe\")\n .mailNickname(\"jdoe\")\n .password(\"SecretP@sswd99!\")\n .userPrincipalName(\"jdoe@hashicorp.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:User\n properties:\n displayName: J. Doe\n mailNickname: jdoe\n password: SecretP@sswd99!\n userPrincipalName: jdoe@hashicorp.com\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsers can be imported using their object ID, e.g.\n\n```sh\n $ pulumi import azuread:index/user:User my_user 00000000-0000-0000-0000-000000000000\n```\n\n ", "properties": { diff --git a/provider/go.mod b/provider/go.mod index 369a0d796..15d50cc69 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -3,8 +3,8 @@ module github.com/pulumi/pulumi-azuread/provider/v5 go 1.18 require ( - github.com/hashicorp/go-azure-helpers v0.40.0 github.com/hashicorp/terraform-provider-azuread/shim v0.0.0 + github.com/manicminer/hamilton v0.49.0 github.com/pulumi/pulumi-terraform-bridge/v3 v3.28.0 github.com/pulumi/pulumi/sdk/v3 v3.38.0 ) @@ -116,7 +116,7 @@ require ( github.com/hashicorp/terraform-plugin-log v0.7.0 // indirect github.com/hashicorp/terraform-plugin-sdk v1.7.0 // indirect github.com/hashicorp/terraform-plugin-sdk/v2 v2.19.0 // indirect - github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220929223321-d60b4060e615 // indirect + github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20221028011557-09dba057f143 // indirect github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c // indirect github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 // indirect github.com/hashicorp/vault/api v1.1.1 // indirect @@ -133,8 +133,6 @@ require ( github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect github.com/kevinburke/ssh_config v1.1.0 // indirect github.com/klauspost/compress v1.13.5 // indirect - github.com/manicminer/hamilton v0.49.0 // indirect - github.com/manicminer/hamilton-autorest v0.2.0 // indirect github.com/mattn/go-colorable v0.1.12 // indirect github.com/mattn/go-ieproxy v0.0.1 // indirect github.com/mattn/go-isatty v0.0.14 // indirect diff --git a/provider/go.sum b/provider/go.sum index 86ea7bba6..e7a6c5538 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -488,8 +488,6 @@ github.com/hashicorp/errwrap v0.0.0-20180715044906-d6c0cd880357/go.mod h1:YH+1FK github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-azure-helpers v0.40.0 h1:NjiyF+jN+0mRdFBU894yzZSxu1SNrbvj8l4rEDpCB0A= -github.com/hashicorp/go-azure-helpers v0.40.0/go.mod h1:gcutZ/Hf/O7YN9M3UIvyZ9l0Rxv7Yrc9x5sSfM9cuSw= github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU= github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= @@ -576,8 +574,8 @@ github.com/hashicorp/terraform-plugin-sdk v1.7.0 h1:B//oq0ZORG+EkVrIJy0uPGSonvmX github.com/hashicorp/terraform-plugin-sdk v1.7.0/go.mod h1:OjgQmey5VxnPej/buEhe+YqKm0KNvV3QqU4hkqHqPCY= github.com/hashicorp/terraform-plugin-test v1.2.0 h1:AWFdqyfnOj04sxTdaAF57QqvW7XXrT8PseUHkbKsE8I= github.com/hashicorp/terraform-plugin-test v1.2.0/go.mod h1:QIJHYz8j+xJtdtLrFTlzQVC0ocr3rf/OjIpgZLK56Hs= -github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220929223321-d60b4060e615 h1:+M961pFM76U+TncNeQPWBo3V+WiqEWVZaKzI/tVIwbU= -github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220929223321-d60b4060e615/go.mod h1:po5ly0R+gYMdLUYttbLVR8mPq/0cSnQTp+bSpzrBhEw= +github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20221028011557-09dba057f143 h1:Kvh66D5DG27//tprnxCMEcl+/1FRiezJ33vz7UWxFkQ= +github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20221028011557-09dba057f143/go.mod h1:po5ly0R+gYMdLUYttbLVR8mPq/0cSnQTp+bSpzrBhEw= github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c h1:D8aRO6+mTqHfLsK/BC3j5OAoogv1WLRWzY1AaTo3rBg= github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c/go.mod h1:Wn3Na71knbXc1G8Lh+yu/dQWWJeFQEpDeJMtWMtlmNI= github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg= @@ -665,11 +663,8 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= -github.com/manicminer/hamilton v0.43.0/go.mod h1:lbVyngC+/nCWuDp8UhC6Bw+bh7jcP/E+YwqzHTmzemk= github.com/manicminer/hamilton v0.49.0 h1:n4GDhEZgpsKANu7G1Q1CI2FVLiQTNJQ684U6NX94AVk= github.com/manicminer/hamilton v0.49.0/go.mod h1:lbVyngC+/nCWuDp8UhC6Bw+bh7jcP/E+YwqzHTmzemk= -github.com/manicminer/hamilton-autorest v0.2.0 h1:dDL+t2DrQza0EfNYINYCvXISeNwVqzgVAQh+CH/19ZU= -github.com/manicminer/hamilton-autorest v0.2.0/go.mod h1:NselDpNTImEmOc/fa41kPg6YhDt/6S95ejWbTGZ6tlg= github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A= github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= diff --git a/provider/resources.go b/provider/resources.go index 681342aee..e18b1a52a 100644 --- a/provider/resources.go +++ b/provider/resources.go @@ -217,6 +217,8 @@ func Provider() tfbridge.ProviderInfo { "azuread_service_principal_claims_mapping_policy_assignment": { Tok: makeResource(mainMod, "ServicePrincipalClaimsMappingPolicyAssignment"), }, + "azuread_synchronization_job": {Tok: makeResource(mainMod, "SynchronizationJob")}, + "azuread_synchronization_secret": {Tok: makeResource(mainMod, "SynchronizationSecret")}, }, DataSources: map[string]*tfbridge.DataSourceInfo{ "azuread_application": {Tok: makeDataSource(mainMod, "getApplication")}, diff --git a/provider/shim/go.mod b/provider/shim/go.mod index 74e6c4eaa..dd70e2c2d 100644 --- a/provider/shim/go.mod +++ b/provider/shim/go.mod @@ -4,7 +4,7 @@ go 1.18 require ( github.com/hashicorp/terraform-plugin-sdk/v2 v2.17.0 - github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220929223321-d60b4060e615 + github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20221028011557-09dba057f143 ) require ( diff --git a/provider/shim/go.sum b/provider/shim/go.sum index 2e40b9d6c..0dba19e5e 100644 --- a/provider/shim/go.sum +++ b/provider/shim/go.sum @@ -196,8 +196,8 @@ github.com/hashicorp/terraform-plugin-go v0.14.0 h1:ttnSlS8bz3ZPYbMb84DpcPhY4F5D github.com/hashicorp/terraform-plugin-go v0.14.0/go.mod h1:2nNCBeRLaenyQEi78xrGrs9hMbulveqG/zDMQSvVJTE= github.com/hashicorp/terraform-plugin-log v0.7.0 h1:SDxJUyT8TwN4l5b5/VkiTIaQgY6R+Y2BQ0sRZftGKQs= github.com/hashicorp/terraform-plugin-log v0.7.0/go.mod h1:p4R1jWBXRTvL4odmEkFfDdhUjHf9zcs/BCoNHAc7IK4= -github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220929223321-d60b4060e615 h1:+M961pFM76U+TncNeQPWBo3V+WiqEWVZaKzI/tVIwbU= -github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20220929223321-d60b4060e615/go.mod h1:po5ly0R+gYMdLUYttbLVR8mPq/0cSnQTp+bSpzrBhEw= +github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20221028011557-09dba057f143 h1:Kvh66D5DG27//tprnxCMEcl+/1FRiezJ33vz7UWxFkQ= +github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20221028011557-09dba057f143/go.mod h1:po5ly0R+gYMdLUYttbLVR8mPq/0cSnQTp+bSpzrBhEw= github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c h1:D8aRO6+mTqHfLsK/BC3j5OAoogv1WLRWzY1AaTo3rBg= github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c/go.mod h1:Wn3Na71knbXc1G8Lh+yu/dQWWJeFQEpDeJMtWMtlmNI= github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 h1:HKLsbzeOsfXmKNpr3GiT18XAblV0BjCbzL8KQAMZGa0= diff --git a/sdk/dotnet/AppRoleAssignment.cs b/sdk/dotnet/AppRoleAssignment.cs index cf7d1987f..8d5579642 100644 --- a/sdk/dotnet/AppRoleAssignment.cs +++ b/sdk/dotnet/AppRoleAssignment.cs @@ -218,6 +218,41 @@ namespace Pulumi.AzureAD /// }); /// ``` /// + /// *Assign a group to the default app role for an internal application* + /// + /// ```csharp + /// using System.Collections.Generic; + /// using Pulumi; + /// using AzureAD = Pulumi.AzureAD; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var internalApplication = new AzureAD.Application("internalApplication", new() + /// { + /// DisplayName = "internal", + /// }); + /// + /// var internalServicePrincipal = new AzureAD.ServicePrincipal("internalServicePrincipal", new() + /// { + /// ApplicationId = internalApplication.ApplicationId, + /// }); + /// + /// var exampleGroup = new AzureAD.Group("exampleGroup", new() + /// { + /// DisplayName = "example", + /// SecurityEnabled = true, + /// }); + /// + /// var exampleAppRoleAssignment = new AzureAD.AppRoleAssignment("exampleAppRoleAssignment", new() + /// { + /// AppRoleId = "00000000-0000-0000-0000-000000000000", + /// PrincipalObjectId = exampleGroup.ObjectId, + /// ResourceObjectId = internalServicePrincipal.ObjectId, + /// }); + /// + /// }); + /// ``` + /// /// ## Import /// /// App role assignments can be imported using the object ID of the service principal representing the resource and the ID of the app role assignment (note_not_ the ID of the app role), e.g. @@ -232,7 +267,7 @@ namespace Pulumi.AzureAD public partial class AppRoleAssignment : global::Pulumi.CustomResource { /// - /// The ID of the app role to be assigned. Changing this forces a new resource to be created. + /// The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. /// [Output("appRoleId")] public Output AppRoleId { get; private set; } = null!; @@ -314,7 +349,7 @@ public static AppRoleAssignment Get(string name, Input id, AppRoleAssign public sealed class AppRoleAssignmentArgs : global::Pulumi.ResourceArgs { /// - /// The ID of the app role to be assigned. Changing this forces a new resource to be created. + /// The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. /// [Input("appRoleId", required: true)] public Input AppRoleId { get; set; } = null!; @@ -340,7 +375,7 @@ public AppRoleAssignmentArgs() public sealed class AppRoleAssignmentState : global::Pulumi.ResourceArgs { /// - /// The ID of the app role to be assigned. Changing this forces a new resource to be created. + /// The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. /// [Input("appRoleId")] public Input? AppRoleId { get; set; } diff --git a/sdk/dotnet/Inputs/SynchronizationJobScheduleArgs.cs b/sdk/dotnet/Inputs/SynchronizationJobScheduleArgs.cs new file mode 100644 index 000000000..087e8e360 --- /dev/null +++ b/sdk/dotnet/Inputs/SynchronizationJobScheduleArgs.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class SynchronizationJobScheduleArgs : global::Pulumi.ResourceArgs + { + /// + /// Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + /// + [Input("expiration")] + public Input? Expiration { get; set; } + + /// + /// The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + /// + [Input("interval")] + public Input? Interval { get; set; } + + /// + /// State of the job. + /// + [Input("state")] + public Input? State { get; set; } + + public SynchronizationJobScheduleArgs() + { + } + public static new SynchronizationJobScheduleArgs Empty => new SynchronizationJobScheduleArgs(); + } +} diff --git a/sdk/dotnet/Inputs/SynchronizationJobScheduleGetArgs.cs b/sdk/dotnet/Inputs/SynchronizationJobScheduleGetArgs.cs new file mode 100644 index 000000000..af032ff88 --- /dev/null +++ b/sdk/dotnet/Inputs/SynchronizationJobScheduleGetArgs.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class SynchronizationJobScheduleGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + /// + [Input("expiration")] + public Input? Expiration { get; set; } + + /// + /// The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + /// + [Input("interval")] + public Input? Interval { get; set; } + + /// + /// State of the job. + /// + [Input("state")] + public Input? State { get; set; } + + public SynchronizationJobScheduleGetArgs() + { + } + public static new SynchronizationJobScheduleGetArgs Empty => new SynchronizationJobScheduleGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/SynchronizationSecretCredentialArgs.cs b/sdk/dotnet/Inputs/SynchronizationSecretCredentialArgs.cs new file mode 100644 index 000000000..0566d5bc8 --- /dev/null +++ b/sdk/dotnet/Inputs/SynchronizationSecretCredentialArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class SynchronizationSecretCredentialArgs : global::Pulumi.ResourceArgs + { + /// + /// The key of the secret. + /// + [Input("key", required: true)] + public Input Key { get; set; } = null!; + + /// + /// The value of the secret. + /// + [Input("value", required: true)] + public Input Value { get; set; } = null!; + + public SynchronizationSecretCredentialArgs() + { + } + public static new SynchronizationSecretCredentialArgs Empty => new SynchronizationSecretCredentialArgs(); + } +} diff --git a/sdk/dotnet/Inputs/SynchronizationSecretCredentialGetArgs.cs b/sdk/dotnet/Inputs/SynchronizationSecretCredentialGetArgs.cs new file mode 100644 index 000000000..fc60ba497 --- /dev/null +++ b/sdk/dotnet/Inputs/SynchronizationSecretCredentialGetArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class SynchronizationSecretCredentialGetArgs : global::Pulumi.ResourceArgs + { + /// + /// The key of the secret. + /// + [Input("key", required: true)] + public Input Key { get; set; } = null!; + + /// + /// The value of the secret. + /// + [Input("value", required: true)] + public Input Value { get; set; } = null!; + + public SynchronizationSecretCredentialGetArgs() + { + } + public static new SynchronizationSecretCredentialGetArgs Empty => new SynchronizationSecretCredentialGetArgs(); + } +} diff --git a/sdk/dotnet/Outputs/SynchronizationJobSchedule.cs b/sdk/dotnet/Outputs/SynchronizationJobSchedule.cs new file mode 100644 index 000000000..563def98f --- /dev/null +++ b/sdk/dotnet/Outputs/SynchronizationJobSchedule.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class SynchronizationJobSchedule + { + /// + /// Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + /// + public readonly string? Expiration; + /// + /// The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + /// + public readonly string? Interval; + /// + /// State of the job. + /// + public readonly string? State; + + [OutputConstructor] + private SynchronizationJobSchedule( + string? expiration, + + string? interval, + + string? state) + { + Expiration = expiration; + Interval = interval; + State = state; + } + } +} diff --git a/sdk/dotnet/Outputs/SynchronizationSecretCredential.cs b/sdk/dotnet/Outputs/SynchronizationSecretCredential.cs new file mode 100644 index 000000000..156484d96 --- /dev/null +++ b/sdk/dotnet/Outputs/SynchronizationSecretCredential.cs @@ -0,0 +1,35 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class SynchronizationSecretCredential + { + /// + /// The key of the secret. + /// + public readonly string Key; + /// + /// The value of the secret. + /// + public readonly string Value; + + [OutputConstructor] + private SynchronizationSecretCredential( + string key, + + string value) + { + Key = key; + Value = value; + } + } +} diff --git a/sdk/dotnet/SynchronizationJob.cs b/sdk/dotnet/SynchronizationJob.cs new file mode 100644 index 000000000..da2dab35d --- /dev/null +++ b/sdk/dotnet/SynchronizationJob.cs @@ -0,0 +1,229 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD +{ + /// + /// Manages a synchronization job associated with a service principal (enterprise application) within Azure Active Directory. + /// + /// ## API Permissions + /// + /// The following API permissions are required in order to use this resource. + /// + /// When authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All` + /// + /// ## Example Usage + /// + /// *Basic example* + /// + /// ```csharp + /// using System.Collections.Generic; + /// using Pulumi; + /// using AzureAD = Pulumi.AzureAD; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var exampleApplicationTemplate = AzureAD.GetApplicationTemplate.Invoke(new() + /// { + /// DisplayName = "Azure Databricks SCIM Provisioning Connector", + /// }); + /// + /// var exampleApplication = new AzureAD.Application("exampleApplication", new() + /// { + /// DisplayName = "example", + /// TemplateId = exampleApplicationTemplate.Apply(getApplicationTemplateResult => getApplicationTemplateResult.TemplateId), + /// FeatureTags = new[] + /// { + /// new AzureAD.Inputs.ApplicationFeatureTagArgs + /// { + /// Enterprise = true, + /// Gallery = true, + /// }, + /// }, + /// }); + /// + /// var exampleServicePrincipal = new AzureAD.ServicePrincipal("exampleServicePrincipal", new() + /// { + /// ApplicationId = exampleApplication.ApplicationId, + /// UseExisting = true, + /// }); + /// + /// var exampleSynchronizationSecret = new AzureAD.SynchronizationSecret("exampleSynchronizationSecret", new() + /// { + /// ServicePrincipalId = exampleServicePrincipal.Id, + /// Credentials = new[] + /// { + /// new AzureAD.Inputs.SynchronizationSecretCredentialArgs + /// { + /// Key = "BaseAddress", + /// Value = "https://adb-example.azuredatabricks.net/api/2.0/preview/scim", + /// }, + /// new AzureAD.Inputs.SynchronizationSecretCredentialArgs + /// { + /// Key = "SecretToken", + /// Value = "some-token", + /// }, + /// }, + /// }); + /// + /// var exampleSynchronizationJob = new AzureAD.SynchronizationJob("exampleSynchronizationJob", new() + /// { + /// ServicePrincipalId = exampleServicePrincipal.Id, + /// TemplateId = "dataBricks", + /// Enabled = true, + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// Synchronization jobs can be imported using the `id`, e.g. + /// + /// ```sh + /// $ pulumi import azuread:index/synchronizationJob:SynchronizationJob example 00000000-0000-0000-0000-000000000000/job/dataBricks.f5532fc709734b1a90e8a1fa9fd03a82.8442fd39-2183-419c-8732-74b6ce866bd5 + /// ``` + /// + /// -> This ID format is unique to Terraform and is composed of the Service Principal Object ID and the ID of the Synchronization Job Id in the format `{servicePrincipalId}/job/{jobId}`. + /// + [AzureADResourceType("azuread:index/synchronizationJob:SynchronizationJob")] + public partial class SynchronizationJob : global::Pulumi.CustomResource + { + /// + /// Whether or not the provisioning job is enabled. Default state is `true`. + /// + [Output("enabled")] + public Output Enabled { get; private set; } = null!; + + /// + /// A `schedule` list as documented below. + /// + [Output("schedules")] + public Output> Schedules { get; private set; } = null!; + + /// + /// The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + /// + [Output("servicePrincipalId")] + public Output ServicePrincipalId { get; private set; } = null!; + + /// + /// Identifier of the synchronization template this job is based on. + /// + [Output("templateId")] + public Output TemplateId { get; private set; } = null!; + + + /// + /// Create a SynchronizationJob resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public SynchronizationJob(string name, SynchronizationJobArgs args, CustomResourceOptions? options = null) + : base("azuread:index/synchronizationJob:SynchronizationJob", name, args ?? new SynchronizationJobArgs(), MakeResourceOptions(options, "")) + { + } + + private SynchronizationJob(string name, Input id, SynchronizationJobState? state = null, CustomResourceOptions? options = null) + : base("azuread:index/synchronizationJob:SynchronizationJob", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing SynchronizationJob resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static SynchronizationJob Get(string name, Input id, SynchronizationJobState? state = null, CustomResourceOptions? options = null) + { + return new SynchronizationJob(name, id, state, options); + } + } + + public sealed class SynchronizationJobArgs : global::Pulumi.ResourceArgs + { + /// + /// Whether or not the provisioning job is enabled. Default state is `true`. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + /// + [Input("servicePrincipalId", required: true)] + public Input ServicePrincipalId { get; set; } = null!; + + /// + /// Identifier of the synchronization template this job is based on. + /// + [Input("templateId", required: true)] + public Input TemplateId { get; set; } = null!; + + public SynchronizationJobArgs() + { + } + public static new SynchronizationJobArgs Empty => new SynchronizationJobArgs(); + } + + public sealed class SynchronizationJobState : global::Pulumi.ResourceArgs + { + /// + /// Whether or not the provisioning job is enabled. Default state is `true`. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + [Input("schedules")] + private InputList? _schedules; + + /// + /// A `schedule` list as documented below. + /// + public InputList Schedules + { + get => _schedules ?? (_schedules = new InputList()); + set => _schedules = value; + } + + /// + /// The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + /// + [Input("servicePrincipalId")] + public Input? ServicePrincipalId { get; set; } + + /// + /// Identifier of the synchronization template this job is based on. + /// + [Input("templateId")] + public Input? TemplateId { get; set; } + + public SynchronizationJobState() + { + } + public static new SynchronizationJobState Empty => new SynchronizationJobState(); + } +} diff --git a/sdk/dotnet/SynchronizationSecret.cs b/sdk/dotnet/SynchronizationSecret.cs new file mode 100644 index 000000000..8285eee9d --- /dev/null +++ b/sdk/dotnet/SynchronizationSecret.cs @@ -0,0 +1,192 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD +{ + /// + /// Manages synchronization secrets associated with a service principal (enterprise application) within Azure Active Directory. + /// + /// ## API Permissions + /// + /// The following API permissions are required in order to use this resource. + /// + /// When authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All` + /// + /// ## Example Usage + /// + /// *Basic example* + /// + /// ```csharp + /// using System.Collections.Generic; + /// using Pulumi; + /// using AzureAD = Pulumi.AzureAD; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var exampleApplicationTemplate = AzureAD.GetApplicationTemplate.Invoke(new() + /// { + /// DisplayName = "Azure Databricks SCIM Provisioning Connector", + /// }); + /// + /// var exampleApplication = new AzureAD.Application("exampleApplication", new() + /// { + /// DisplayName = "example", + /// TemplateId = exampleApplicationTemplate.Apply(getApplicationTemplateResult => getApplicationTemplateResult.TemplateId), + /// FeatureTags = new[] + /// { + /// new AzureAD.Inputs.ApplicationFeatureTagArgs + /// { + /// Enterprise = true, + /// Gallery = true, + /// }, + /// }, + /// }); + /// + /// var exampleServicePrincipal = new AzureAD.ServicePrincipal("exampleServicePrincipal", new() + /// { + /// ApplicationId = exampleApplication.ApplicationId, + /// UseExisting = true, + /// }); + /// + /// var exampleSynchronizationSecret = new AzureAD.SynchronizationSecret("exampleSynchronizationSecret", new() + /// { + /// ServicePrincipalId = exampleServicePrincipal.Id, + /// Credentials = new[] + /// { + /// new AzureAD.Inputs.SynchronizationSecretCredentialArgs + /// { + /// Key = "BaseAddress", + /// Value = "abc", + /// }, + /// new AzureAD.Inputs.SynchronizationSecretCredentialArgs + /// { + /// Key = "SecretToken", + /// Value = "some-token", + /// }, + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// This resource does not support importing. + /// + [AzureADResourceType("azuread:index/synchronizationSecret:SynchronizationSecret")] + public partial class SynchronizationSecret : global::Pulumi.CustomResource + { + /// + /// One or more `credential` blocks as documented below. + /// + [Output("credentials")] + public Output> Credentials { get; private set; } = null!; + + /// + /// The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + /// + [Output("servicePrincipalId")] + public Output ServicePrincipalId { get; private set; } = null!; + + + /// + /// Create a SynchronizationSecret resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public SynchronizationSecret(string name, SynchronizationSecretArgs args, CustomResourceOptions? options = null) + : base("azuread:index/synchronizationSecret:SynchronizationSecret", name, args ?? new SynchronizationSecretArgs(), MakeResourceOptions(options, "")) + { + } + + private SynchronizationSecret(string name, Input id, SynchronizationSecretState? state = null, CustomResourceOptions? options = null) + : base("azuread:index/synchronizationSecret:SynchronizationSecret", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing SynchronizationSecret resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static SynchronizationSecret Get(string name, Input id, SynchronizationSecretState? state = null, CustomResourceOptions? options = null) + { + return new SynchronizationSecret(name, id, state, options); + } + } + + public sealed class SynchronizationSecretArgs : global::Pulumi.ResourceArgs + { + [Input("credentials")] + private InputList? _credentials; + + /// + /// One or more `credential` blocks as documented below. + /// + public InputList Credentials + { + get => _credentials ?? (_credentials = new InputList()); + set => _credentials = value; + } + + /// + /// The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + /// + [Input("servicePrincipalId", required: true)] + public Input ServicePrincipalId { get; set; } = null!; + + public SynchronizationSecretArgs() + { + } + public static new SynchronizationSecretArgs Empty => new SynchronizationSecretArgs(); + } + + public sealed class SynchronizationSecretState : global::Pulumi.ResourceArgs + { + [Input("credentials")] + private InputList? _credentials; + + /// + /// One or more `credential` blocks as documented below. + /// + public InputList Credentials + { + get => _credentials ?? (_credentials = new InputList()); + set => _credentials = value; + } + + /// + /// The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + /// + [Input("servicePrincipalId")] + public Input? ServicePrincipalId { get; set; } + + public SynchronizationSecretState() + { + } + public static new SynchronizationSecretState Empty => new SynchronizationSecretState(); + } +} diff --git a/sdk/go/azuread/appRoleAssignment.go b/sdk/go/azuread/appRoleAssignment.go index 4bfd7b463..95eb3b903 100644 --- a/sdk/go/azuread/appRoleAssignment.go +++ b/sdk/go/azuread/appRoleAssignment.go @@ -262,6 +262,53 @@ import ( // // ``` // +// *Assign a group to the default app role for an internal application* +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// internalApplication, err := azuread.NewApplication(ctx, "internalApplication", &azuread.ApplicationArgs{ +// DisplayName: pulumi.String("internal"), +// }) +// if err != nil { +// return err +// } +// internalServicePrincipal, err := azuread.NewServicePrincipal(ctx, "internalServicePrincipal", &azuread.ServicePrincipalArgs{ +// ApplicationId: internalApplication.ApplicationId, +// }) +// if err != nil { +// return err +// } +// exampleGroup, err := azuread.NewGroup(ctx, "exampleGroup", &azuread.GroupArgs{ +// DisplayName: pulumi.String("example"), +// SecurityEnabled: pulumi.Bool(true), +// }) +// if err != nil { +// return err +// } +// _, err = azuread.NewAppRoleAssignment(ctx, "exampleAppRoleAssignment", &azuread.AppRoleAssignmentArgs{ +// AppRoleId: pulumi.String("00000000-0000-0000-0000-000000000000"), +// PrincipalObjectId: exampleGroup.ObjectId, +// ResourceObjectId: internalServicePrincipal.ObjectId, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// // ## Import // // App role assignments can be imported using the object ID of the service principal representing the resource and the ID of the app role assignment (note_not_ the ID of the app role), e.g. @@ -276,7 +323,7 @@ import ( type AppRoleAssignment struct { pulumi.CustomResourceState - // The ID of the app role to be assigned. Changing this forces a new resource to be created. + // The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. AppRoleId pulumi.StringOutput `pulumi:"appRoleId"` // The display name of the principal to which the app role is assigned. PrincipalDisplayName pulumi.StringOutput `pulumi:"principalDisplayName"` @@ -328,7 +375,7 @@ func GetAppRoleAssignment(ctx *pulumi.Context, // Input properties used for looking up and filtering AppRoleAssignment resources. type appRoleAssignmentState struct { - // The ID of the app role to be assigned. Changing this forces a new resource to be created. + // The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. AppRoleId *string `pulumi:"appRoleId"` // The display name of the principal to which the app role is assigned. PrincipalDisplayName *string `pulumi:"principalDisplayName"` @@ -343,7 +390,7 @@ type appRoleAssignmentState struct { } type AppRoleAssignmentState struct { - // The ID of the app role to be assigned. Changing this forces a new resource to be created. + // The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. AppRoleId pulumi.StringPtrInput // The display name of the principal to which the app role is assigned. PrincipalDisplayName pulumi.StringPtrInput @@ -362,7 +409,7 @@ func (AppRoleAssignmentState) ElementType() reflect.Type { } type appRoleAssignmentArgs struct { - // The ID of the app role to be assigned. Changing this forces a new resource to be created. + // The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. AppRoleId string `pulumi:"appRoleId"` // The object ID of the user, group or service principal to be assigned this app role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created. PrincipalObjectId string `pulumi:"principalObjectId"` @@ -372,7 +419,7 @@ type appRoleAssignmentArgs struct { // The set of arguments for constructing a AppRoleAssignment resource. type AppRoleAssignmentArgs struct { - // The ID of the app role to be assigned. Changing this forces a new resource to be created. + // The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. AppRoleId pulumi.StringInput // The object ID of the user, group or service principal to be assigned this app role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created. PrincipalObjectId pulumi.StringInput @@ -467,7 +514,7 @@ func (o AppRoleAssignmentOutput) ToAppRoleAssignmentOutputWithContext(ctx contex return o } -// The ID of the app role to be assigned. Changing this forces a new resource to be created. +// The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. func (o AppRoleAssignmentOutput) AppRoleId() pulumi.StringOutput { return o.ApplyT(func(v *AppRoleAssignment) pulumi.StringOutput { return v.AppRoleId }).(pulumi.StringOutput) } diff --git a/sdk/go/azuread/init.go b/sdk/go/azuread/init.go index 035d233ca..629f56570 100644 --- a/sdk/go/azuread/init.go +++ b/sdk/go/azuread/init.go @@ -66,6 +66,10 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &ServicePrincipalDelegatedPermissionGrant{} case "azuread:index/servicePrincipalPassword:ServicePrincipalPassword": r = &ServicePrincipalPassword{} + case "azuread:index/synchronizationJob:SynchronizationJob": + r = &SynchronizationJob{} + case "azuread:index/synchronizationSecret:SynchronizationSecret": + r = &SynchronizationSecret{} case "azuread:index/user:User": r = &User{} default: @@ -211,6 +215,16 @@ func init() { "index/servicePrincipalPassword", &module{version}, ) + pulumi.RegisterResourceModule( + "azuread", + "index/synchronizationJob", + &module{version}, + ) + pulumi.RegisterResourceModule( + "azuread", + "index/synchronizationSecret", + &module{version}, + ) pulumi.RegisterResourceModule( "azuread", "index/user", diff --git a/sdk/go/azuread/pulumiTypes.go b/sdk/go/azuread/pulumiTypes.go index 02064a7b5..c81d05641 100644 --- a/sdk/go/azuread/pulumiTypes.go +++ b/sdk/go/azuread/pulumiTypes.go @@ -5127,6 +5127,227 @@ func (o ServicePrincipalSamlSingleSignOnPtrOutput) RelayState() pulumi.StringPtr }).(pulumi.StringPtrOutput) } +type SynchronizationJobSchedule struct { + // Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + Expiration *string `pulumi:"expiration"` + // The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + Interval *string `pulumi:"interval"` + // State of the job. + State *string `pulumi:"state"` +} + +// SynchronizationJobScheduleInput is an input type that accepts SynchronizationJobScheduleArgs and SynchronizationJobScheduleOutput values. +// You can construct a concrete instance of `SynchronizationJobScheduleInput` via: +// +// SynchronizationJobScheduleArgs{...} +type SynchronizationJobScheduleInput interface { + pulumi.Input + + ToSynchronizationJobScheduleOutput() SynchronizationJobScheduleOutput + ToSynchronizationJobScheduleOutputWithContext(context.Context) SynchronizationJobScheduleOutput +} + +type SynchronizationJobScheduleArgs struct { + // Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + Expiration pulumi.StringPtrInput `pulumi:"expiration"` + // The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + Interval pulumi.StringPtrInput `pulumi:"interval"` + // State of the job. + State pulumi.StringPtrInput `pulumi:"state"` +} + +func (SynchronizationJobScheduleArgs) ElementType() reflect.Type { + return reflect.TypeOf((*SynchronizationJobSchedule)(nil)).Elem() +} + +func (i SynchronizationJobScheduleArgs) ToSynchronizationJobScheduleOutput() SynchronizationJobScheduleOutput { + return i.ToSynchronizationJobScheduleOutputWithContext(context.Background()) +} + +func (i SynchronizationJobScheduleArgs) ToSynchronizationJobScheduleOutputWithContext(ctx context.Context) SynchronizationJobScheduleOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationJobScheduleOutput) +} + +// SynchronizationJobScheduleArrayInput is an input type that accepts SynchronizationJobScheduleArray and SynchronizationJobScheduleArrayOutput values. +// You can construct a concrete instance of `SynchronizationJobScheduleArrayInput` via: +// +// SynchronizationJobScheduleArray{ SynchronizationJobScheduleArgs{...} } +type SynchronizationJobScheduleArrayInput interface { + pulumi.Input + + ToSynchronizationJobScheduleArrayOutput() SynchronizationJobScheduleArrayOutput + ToSynchronizationJobScheduleArrayOutputWithContext(context.Context) SynchronizationJobScheduleArrayOutput +} + +type SynchronizationJobScheduleArray []SynchronizationJobScheduleInput + +func (SynchronizationJobScheduleArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]SynchronizationJobSchedule)(nil)).Elem() +} + +func (i SynchronizationJobScheduleArray) ToSynchronizationJobScheduleArrayOutput() SynchronizationJobScheduleArrayOutput { + return i.ToSynchronizationJobScheduleArrayOutputWithContext(context.Background()) +} + +func (i SynchronizationJobScheduleArray) ToSynchronizationJobScheduleArrayOutputWithContext(ctx context.Context) SynchronizationJobScheduleArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationJobScheduleArrayOutput) +} + +type SynchronizationJobScheduleOutput struct{ *pulumi.OutputState } + +func (SynchronizationJobScheduleOutput) ElementType() reflect.Type { + return reflect.TypeOf((*SynchronizationJobSchedule)(nil)).Elem() +} + +func (o SynchronizationJobScheduleOutput) ToSynchronizationJobScheduleOutput() SynchronizationJobScheduleOutput { + return o +} + +func (o SynchronizationJobScheduleOutput) ToSynchronizationJobScheduleOutputWithContext(ctx context.Context) SynchronizationJobScheduleOutput { + return o +} + +// Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). +func (o SynchronizationJobScheduleOutput) Expiration() pulumi.StringPtrOutput { + return o.ApplyT(func(v SynchronizationJobSchedule) *string { return v.Expiration }).(pulumi.StringPtrOutput) +} + +// The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. +func (o SynchronizationJobScheduleOutput) Interval() pulumi.StringPtrOutput { + return o.ApplyT(func(v SynchronizationJobSchedule) *string { return v.Interval }).(pulumi.StringPtrOutput) +} + +// State of the job. +func (o SynchronizationJobScheduleOutput) State() pulumi.StringPtrOutput { + return o.ApplyT(func(v SynchronizationJobSchedule) *string { return v.State }).(pulumi.StringPtrOutput) +} + +type SynchronizationJobScheduleArrayOutput struct{ *pulumi.OutputState } + +func (SynchronizationJobScheduleArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]SynchronizationJobSchedule)(nil)).Elem() +} + +func (o SynchronizationJobScheduleArrayOutput) ToSynchronizationJobScheduleArrayOutput() SynchronizationJobScheduleArrayOutput { + return o +} + +func (o SynchronizationJobScheduleArrayOutput) ToSynchronizationJobScheduleArrayOutputWithContext(ctx context.Context) SynchronizationJobScheduleArrayOutput { + return o +} + +func (o SynchronizationJobScheduleArrayOutput) Index(i pulumi.IntInput) SynchronizationJobScheduleOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) SynchronizationJobSchedule { + return vs[0].([]SynchronizationJobSchedule)[vs[1].(int)] + }).(SynchronizationJobScheduleOutput) +} + +type SynchronizationSecretCredential struct { + // The key of the secret. + Key string `pulumi:"key"` + // The value of the secret. + Value string `pulumi:"value"` +} + +// SynchronizationSecretCredentialInput is an input type that accepts SynchronizationSecretCredentialArgs and SynchronizationSecretCredentialOutput values. +// You can construct a concrete instance of `SynchronizationSecretCredentialInput` via: +// +// SynchronizationSecretCredentialArgs{...} +type SynchronizationSecretCredentialInput interface { + pulumi.Input + + ToSynchronizationSecretCredentialOutput() SynchronizationSecretCredentialOutput + ToSynchronizationSecretCredentialOutputWithContext(context.Context) SynchronizationSecretCredentialOutput +} + +type SynchronizationSecretCredentialArgs struct { + // The key of the secret. + Key pulumi.StringInput `pulumi:"key"` + // The value of the secret. + Value pulumi.StringInput `pulumi:"value"` +} + +func (SynchronizationSecretCredentialArgs) ElementType() reflect.Type { + return reflect.TypeOf((*SynchronizationSecretCredential)(nil)).Elem() +} + +func (i SynchronizationSecretCredentialArgs) ToSynchronizationSecretCredentialOutput() SynchronizationSecretCredentialOutput { + return i.ToSynchronizationSecretCredentialOutputWithContext(context.Background()) +} + +func (i SynchronizationSecretCredentialArgs) ToSynchronizationSecretCredentialOutputWithContext(ctx context.Context) SynchronizationSecretCredentialOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationSecretCredentialOutput) +} + +// SynchronizationSecretCredentialArrayInput is an input type that accepts SynchronizationSecretCredentialArray and SynchronizationSecretCredentialArrayOutput values. +// You can construct a concrete instance of `SynchronizationSecretCredentialArrayInput` via: +// +// SynchronizationSecretCredentialArray{ SynchronizationSecretCredentialArgs{...} } +type SynchronizationSecretCredentialArrayInput interface { + pulumi.Input + + ToSynchronizationSecretCredentialArrayOutput() SynchronizationSecretCredentialArrayOutput + ToSynchronizationSecretCredentialArrayOutputWithContext(context.Context) SynchronizationSecretCredentialArrayOutput +} + +type SynchronizationSecretCredentialArray []SynchronizationSecretCredentialInput + +func (SynchronizationSecretCredentialArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]SynchronizationSecretCredential)(nil)).Elem() +} + +func (i SynchronizationSecretCredentialArray) ToSynchronizationSecretCredentialArrayOutput() SynchronizationSecretCredentialArrayOutput { + return i.ToSynchronizationSecretCredentialArrayOutputWithContext(context.Background()) +} + +func (i SynchronizationSecretCredentialArray) ToSynchronizationSecretCredentialArrayOutputWithContext(ctx context.Context) SynchronizationSecretCredentialArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationSecretCredentialArrayOutput) +} + +type SynchronizationSecretCredentialOutput struct{ *pulumi.OutputState } + +func (SynchronizationSecretCredentialOutput) ElementType() reflect.Type { + return reflect.TypeOf((*SynchronizationSecretCredential)(nil)).Elem() +} + +func (o SynchronizationSecretCredentialOutput) ToSynchronizationSecretCredentialOutput() SynchronizationSecretCredentialOutput { + return o +} + +func (o SynchronizationSecretCredentialOutput) ToSynchronizationSecretCredentialOutputWithContext(ctx context.Context) SynchronizationSecretCredentialOutput { + return o +} + +// The key of the secret. +func (o SynchronizationSecretCredentialOutput) Key() pulumi.StringOutput { + return o.ApplyT(func(v SynchronizationSecretCredential) string { return v.Key }).(pulumi.StringOutput) +} + +// The value of the secret. +func (o SynchronizationSecretCredentialOutput) Value() pulumi.StringOutput { + return o.ApplyT(func(v SynchronizationSecretCredential) string { return v.Value }).(pulumi.StringOutput) +} + +type SynchronizationSecretCredentialArrayOutput struct{ *pulumi.OutputState } + +func (SynchronizationSecretCredentialArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]SynchronizationSecretCredential)(nil)).Elem() +} + +func (o SynchronizationSecretCredentialArrayOutput) ToSynchronizationSecretCredentialArrayOutput() SynchronizationSecretCredentialArrayOutput { + return o +} + +func (o SynchronizationSecretCredentialArrayOutput) ToSynchronizationSecretCredentialArrayOutputWithContext(ctx context.Context) SynchronizationSecretCredentialArrayOutput { + return o +} + +func (o SynchronizationSecretCredentialArrayOutput) Index(i pulumi.IntInput) SynchronizationSecretCredentialOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) SynchronizationSecretCredential { + return vs[0].([]SynchronizationSecretCredential)[vs[1].(int)] + }).(SynchronizationSecretCredentialOutput) +} + type GetApplicationApi struct { // A set of application IDs (client IDs), used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app. KnownClientApplications []string `pulumi:"knownClientApplications"` @@ -8144,6 +8365,10 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*ServicePrincipalOauth2PermissionScopeArrayInput)(nil)).Elem(), ServicePrincipalOauth2PermissionScopeArray{}) pulumi.RegisterInputType(reflect.TypeOf((*ServicePrincipalSamlSingleSignOnInput)(nil)).Elem(), ServicePrincipalSamlSingleSignOnArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ServicePrincipalSamlSingleSignOnPtrInput)(nil)).Elem(), ServicePrincipalSamlSingleSignOnArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationJobScheduleInput)(nil)).Elem(), SynchronizationJobScheduleArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationJobScheduleArrayInput)(nil)).Elem(), SynchronizationJobScheduleArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationSecretCredentialInput)(nil)).Elem(), SynchronizationSecretCredentialArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationSecretCredentialArrayInput)(nil)).Elem(), SynchronizationSecretCredentialArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetApplicationApiInput)(nil)).Elem(), GetApplicationApiArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GetApplicationApiArrayInput)(nil)).Elem(), GetApplicationApiArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GetApplicationApiOauth2PermissionScopeInput)(nil)).Elem(), GetApplicationApiOauth2PermissionScopeArgs{}) @@ -8256,6 +8481,10 @@ func init() { pulumi.RegisterOutputType(ServicePrincipalOauth2PermissionScopeArrayOutput{}) pulumi.RegisterOutputType(ServicePrincipalSamlSingleSignOnOutput{}) pulumi.RegisterOutputType(ServicePrincipalSamlSingleSignOnPtrOutput{}) + pulumi.RegisterOutputType(SynchronizationJobScheduleOutput{}) + pulumi.RegisterOutputType(SynchronizationJobScheduleArrayOutput{}) + pulumi.RegisterOutputType(SynchronizationSecretCredentialOutput{}) + pulumi.RegisterOutputType(SynchronizationSecretCredentialArrayOutput{}) pulumi.RegisterOutputType(GetApplicationApiOutput{}) pulumi.RegisterOutputType(GetApplicationApiArrayOutput{}) pulumi.RegisterOutputType(GetApplicationApiOauth2PermissionScopeOutput{}) diff --git a/sdk/go/azuread/synchronizationJob.go b/sdk/go/azuread/synchronizationJob.go new file mode 100644 index 000000000..aeacf88cb --- /dev/null +++ b/sdk/go/azuread/synchronizationJob.go @@ -0,0 +1,351 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package azuread + +import ( + "context" + "reflect" + + "github.com/pkg/errors" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Manages a synchronization job associated with a service principal (enterprise application) within Azure Active Directory. +// +// ## API Permissions +// +// The following API permissions are required in order to use this resource. +// +// When authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All` +// +// ## Example Usage +// +// *Basic example* +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// exampleApplicationTemplate, err := azuread.GetApplicationTemplate(ctx, &GetApplicationTemplateArgs{ +// DisplayName: pulumi.StringRef("Azure Databricks SCIM Provisioning Connector"), +// }, nil) +// if err != nil { +// return err +// } +// exampleApplication, err := azuread.NewApplication(ctx, "exampleApplication", &azuread.ApplicationArgs{ +// DisplayName: pulumi.String("example"), +// TemplateId: pulumi.String(exampleApplicationTemplate.TemplateId), +// FeatureTags: ApplicationFeatureTagArray{ +// &ApplicationFeatureTagArgs{ +// Enterprise: pulumi.Bool(true), +// Gallery: pulumi.Bool(true), +// }, +// }, +// }) +// if err != nil { +// return err +// } +// exampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, "exampleServicePrincipal", &azuread.ServicePrincipalArgs{ +// ApplicationId: exampleApplication.ApplicationId, +// UseExisting: pulumi.Bool(true), +// }) +// if err != nil { +// return err +// } +// _, err = azuread.NewSynchronizationSecret(ctx, "exampleSynchronizationSecret", &azuread.SynchronizationSecretArgs{ +// ServicePrincipalId: exampleServicePrincipal.ID(), +// Credentials: SynchronizationSecretCredentialArray{ +// &SynchronizationSecretCredentialArgs{ +// Key: pulumi.String("BaseAddress"), +// Value: pulumi.String("https://adb-example.azuredatabricks.net/api/2.0/preview/scim"), +// }, +// &SynchronizationSecretCredentialArgs{ +// Key: pulumi.String("SecretToken"), +// Value: pulumi.String("some-token"), +// }, +// }, +// }) +// if err != nil { +// return err +// } +// _, err = azuread.NewSynchronizationJob(ctx, "exampleSynchronizationJob", &azuread.SynchronizationJobArgs{ +// ServicePrincipalId: exampleServicePrincipal.ID(), +// TemplateId: pulumi.String("dataBricks"), +// Enabled: pulumi.Bool(true), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// Synchronization jobs can be imported using the `id`, e.g. +// +// ```sh +// +// $ pulumi import azuread:index/synchronizationJob:SynchronizationJob example 00000000-0000-0000-0000-000000000000/job/dataBricks.f5532fc709734b1a90e8a1fa9fd03a82.8442fd39-2183-419c-8732-74b6ce866bd5 +// +// ``` +// +// -> This ID format is unique to Terraform and is composed of the Service Principal Object ID and the ID of the Synchronization Job Id in the format `{servicePrincipalId}/job/{jobId}`. +type SynchronizationJob struct { + pulumi.CustomResourceState + + // Whether or not the provisioning job is enabled. Default state is `true`. + Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` + // A `schedule` list as documented below. + Schedules SynchronizationJobScheduleArrayOutput `pulumi:"schedules"` + // The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + ServicePrincipalId pulumi.StringOutput `pulumi:"servicePrincipalId"` + // Identifier of the synchronization template this job is based on. + TemplateId pulumi.StringOutput `pulumi:"templateId"` +} + +// NewSynchronizationJob registers a new resource with the given unique name, arguments, and options. +func NewSynchronizationJob(ctx *pulumi.Context, + name string, args *SynchronizationJobArgs, opts ...pulumi.ResourceOption) (*SynchronizationJob, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.ServicePrincipalId == nil { + return nil, errors.New("invalid value for required argument 'ServicePrincipalId'") + } + if args.TemplateId == nil { + return nil, errors.New("invalid value for required argument 'TemplateId'") + } + var resource SynchronizationJob + err := ctx.RegisterResource("azuread:index/synchronizationJob:SynchronizationJob", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetSynchronizationJob gets an existing SynchronizationJob resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetSynchronizationJob(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *SynchronizationJobState, opts ...pulumi.ResourceOption) (*SynchronizationJob, error) { + var resource SynchronizationJob + err := ctx.ReadResource("azuread:index/synchronizationJob:SynchronizationJob", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering SynchronizationJob resources. +type synchronizationJobState struct { + // Whether or not the provisioning job is enabled. Default state is `true`. + Enabled *bool `pulumi:"enabled"` + // A `schedule` list as documented below. + Schedules []SynchronizationJobSchedule `pulumi:"schedules"` + // The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + ServicePrincipalId *string `pulumi:"servicePrincipalId"` + // Identifier of the synchronization template this job is based on. + TemplateId *string `pulumi:"templateId"` +} + +type SynchronizationJobState struct { + // Whether or not the provisioning job is enabled. Default state is `true`. + Enabled pulumi.BoolPtrInput + // A `schedule` list as documented below. + Schedules SynchronizationJobScheduleArrayInput + // The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + ServicePrincipalId pulumi.StringPtrInput + // Identifier of the synchronization template this job is based on. + TemplateId pulumi.StringPtrInput +} + +func (SynchronizationJobState) ElementType() reflect.Type { + return reflect.TypeOf((*synchronizationJobState)(nil)).Elem() +} + +type synchronizationJobArgs struct { + // Whether or not the provisioning job is enabled. Default state is `true`. + Enabled *bool `pulumi:"enabled"` + // The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + ServicePrincipalId string `pulumi:"servicePrincipalId"` + // Identifier of the synchronization template this job is based on. + TemplateId string `pulumi:"templateId"` +} + +// The set of arguments for constructing a SynchronizationJob resource. +type SynchronizationJobArgs struct { + // Whether or not the provisioning job is enabled. Default state is `true`. + Enabled pulumi.BoolPtrInput + // The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + ServicePrincipalId pulumi.StringInput + // Identifier of the synchronization template this job is based on. + TemplateId pulumi.StringInput +} + +func (SynchronizationJobArgs) ElementType() reflect.Type { + return reflect.TypeOf((*synchronizationJobArgs)(nil)).Elem() +} + +type SynchronizationJobInput interface { + pulumi.Input + + ToSynchronizationJobOutput() SynchronizationJobOutput + ToSynchronizationJobOutputWithContext(ctx context.Context) SynchronizationJobOutput +} + +func (*SynchronizationJob) ElementType() reflect.Type { + return reflect.TypeOf((**SynchronizationJob)(nil)).Elem() +} + +func (i *SynchronizationJob) ToSynchronizationJobOutput() SynchronizationJobOutput { + return i.ToSynchronizationJobOutputWithContext(context.Background()) +} + +func (i *SynchronizationJob) ToSynchronizationJobOutputWithContext(ctx context.Context) SynchronizationJobOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationJobOutput) +} + +// SynchronizationJobArrayInput is an input type that accepts SynchronizationJobArray and SynchronizationJobArrayOutput values. +// You can construct a concrete instance of `SynchronizationJobArrayInput` via: +// +// SynchronizationJobArray{ SynchronizationJobArgs{...} } +type SynchronizationJobArrayInput interface { + pulumi.Input + + ToSynchronizationJobArrayOutput() SynchronizationJobArrayOutput + ToSynchronizationJobArrayOutputWithContext(context.Context) SynchronizationJobArrayOutput +} + +type SynchronizationJobArray []SynchronizationJobInput + +func (SynchronizationJobArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SynchronizationJob)(nil)).Elem() +} + +func (i SynchronizationJobArray) ToSynchronizationJobArrayOutput() SynchronizationJobArrayOutput { + return i.ToSynchronizationJobArrayOutputWithContext(context.Background()) +} + +func (i SynchronizationJobArray) ToSynchronizationJobArrayOutputWithContext(ctx context.Context) SynchronizationJobArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationJobArrayOutput) +} + +// SynchronizationJobMapInput is an input type that accepts SynchronizationJobMap and SynchronizationJobMapOutput values. +// You can construct a concrete instance of `SynchronizationJobMapInput` via: +// +// SynchronizationJobMap{ "key": SynchronizationJobArgs{...} } +type SynchronizationJobMapInput interface { + pulumi.Input + + ToSynchronizationJobMapOutput() SynchronizationJobMapOutput + ToSynchronizationJobMapOutputWithContext(context.Context) SynchronizationJobMapOutput +} + +type SynchronizationJobMap map[string]SynchronizationJobInput + +func (SynchronizationJobMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SynchronizationJob)(nil)).Elem() +} + +func (i SynchronizationJobMap) ToSynchronizationJobMapOutput() SynchronizationJobMapOutput { + return i.ToSynchronizationJobMapOutputWithContext(context.Background()) +} + +func (i SynchronizationJobMap) ToSynchronizationJobMapOutputWithContext(ctx context.Context) SynchronizationJobMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationJobMapOutput) +} + +type SynchronizationJobOutput struct{ *pulumi.OutputState } + +func (SynchronizationJobOutput) ElementType() reflect.Type { + return reflect.TypeOf((**SynchronizationJob)(nil)).Elem() +} + +func (o SynchronizationJobOutput) ToSynchronizationJobOutput() SynchronizationJobOutput { + return o +} + +func (o SynchronizationJobOutput) ToSynchronizationJobOutputWithContext(ctx context.Context) SynchronizationJobOutput { + return o +} + +// Whether or not the provisioning job is enabled. Default state is `true`. +func (o SynchronizationJobOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *SynchronizationJob) pulumi.BoolPtrOutput { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// A `schedule` list as documented below. +func (o SynchronizationJobOutput) Schedules() SynchronizationJobScheduleArrayOutput { + return o.ApplyT(func(v *SynchronizationJob) SynchronizationJobScheduleArrayOutput { return v.Schedules }).(SynchronizationJobScheduleArrayOutput) +} + +// The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. +func (o SynchronizationJobOutput) ServicePrincipalId() pulumi.StringOutput { + return o.ApplyT(func(v *SynchronizationJob) pulumi.StringOutput { return v.ServicePrincipalId }).(pulumi.StringOutput) +} + +// Identifier of the synchronization template this job is based on. +func (o SynchronizationJobOutput) TemplateId() pulumi.StringOutput { + return o.ApplyT(func(v *SynchronizationJob) pulumi.StringOutput { return v.TemplateId }).(pulumi.StringOutput) +} + +type SynchronizationJobArrayOutput struct{ *pulumi.OutputState } + +func (SynchronizationJobArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SynchronizationJob)(nil)).Elem() +} + +func (o SynchronizationJobArrayOutput) ToSynchronizationJobArrayOutput() SynchronizationJobArrayOutput { + return o +} + +func (o SynchronizationJobArrayOutput) ToSynchronizationJobArrayOutputWithContext(ctx context.Context) SynchronizationJobArrayOutput { + return o +} + +func (o SynchronizationJobArrayOutput) Index(i pulumi.IntInput) SynchronizationJobOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *SynchronizationJob { + return vs[0].([]*SynchronizationJob)[vs[1].(int)] + }).(SynchronizationJobOutput) +} + +type SynchronizationJobMapOutput struct{ *pulumi.OutputState } + +func (SynchronizationJobMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SynchronizationJob)(nil)).Elem() +} + +func (o SynchronizationJobMapOutput) ToSynchronizationJobMapOutput() SynchronizationJobMapOutput { + return o +} + +func (o SynchronizationJobMapOutput) ToSynchronizationJobMapOutputWithContext(ctx context.Context) SynchronizationJobMapOutput { + return o +} + +func (o SynchronizationJobMapOutput) MapIndex(k pulumi.StringInput) SynchronizationJobOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *SynchronizationJob { + return vs[0].(map[string]*SynchronizationJob)[vs[1].(string)] + }).(SynchronizationJobOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationJobInput)(nil)).Elem(), &SynchronizationJob{}) + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationJobArrayInput)(nil)).Elem(), SynchronizationJobArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationJobMapInput)(nil)).Elem(), SynchronizationJobMap{}) + pulumi.RegisterOutputType(SynchronizationJobOutput{}) + pulumi.RegisterOutputType(SynchronizationJobArrayOutput{}) + pulumi.RegisterOutputType(SynchronizationJobMapOutput{}) +} diff --git a/sdk/go/azuread/synchronizationSecret.go b/sdk/go/azuread/synchronizationSecret.go new file mode 100644 index 000000000..d6553a8a1 --- /dev/null +++ b/sdk/go/azuread/synchronizationSecret.go @@ -0,0 +1,306 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package azuread + +import ( + "context" + "reflect" + + "github.com/pkg/errors" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Manages synchronization secrets associated with a service principal (enterprise application) within Azure Active Directory. +// +// ## API Permissions +// +// The following API permissions are required in order to use this resource. +// +// When authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All` +// +// ## Example Usage +// +// *Basic example* +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// exampleApplicationTemplate, err := azuread.GetApplicationTemplate(ctx, &GetApplicationTemplateArgs{ +// DisplayName: pulumi.StringRef("Azure Databricks SCIM Provisioning Connector"), +// }, nil) +// if err != nil { +// return err +// } +// exampleApplication, err := azuread.NewApplication(ctx, "exampleApplication", &azuread.ApplicationArgs{ +// DisplayName: pulumi.String("example"), +// TemplateId: pulumi.String(exampleApplicationTemplate.TemplateId), +// FeatureTags: ApplicationFeatureTagArray{ +// &ApplicationFeatureTagArgs{ +// Enterprise: pulumi.Bool(true), +// Gallery: pulumi.Bool(true), +// }, +// }, +// }) +// if err != nil { +// return err +// } +// exampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, "exampleServicePrincipal", &azuread.ServicePrincipalArgs{ +// ApplicationId: exampleApplication.ApplicationId, +// UseExisting: pulumi.Bool(true), +// }) +// if err != nil { +// return err +// } +// _, err = azuread.NewSynchronizationSecret(ctx, "exampleSynchronizationSecret", &azuread.SynchronizationSecretArgs{ +// ServicePrincipalId: exampleServicePrincipal.ID(), +// Credentials: SynchronizationSecretCredentialArray{ +// &SynchronizationSecretCredentialArgs{ +// Key: pulumi.String("BaseAddress"), +// Value: pulumi.String("abc"), +// }, +// &SynchronizationSecretCredentialArgs{ +// Key: pulumi.String("SecretToken"), +// Value: pulumi.String("some-token"), +// }, +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// This resource does not support importing. +type SynchronizationSecret struct { + pulumi.CustomResourceState + + // One or more `credential` blocks as documented below. + Credentials SynchronizationSecretCredentialArrayOutput `pulumi:"credentials"` + // The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + ServicePrincipalId pulumi.StringOutput `pulumi:"servicePrincipalId"` +} + +// NewSynchronizationSecret registers a new resource with the given unique name, arguments, and options. +func NewSynchronizationSecret(ctx *pulumi.Context, + name string, args *SynchronizationSecretArgs, opts ...pulumi.ResourceOption) (*SynchronizationSecret, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.ServicePrincipalId == nil { + return nil, errors.New("invalid value for required argument 'ServicePrincipalId'") + } + var resource SynchronizationSecret + err := ctx.RegisterResource("azuread:index/synchronizationSecret:SynchronizationSecret", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetSynchronizationSecret gets an existing SynchronizationSecret resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetSynchronizationSecret(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *SynchronizationSecretState, opts ...pulumi.ResourceOption) (*SynchronizationSecret, error) { + var resource SynchronizationSecret + err := ctx.ReadResource("azuread:index/synchronizationSecret:SynchronizationSecret", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering SynchronizationSecret resources. +type synchronizationSecretState struct { + // One or more `credential` blocks as documented below. + Credentials []SynchronizationSecretCredential `pulumi:"credentials"` + // The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + ServicePrincipalId *string `pulumi:"servicePrincipalId"` +} + +type SynchronizationSecretState struct { + // One or more `credential` blocks as documented below. + Credentials SynchronizationSecretCredentialArrayInput + // The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + ServicePrincipalId pulumi.StringPtrInput +} + +func (SynchronizationSecretState) ElementType() reflect.Type { + return reflect.TypeOf((*synchronizationSecretState)(nil)).Elem() +} + +type synchronizationSecretArgs struct { + // One or more `credential` blocks as documented below. + Credentials []SynchronizationSecretCredential `pulumi:"credentials"` + // The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + ServicePrincipalId string `pulumi:"servicePrincipalId"` +} + +// The set of arguments for constructing a SynchronizationSecret resource. +type SynchronizationSecretArgs struct { + // One or more `credential` blocks as documented below. + Credentials SynchronizationSecretCredentialArrayInput + // The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + ServicePrincipalId pulumi.StringInput +} + +func (SynchronizationSecretArgs) ElementType() reflect.Type { + return reflect.TypeOf((*synchronizationSecretArgs)(nil)).Elem() +} + +type SynchronizationSecretInput interface { + pulumi.Input + + ToSynchronizationSecretOutput() SynchronizationSecretOutput + ToSynchronizationSecretOutputWithContext(ctx context.Context) SynchronizationSecretOutput +} + +func (*SynchronizationSecret) ElementType() reflect.Type { + return reflect.TypeOf((**SynchronizationSecret)(nil)).Elem() +} + +func (i *SynchronizationSecret) ToSynchronizationSecretOutput() SynchronizationSecretOutput { + return i.ToSynchronizationSecretOutputWithContext(context.Background()) +} + +func (i *SynchronizationSecret) ToSynchronizationSecretOutputWithContext(ctx context.Context) SynchronizationSecretOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationSecretOutput) +} + +// SynchronizationSecretArrayInput is an input type that accepts SynchronizationSecretArray and SynchronizationSecretArrayOutput values. +// You can construct a concrete instance of `SynchronizationSecretArrayInput` via: +// +// SynchronizationSecretArray{ SynchronizationSecretArgs{...} } +type SynchronizationSecretArrayInput interface { + pulumi.Input + + ToSynchronizationSecretArrayOutput() SynchronizationSecretArrayOutput + ToSynchronizationSecretArrayOutputWithContext(context.Context) SynchronizationSecretArrayOutput +} + +type SynchronizationSecretArray []SynchronizationSecretInput + +func (SynchronizationSecretArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SynchronizationSecret)(nil)).Elem() +} + +func (i SynchronizationSecretArray) ToSynchronizationSecretArrayOutput() SynchronizationSecretArrayOutput { + return i.ToSynchronizationSecretArrayOutputWithContext(context.Background()) +} + +func (i SynchronizationSecretArray) ToSynchronizationSecretArrayOutputWithContext(ctx context.Context) SynchronizationSecretArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationSecretArrayOutput) +} + +// SynchronizationSecretMapInput is an input type that accepts SynchronizationSecretMap and SynchronizationSecretMapOutput values. +// You can construct a concrete instance of `SynchronizationSecretMapInput` via: +// +// SynchronizationSecretMap{ "key": SynchronizationSecretArgs{...} } +type SynchronizationSecretMapInput interface { + pulumi.Input + + ToSynchronizationSecretMapOutput() SynchronizationSecretMapOutput + ToSynchronizationSecretMapOutputWithContext(context.Context) SynchronizationSecretMapOutput +} + +type SynchronizationSecretMap map[string]SynchronizationSecretInput + +func (SynchronizationSecretMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SynchronizationSecret)(nil)).Elem() +} + +func (i SynchronizationSecretMap) ToSynchronizationSecretMapOutput() SynchronizationSecretMapOutput { + return i.ToSynchronizationSecretMapOutputWithContext(context.Background()) +} + +func (i SynchronizationSecretMap) ToSynchronizationSecretMapOutputWithContext(ctx context.Context) SynchronizationSecretMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationSecretMapOutput) +} + +type SynchronizationSecretOutput struct{ *pulumi.OutputState } + +func (SynchronizationSecretOutput) ElementType() reflect.Type { + return reflect.TypeOf((**SynchronizationSecret)(nil)).Elem() +} + +func (o SynchronizationSecretOutput) ToSynchronizationSecretOutput() SynchronizationSecretOutput { + return o +} + +func (o SynchronizationSecretOutput) ToSynchronizationSecretOutputWithContext(ctx context.Context) SynchronizationSecretOutput { + return o +} + +// One or more `credential` blocks as documented below. +func (o SynchronizationSecretOutput) Credentials() SynchronizationSecretCredentialArrayOutput { + return o.ApplyT(func(v *SynchronizationSecret) SynchronizationSecretCredentialArrayOutput { return v.Credentials }).(SynchronizationSecretCredentialArrayOutput) +} + +// The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. +func (o SynchronizationSecretOutput) ServicePrincipalId() pulumi.StringOutput { + return o.ApplyT(func(v *SynchronizationSecret) pulumi.StringOutput { return v.ServicePrincipalId }).(pulumi.StringOutput) +} + +type SynchronizationSecretArrayOutput struct{ *pulumi.OutputState } + +func (SynchronizationSecretArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SynchronizationSecret)(nil)).Elem() +} + +func (o SynchronizationSecretArrayOutput) ToSynchronizationSecretArrayOutput() SynchronizationSecretArrayOutput { + return o +} + +func (o SynchronizationSecretArrayOutput) ToSynchronizationSecretArrayOutputWithContext(ctx context.Context) SynchronizationSecretArrayOutput { + return o +} + +func (o SynchronizationSecretArrayOutput) Index(i pulumi.IntInput) SynchronizationSecretOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *SynchronizationSecret { + return vs[0].([]*SynchronizationSecret)[vs[1].(int)] + }).(SynchronizationSecretOutput) +} + +type SynchronizationSecretMapOutput struct{ *pulumi.OutputState } + +func (SynchronizationSecretMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SynchronizationSecret)(nil)).Elem() +} + +func (o SynchronizationSecretMapOutput) ToSynchronizationSecretMapOutput() SynchronizationSecretMapOutput { + return o +} + +func (o SynchronizationSecretMapOutput) ToSynchronizationSecretMapOutputWithContext(ctx context.Context) SynchronizationSecretMapOutput { + return o +} + +func (o SynchronizationSecretMapOutput) MapIndex(k pulumi.StringInput) SynchronizationSecretOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *SynchronizationSecret { + return vs[0].(map[string]*SynchronizationSecret)[vs[1].(string)] + }).(SynchronizationSecretOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationSecretInput)(nil)).Elem(), &SynchronizationSecret{}) + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationSecretArrayInput)(nil)).Elem(), SynchronizationSecretArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationSecretMapInput)(nil)).Elem(), SynchronizationSecretMap{}) + pulumi.RegisterOutputType(SynchronizationSecretOutput{}) + pulumi.RegisterOutputType(SynchronizationSecretArrayOutput{}) + pulumi.RegisterOutputType(SynchronizationSecretMapOutput{}) +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/AppRoleAssignment.java b/sdk/java/src/main/java/com/pulumi/azuread/AppRoleAssignment.java index 062018c3c..8793ade1b 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/AppRoleAssignment.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/AppRoleAssignment.java @@ -242,6 +242,57 @@ * } * ``` * + * *Assign a group to the default app role for an internal application* + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.azuread.Application; + * import com.pulumi.azuread.ApplicationArgs; + * import com.pulumi.azuread.ServicePrincipal; + * import com.pulumi.azuread.ServicePrincipalArgs; + * import com.pulumi.azuread.Group; + * import com.pulumi.azuread.GroupArgs; + * import com.pulumi.azuread.AppRoleAssignment; + * import com.pulumi.azuread.AppRoleAssignmentArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var internalApplication = new Application("internalApplication", ApplicationArgs.builder() + * .displayName("internal") + * .build()); + * + * var internalServicePrincipal = new ServicePrincipal("internalServicePrincipal", ServicePrincipalArgs.builder() + * .applicationId(internalApplication.applicationId()) + * .build()); + * + * var exampleGroup = new Group("exampleGroup", GroupArgs.builder() + * .displayName("example") + * .securityEnabled(true) + * .build()); + * + * var exampleAppRoleAssignment = new AppRoleAssignment("exampleAppRoleAssignment", AppRoleAssignmentArgs.builder() + * .appRoleId("00000000-0000-0000-0000-000000000000") + * .principalObjectId(exampleGroup.objectId()) + * .resourceObjectId(internalServicePrincipal.objectId()) + * .build()); + * + * } + * } + * ``` + * * ## Import * * App role assignments can be imported using the object ID of the service principal representing the resource and the ID of the app role assignment (note_not_ the ID of the app role), e.g. @@ -256,14 +307,14 @@ @ResourceType(type="azuread:index/appRoleAssignment:AppRoleAssignment") public class AppRoleAssignment extends com.pulumi.resources.CustomResource { /** - * The ID of the app role to be assigned. Changing this forces a new resource to be created. + * The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. * */ @Export(name="appRoleId", type=String.class, parameters={}) private Output appRoleId; /** - * @return The ID of the app role to be assigned. Changing this forces a new resource to be created. + * @return The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. * */ public Output appRoleId() { diff --git a/sdk/java/src/main/java/com/pulumi/azuread/AppRoleAssignmentArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/AppRoleAssignmentArgs.java index 85cd5c149..57d4389c9 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/AppRoleAssignmentArgs.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/AppRoleAssignmentArgs.java @@ -14,14 +14,14 @@ public final class AppRoleAssignmentArgs extends com.pulumi.resources.ResourceAr public static final AppRoleAssignmentArgs Empty = new AppRoleAssignmentArgs(); /** - * The ID of the app role to be assigned. Changing this forces a new resource to be created. + * The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. * */ @Import(name="appRoleId", required=true) private Output appRoleId; /** - * @return The ID of the app role to be assigned. Changing this forces a new resource to be created. + * @return The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. * */ public Output appRoleId() { @@ -85,7 +85,7 @@ public Builder(AppRoleAssignmentArgs defaults) { } /** - * @param appRoleId The ID of the app role to be assigned. Changing this forces a new resource to be created. + * @param appRoleId The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. * * @return builder * @@ -96,7 +96,7 @@ public Builder appRoleId(Output appRoleId) { } /** - * @param appRoleId The ID of the app role to be assigned. Changing this forces a new resource to be created. + * @param appRoleId The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationJob.java b/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationJob.java new file mode 100644 index 000000000..bdbe4920f --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationJob.java @@ -0,0 +1,222 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread; + +import com.pulumi.azuread.SynchronizationJobArgs; +import com.pulumi.azuread.Utilities; +import com.pulumi.azuread.inputs.SynchronizationJobState; +import com.pulumi.azuread.outputs.SynchronizationJobSchedule; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * Manages a synchronization job associated with a service principal (enterprise application) within Azure Active Directory. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All` + * + * ## Example Usage + * + * *Basic example* + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.azuread.AzureadFunctions; + * import com.pulumi.azuread.inputs.GetApplicationTemplateArgs; + * import com.pulumi.azuread.Application; + * import com.pulumi.azuread.ApplicationArgs; + * import com.pulumi.azuread.inputs.ApplicationFeatureTagArgs; + * import com.pulumi.azuread.ServicePrincipal; + * import com.pulumi.azuread.ServicePrincipalArgs; + * import com.pulumi.azuread.SynchronizationSecret; + * import com.pulumi.azuread.SynchronizationSecretArgs; + * import com.pulumi.azuread.inputs.SynchronizationSecretCredentialArgs; + * import com.pulumi.azuread.SynchronizationJob; + * import com.pulumi.azuread.SynchronizationJobArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var exampleApplicationTemplate = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder() + * .displayName("Azure Databricks SCIM Provisioning Connector") + * .build()); + * + * var exampleApplication = new Application("exampleApplication", ApplicationArgs.builder() + * .displayName("example") + * .templateId(exampleApplicationTemplate.applyValue(getApplicationTemplateResult -> getApplicationTemplateResult.templateId())) + * .featureTags(ApplicationFeatureTagArgs.builder() + * .enterprise(true) + * .gallery(true) + * .build()) + * .build()); + * + * var exampleServicePrincipal = new ServicePrincipal("exampleServicePrincipal", ServicePrincipalArgs.builder() + * .applicationId(exampleApplication.applicationId()) + * .useExisting(true) + * .build()); + * + * var exampleSynchronizationSecret = new SynchronizationSecret("exampleSynchronizationSecret", SynchronizationSecretArgs.builder() + * .servicePrincipalId(exampleServicePrincipal.id()) + * .credentials( + * SynchronizationSecretCredentialArgs.builder() + * .key("BaseAddress") + * .value("https://adb-example.azuredatabricks.net/api/2.0/preview/scim") + * .build(), + * SynchronizationSecretCredentialArgs.builder() + * .key("SecretToken") + * .value("some-token") + * .build()) + * .build()); + * + * var exampleSynchronizationJob = new SynchronizationJob("exampleSynchronizationJob", SynchronizationJobArgs.builder() + * .servicePrincipalId(exampleServicePrincipal.id()) + * .templateId("dataBricks") + * .enabled(true) + * .build()); + * + * } + * } + * ``` + * + * ## Import + * + * Synchronization jobs can be imported using the `id`, e.g. + * + * ```sh + * $ pulumi import azuread:index/synchronizationJob:SynchronizationJob example 00000000-0000-0000-0000-000000000000/job/dataBricks.f5532fc709734b1a90e8a1fa9fd03a82.8442fd39-2183-419c-8732-74b6ce866bd5 + * ``` + * + * -> This ID format is unique to Terraform and is composed of the Service Principal Object ID and the ID of the Synchronization Job Id in the format `{servicePrincipalId}/job/{jobId}`. + * + */ +@ResourceType(type="azuread:index/synchronizationJob:SynchronizationJob") +public class SynchronizationJob extends com.pulumi.resources.CustomResource { + /** + * Whether or not the provisioning job is enabled. Default state is `true`. + * + */ + @Export(name="enabled", type=Boolean.class, parameters={}) + private Output enabled; + + /** + * @return Whether or not the provisioning job is enabled. Default state is `true`. + * + */ + public Output> enabled() { + return Codegen.optional(this.enabled); + } + /** + * A `schedule` list as documented below. + * + */ + @Export(name="schedules", type=List.class, parameters={SynchronizationJobSchedule.class}) + private Output> schedules; + + /** + * @return A `schedule` list as documented below. + * + */ + public Output> schedules() { + return this.schedules; + } + /** + * The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + * + */ + @Export(name="servicePrincipalId", type=String.class, parameters={}) + private Output servicePrincipalId; + + /** + * @return The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + * + */ + public Output servicePrincipalId() { + return this.servicePrincipalId; + } + /** + * Identifier of the synchronization template this job is based on. + * + */ + @Export(name="templateId", type=String.class, parameters={}) + private Output templateId; + + /** + * @return Identifier of the synchronization template this job is based on. + * + */ + public Output templateId() { + return this.templateId; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public SynchronizationJob(String name) { + this(name, SynchronizationJobArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public SynchronizationJob(String name, SynchronizationJobArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public SynchronizationJob(String name, SynchronizationJobArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("azuread:index/synchronizationJob:SynchronizationJob", name, args == null ? SynchronizationJobArgs.Empty : args, makeResourceOptions(options, Codegen.empty())); + } + + private SynchronizationJob(String name, Output id, @Nullable SynchronizationJobState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("azuread:index/synchronizationJob:SynchronizationJob", name, state, makeResourceOptions(options, id)); + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static SynchronizationJob get(String name, Output id, @Nullable SynchronizationJobState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new SynchronizationJob(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationJobArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationJobArgs.java new file mode 100644 index 000000000..7f9acd434 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationJobArgs.java @@ -0,0 +1,160 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SynchronizationJobArgs extends com.pulumi.resources.ResourceArgs { + + public static final SynchronizationJobArgs Empty = new SynchronizationJobArgs(); + + /** + * Whether or not the provisioning job is enabled. Default state is `true`. + * + */ + @Import(name="enabled") + private @Nullable Output enabled; + + /** + * @return Whether or not the provisioning job is enabled. Default state is `true`. + * + */ + public Optional> enabled() { + return Optional.ofNullable(this.enabled); + } + + /** + * The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + * + */ + @Import(name="servicePrincipalId", required=true) + private Output servicePrincipalId; + + /** + * @return The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + * + */ + public Output servicePrincipalId() { + return this.servicePrincipalId; + } + + /** + * Identifier of the synchronization template this job is based on. + * + */ + @Import(name="templateId", required=true) + private Output templateId; + + /** + * @return Identifier of the synchronization template this job is based on. + * + */ + public Output templateId() { + return this.templateId; + } + + private SynchronizationJobArgs() {} + + private SynchronizationJobArgs(SynchronizationJobArgs $) { + this.enabled = $.enabled; + this.servicePrincipalId = $.servicePrincipalId; + this.templateId = $.templateId; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SynchronizationJobArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SynchronizationJobArgs $; + + public Builder() { + $ = new SynchronizationJobArgs(); + } + + public Builder(SynchronizationJobArgs defaults) { + $ = new SynchronizationJobArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param enabled Whether or not the provisioning job is enabled. Default state is `true`. + * + * @return builder + * + */ + public Builder enabled(@Nullable Output enabled) { + $.enabled = enabled; + return this; + } + + /** + * @param enabled Whether or not the provisioning job is enabled. Default state is `true`. + * + * @return builder + * + */ + public Builder enabled(Boolean enabled) { + return enabled(Output.of(enabled)); + } + + /** + * @param servicePrincipalId The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + * + * @return builder + * + */ + public Builder servicePrincipalId(Output servicePrincipalId) { + $.servicePrincipalId = servicePrincipalId; + return this; + } + + /** + * @param servicePrincipalId The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + * + * @return builder + * + */ + public Builder servicePrincipalId(String servicePrincipalId) { + return servicePrincipalId(Output.of(servicePrincipalId)); + } + + /** + * @param templateId Identifier of the synchronization template this job is based on. + * + * @return builder + * + */ + public Builder templateId(Output templateId) { + $.templateId = templateId; + return this; + } + + /** + * @param templateId Identifier of the synchronization template this job is based on. + * + * @return builder + * + */ + public Builder templateId(String templateId) { + return templateId(Output.of(templateId)); + } + + public SynchronizationJobArgs build() { + $.servicePrincipalId = Objects.requireNonNull($.servicePrincipalId, "expected parameter 'servicePrincipalId' to be non-null"); + $.templateId = Objects.requireNonNull($.templateId, "expected parameter 'templateId' to be non-null"); + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationSecret.java b/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationSecret.java new file mode 100644 index 000000000..97e0441b3 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationSecret.java @@ -0,0 +1,179 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread; + +import com.pulumi.azuread.SynchronizationSecretArgs; +import com.pulumi.azuread.Utilities; +import com.pulumi.azuread.inputs.SynchronizationSecretState; +import com.pulumi.azuread.outputs.SynchronizationSecretCredential; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import java.lang.String; +import java.util.List; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * Manages synchronization secrets associated with a service principal (enterprise application) within Azure Active Directory. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All` + * + * ## Example Usage + * + * *Basic example* + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.azuread.AzureadFunctions; + * import com.pulumi.azuread.inputs.GetApplicationTemplateArgs; + * import com.pulumi.azuread.Application; + * import com.pulumi.azuread.ApplicationArgs; + * import com.pulumi.azuread.inputs.ApplicationFeatureTagArgs; + * import com.pulumi.azuread.ServicePrincipal; + * import com.pulumi.azuread.ServicePrincipalArgs; + * import com.pulumi.azuread.SynchronizationSecret; + * import com.pulumi.azuread.SynchronizationSecretArgs; + * import com.pulumi.azuread.inputs.SynchronizationSecretCredentialArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var exampleApplicationTemplate = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder() + * .displayName("Azure Databricks SCIM Provisioning Connector") + * .build()); + * + * var exampleApplication = new Application("exampleApplication", ApplicationArgs.builder() + * .displayName("example") + * .templateId(exampleApplicationTemplate.applyValue(getApplicationTemplateResult -> getApplicationTemplateResult.templateId())) + * .featureTags(ApplicationFeatureTagArgs.builder() + * .enterprise(true) + * .gallery(true) + * .build()) + * .build()); + * + * var exampleServicePrincipal = new ServicePrincipal("exampleServicePrincipal", ServicePrincipalArgs.builder() + * .applicationId(exampleApplication.applicationId()) + * .useExisting(true) + * .build()); + * + * var exampleSynchronizationSecret = new SynchronizationSecret("exampleSynchronizationSecret", SynchronizationSecretArgs.builder() + * .servicePrincipalId(exampleServicePrincipal.id()) + * .credentials( + * SynchronizationSecretCredentialArgs.builder() + * .key("BaseAddress") + * .value("abc") + * .build(), + * SynchronizationSecretCredentialArgs.builder() + * .key("SecretToken") + * .value("some-token") + * .build()) + * .build()); + * + * } + * } + * ``` + * + * ## Import + * + * This resource does not support importing. + * + */ +@ResourceType(type="azuread:index/synchronizationSecret:SynchronizationSecret") +public class SynchronizationSecret extends com.pulumi.resources.CustomResource { + /** + * One or more `credential` blocks as documented below. + * + */ + @Export(name="credentials", type=List.class, parameters={SynchronizationSecretCredential.class}) + private Output> credentials; + + /** + * @return One or more `credential` blocks as documented below. + * + */ + public Output>> credentials() { + return Codegen.optional(this.credentials); + } + /** + * The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + * + */ + @Export(name="servicePrincipalId", type=String.class, parameters={}) + private Output servicePrincipalId; + + /** + * @return The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + * + */ + public Output servicePrincipalId() { + return this.servicePrincipalId; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public SynchronizationSecret(String name) { + this(name, SynchronizationSecretArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public SynchronizationSecret(String name, SynchronizationSecretArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public SynchronizationSecret(String name, SynchronizationSecretArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("azuread:index/synchronizationSecret:SynchronizationSecret", name, args == null ? SynchronizationSecretArgs.Empty : args, makeResourceOptions(options, Codegen.empty())); + } + + private SynchronizationSecret(String name, Output id, @Nullable SynchronizationSecretState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("azuread:index/synchronizationSecret:SynchronizationSecret", name, state, makeResourceOptions(options, id)); + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static SynchronizationSecret get(String name, Output id, @Nullable SynchronizationSecretState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new SynchronizationSecret(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationSecretArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationSecretArgs.java new file mode 100644 index 000000000..5eef5a91d --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationSecretArgs.java @@ -0,0 +1,133 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread; + +import com.pulumi.azuread.inputs.SynchronizationSecretCredentialArgs; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SynchronizationSecretArgs extends com.pulumi.resources.ResourceArgs { + + public static final SynchronizationSecretArgs Empty = new SynchronizationSecretArgs(); + + /** + * One or more `credential` blocks as documented below. + * + */ + @Import(name="credentials") + private @Nullable Output> credentials; + + /** + * @return One or more `credential` blocks as documented below. + * + */ + public Optional>> credentials() { + return Optional.ofNullable(this.credentials); + } + + /** + * The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + * + */ + @Import(name="servicePrincipalId", required=true) + private Output servicePrincipalId; + + /** + * @return The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + * + */ + public Output servicePrincipalId() { + return this.servicePrincipalId; + } + + private SynchronizationSecretArgs() {} + + private SynchronizationSecretArgs(SynchronizationSecretArgs $) { + this.credentials = $.credentials; + this.servicePrincipalId = $.servicePrincipalId; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SynchronizationSecretArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SynchronizationSecretArgs $; + + public Builder() { + $ = new SynchronizationSecretArgs(); + } + + public Builder(SynchronizationSecretArgs defaults) { + $ = new SynchronizationSecretArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param credentials One or more `credential` blocks as documented below. + * + * @return builder + * + */ + public Builder credentials(@Nullable Output> credentials) { + $.credentials = credentials; + return this; + } + + /** + * @param credentials One or more `credential` blocks as documented below. + * + * @return builder + * + */ + public Builder credentials(List credentials) { + return credentials(Output.of(credentials)); + } + + /** + * @param credentials One or more `credential` blocks as documented below. + * + * @return builder + * + */ + public Builder credentials(SynchronizationSecretCredentialArgs... credentials) { + return credentials(List.of(credentials)); + } + + /** + * @param servicePrincipalId The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + * + * @return builder + * + */ + public Builder servicePrincipalId(Output servicePrincipalId) { + $.servicePrincipalId = servicePrincipalId; + return this; + } + + /** + * @param servicePrincipalId The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + * + * @return builder + * + */ + public Builder servicePrincipalId(String servicePrincipalId) { + return servicePrincipalId(Output.of(servicePrincipalId)); + } + + public SynchronizationSecretArgs build() { + $.servicePrincipalId = Objects.requireNonNull($.servicePrincipalId, "expected parameter 'servicePrincipalId' to be non-null"); + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/AppRoleAssignmentState.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/AppRoleAssignmentState.java index 949ef25d8..edb47a7ec 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/inputs/AppRoleAssignmentState.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/AppRoleAssignmentState.java @@ -16,14 +16,14 @@ public final class AppRoleAssignmentState extends com.pulumi.resources.ResourceA public static final AppRoleAssignmentState Empty = new AppRoleAssignmentState(); /** - * The ID of the app role to be assigned. Changing this forces a new resource to be created. + * The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. * */ @Import(name="appRoleId") private @Nullable Output appRoleId; /** - * @return The ID of the app role to be assigned. Changing this forces a new resource to be created. + * @return The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. * */ public Optional> appRoleId() { @@ -135,7 +135,7 @@ public Builder(AppRoleAssignmentState defaults) { } /** - * @param appRoleId The ID of the app role to be assigned. Changing this forces a new resource to be created. + * @param appRoleId The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. * * @return builder * @@ -146,7 +146,7 @@ public Builder appRoleId(@Nullable Output appRoleId) { } /** - * @param appRoleId The ID of the app role to be assigned. Changing this forces a new resource to be created. + * @param appRoleId The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobScheduleArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobScheduleArgs.java new file mode 100644 index 000000000..478023d70 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobScheduleArgs.java @@ -0,0 +1,157 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SynchronizationJobScheduleArgs extends com.pulumi.resources.ResourceArgs { + + public static final SynchronizationJobScheduleArgs Empty = new SynchronizationJobScheduleArgs(); + + /** + * Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + */ + @Import(name="expiration") + private @Nullable Output expiration; + + /** + * @return Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + */ + public Optional> expiration() { + return Optional.ofNullable(this.expiration); + } + + /** + * The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + * + */ + @Import(name="interval") + private @Nullable Output interval; + + /** + * @return The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + * + */ + public Optional> interval() { + return Optional.ofNullable(this.interval); + } + + /** + * State of the job. + * + */ + @Import(name="state") + private @Nullable Output state; + + /** + * @return State of the job. + * + */ + public Optional> state() { + return Optional.ofNullable(this.state); + } + + private SynchronizationJobScheduleArgs() {} + + private SynchronizationJobScheduleArgs(SynchronizationJobScheduleArgs $) { + this.expiration = $.expiration; + this.interval = $.interval; + this.state = $.state; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SynchronizationJobScheduleArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SynchronizationJobScheduleArgs $; + + public Builder() { + $ = new SynchronizationJobScheduleArgs(); + } + + public Builder(SynchronizationJobScheduleArgs defaults) { + $ = new SynchronizationJobScheduleArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param expiration Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + * @return builder + * + */ + public Builder expiration(@Nullable Output expiration) { + $.expiration = expiration; + return this; + } + + /** + * @param expiration Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + * @return builder + * + */ + public Builder expiration(String expiration) { + return expiration(Output.of(expiration)); + } + + /** + * @param interval The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + * + * @return builder + * + */ + public Builder interval(@Nullable Output interval) { + $.interval = interval; + return this; + } + + /** + * @param interval The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + * + * @return builder + * + */ + public Builder interval(String interval) { + return interval(Output.of(interval)); + } + + /** + * @param state State of the job. + * + * @return builder + * + */ + public Builder state(@Nullable Output state) { + $.state = state; + return this; + } + + /** + * @param state State of the job. + * + * @return builder + * + */ + public Builder state(String state) { + return state(Output.of(state)); + } + + public SynchronizationJobScheduleArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobState.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobState.java new file mode 100644 index 000000000..648daf486 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobState.java @@ -0,0 +1,207 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.azuread.inputs.SynchronizationJobScheduleArgs; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SynchronizationJobState extends com.pulumi.resources.ResourceArgs { + + public static final SynchronizationJobState Empty = new SynchronizationJobState(); + + /** + * Whether or not the provisioning job is enabled. Default state is `true`. + * + */ + @Import(name="enabled") + private @Nullable Output enabled; + + /** + * @return Whether or not the provisioning job is enabled. Default state is `true`. + * + */ + public Optional> enabled() { + return Optional.ofNullable(this.enabled); + } + + /** + * A `schedule` list as documented below. + * + */ + @Import(name="schedules") + private @Nullable Output> schedules; + + /** + * @return A `schedule` list as documented below. + * + */ + public Optional>> schedules() { + return Optional.ofNullable(this.schedules); + } + + /** + * The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + * + */ + @Import(name="servicePrincipalId") + private @Nullable Output servicePrincipalId; + + /** + * @return The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + * + */ + public Optional> servicePrincipalId() { + return Optional.ofNullable(this.servicePrincipalId); + } + + /** + * Identifier of the synchronization template this job is based on. + * + */ + @Import(name="templateId") + private @Nullable Output templateId; + + /** + * @return Identifier of the synchronization template this job is based on. + * + */ + public Optional> templateId() { + return Optional.ofNullable(this.templateId); + } + + private SynchronizationJobState() {} + + private SynchronizationJobState(SynchronizationJobState $) { + this.enabled = $.enabled; + this.schedules = $.schedules; + this.servicePrincipalId = $.servicePrincipalId; + this.templateId = $.templateId; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SynchronizationJobState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SynchronizationJobState $; + + public Builder() { + $ = new SynchronizationJobState(); + } + + public Builder(SynchronizationJobState defaults) { + $ = new SynchronizationJobState(Objects.requireNonNull(defaults)); + } + + /** + * @param enabled Whether or not the provisioning job is enabled. Default state is `true`. + * + * @return builder + * + */ + public Builder enabled(@Nullable Output enabled) { + $.enabled = enabled; + return this; + } + + /** + * @param enabled Whether or not the provisioning job is enabled. Default state is `true`. + * + * @return builder + * + */ + public Builder enabled(Boolean enabled) { + return enabled(Output.of(enabled)); + } + + /** + * @param schedules A `schedule` list as documented below. + * + * @return builder + * + */ + public Builder schedules(@Nullable Output> schedules) { + $.schedules = schedules; + return this; + } + + /** + * @param schedules A `schedule` list as documented below. + * + * @return builder + * + */ + public Builder schedules(List schedules) { + return schedules(Output.of(schedules)); + } + + /** + * @param schedules A `schedule` list as documented below. + * + * @return builder + * + */ + public Builder schedules(SynchronizationJobScheduleArgs... schedules) { + return schedules(List.of(schedules)); + } + + /** + * @param servicePrincipalId The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + * + * @return builder + * + */ + public Builder servicePrincipalId(@Nullable Output servicePrincipalId) { + $.servicePrincipalId = servicePrincipalId; + return this; + } + + /** + * @param servicePrincipalId The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + * + * @return builder + * + */ + public Builder servicePrincipalId(String servicePrincipalId) { + return servicePrincipalId(Output.of(servicePrincipalId)); + } + + /** + * @param templateId Identifier of the synchronization template this job is based on. + * + * @return builder + * + */ + public Builder templateId(@Nullable Output templateId) { + $.templateId = templateId; + return this; + } + + /** + * @param templateId Identifier of the synchronization template this job is based on. + * + * @return builder + * + */ + public Builder templateId(String templateId) { + return templateId(Output.of(templateId)); + } + + public SynchronizationJobState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationSecretCredentialArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationSecretCredentialArgs.java new file mode 100644 index 000000000..fe2584f3b --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationSecretCredentialArgs.java @@ -0,0 +1,120 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.Objects; + + +public final class SynchronizationSecretCredentialArgs extends com.pulumi.resources.ResourceArgs { + + public static final SynchronizationSecretCredentialArgs Empty = new SynchronizationSecretCredentialArgs(); + + /** + * The key of the secret. + * + */ + @Import(name="key", required=true) + private Output key; + + /** + * @return The key of the secret. + * + */ + public Output key() { + return this.key; + } + + /** + * The value of the secret. + * + */ + @Import(name="value", required=true) + private Output value; + + /** + * @return The value of the secret. + * + */ + public Output value() { + return this.value; + } + + private SynchronizationSecretCredentialArgs() {} + + private SynchronizationSecretCredentialArgs(SynchronizationSecretCredentialArgs $) { + this.key = $.key; + this.value = $.value; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SynchronizationSecretCredentialArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SynchronizationSecretCredentialArgs $; + + public Builder() { + $ = new SynchronizationSecretCredentialArgs(); + } + + public Builder(SynchronizationSecretCredentialArgs defaults) { + $ = new SynchronizationSecretCredentialArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param key The key of the secret. + * + * @return builder + * + */ + public Builder key(Output key) { + $.key = key; + return this; + } + + /** + * @param key The key of the secret. + * + * @return builder + * + */ + public Builder key(String key) { + return key(Output.of(key)); + } + + /** + * @param value The value of the secret. + * + * @return builder + * + */ + public Builder value(Output value) { + $.value = value; + return this; + } + + /** + * @param value The value of the secret. + * + * @return builder + * + */ + public Builder value(String value) { + return value(Output.of(value)); + } + + public SynchronizationSecretCredentialArgs build() { + $.key = Objects.requireNonNull($.key, "expected parameter 'key' to be non-null"); + $.value = Objects.requireNonNull($.value, "expected parameter 'value' to be non-null"); + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationSecretState.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationSecretState.java new file mode 100644 index 000000000..87287e3ce --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationSecretState.java @@ -0,0 +1,132 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.azuread.inputs.SynchronizationSecretCredentialArgs; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SynchronizationSecretState extends com.pulumi.resources.ResourceArgs { + + public static final SynchronizationSecretState Empty = new SynchronizationSecretState(); + + /** + * One or more `credential` blocks as documented below. + * + */ + @Import(name="credentials") + private @Nullable Output> credentials; + + /** + * @return One or more `credential` blocks as documented below. + * + */ + public Optional>> credentials() { + return Optional.ofNullable(this.credentials); + } + + /** + * The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + * + */ + @Import(name="servicePrincipalId") + private @Nullable Output servicePrincipalId; + + /** + * @return The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + * + */ + public Optional> servicePrincipalId() { + return Optional.ofNullable(this.servicePrincipalId); + } + + private SynchronizationSecretState() {} + + private SynchronizationSecretState(SynchronizationSecretState $) { + this.credentials = $.credentials; + this.servicePrincipalId = $.servicePrincipalId; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SynchronizationSecretState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SynchronizationSecretState $; + + public Builder() { + $ = new SynchronizationSecretState(); + } + + public Builder(SynchronizationSecretState defaults) { + $ = new SynchronizationSecretState(Objects.requireNonNull(defaults)); + } + + /** + * @param credentials One or more `credential` blocks as documented below. + * + * @return builder + * + */ + public Builder credentials(@Nullable Output> credentials) { + $.credentials = credentials; + return this; + } + + /** + * @param credentials One or more `credential` blocks as documented below. + * + * @return builder + * + */ + public Builder credentials(List credentials) { + return credentials(Output.of(credentials)); + } + + /** + * @param credentials One or more `credential` blocks as documented below. + * + * @return builder + * + */ + public Builder credentials(SynchronizationSecretCredentialArgs... credentials) { + return credentials(List.of(credentials)); + } + + /** + * @param servicePrincipalId The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + * + * @return builder + * + */ + public Builder servicePrincipalId(@Nullable Output servicePrincipalId) { + $.servicePrincipalId = servicePrincipalId; + return this; + } + + /** + * @param servicePrincipalId The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + * + * @return builder + * + */ + public Builder servicePrincipalId(String servicePrincipalId) { + return servicePrincipalId(Output.of(servicePrincipalId)); + } + + public SynchronizationSecretState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/SynchronizationJobSchedule.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/SynchronizationJobSchedule.java new file mode 100644 index 000000000..a03a630b6 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/SynchronizationJobSchedule.java @@ -0,0 +1,96 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class SynchronizationJobSchedule { + /** + * @return Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + */ + private @Nullable String expiration; + /** + * @return The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + * + */ + private @Nullable String interval; + /** + * @return State of the job. + * + */ + private @Nullable String state; + + private SynchronizationJobSchedule() {} + /** + * @return Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + * + */ + public Optional expiration() { + return Optional.ofNullable(this.expiration); + } + /** + * @return The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + * + */ + public Optional interval() { + return Optional.ofNullable(this.interval); + } + /** + * @return State of the job. + * + */ + public Optional state() { + return Optional.ofNullable(this.state); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(SynchronizationJobSchedule defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String expiration; + private @Nullable String interval; + private @Nullable String state; + public Builder() {} + public Builder(SynchronizationJobSchedule defaults) { + Objects.requireNonNull(defaults); + this.expiration = defaults.expiration; + this.interval = defaults.interval; + this.state = defaults.state; + } + + @CustomType.Setter + public Builder expiration(@Nullable String expiration) { + this.expiration = expiration; + return this; + } + @CustomType.Setter + public Builder interval(@Nullable String interval) { + this.interval = interval; + return this; + } + @CustomType.Setter + public Builder state(@Nullable String state) { + this.state = state; + return this; + } + public SynchronizationJobSchedule build() { + final var o = new SynchronizationJobSchedule(); + o.expiration = expiration; + o.interval = interval; + o.state = state; + return o; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/SynchronizationSecretCredential.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/SynchronizationSecretCredential.java new file mode 100644 index 000000000..6c4b6aa4a --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/SynchronizationSecretCredential.java @@ -0,0 +1,74 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.String; +import java.util.Objects; + +@CustomType +public final class SynchronizationSecretCredential { + /** + * @return The key of the secret. + * + */ + private String key; + /** + * @return The value of the secret. + * + */ + private String value; + + private SynchronizationSecretCredential() {} + /** + * @return The key of the secret. + * + */ + public String key() { + return this.key; + } + /** + * @return The value of the secret. + * + */ + public String value() { + return this.value; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(SynchronizationSecretCredential defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private String key; + private String value; + public Builder() {} + public Builder(SynchronizationSecretCredential defaults) { + Objects.requireNonNull(defaults); + this.key = defaults.key; + this.value = defaults.value; + } + + @CustomType.Setter + public Builder key(String key) { + this.key = Objects.requireNonNull(key); + return this; + } + @CustomType.Setter + public Builder value(String value) { + this.value = Objects.requireNonNull(value); + return this; + } + public SynchronizationSecretCredential build() { + final var o = new SynchronizationSecretCredential(); + o.key = key; + o.value = value; + return o; + } + } +} diff --git a/sdk/nodejs/appRoleAssignment.ts b/sdk/nodejs/appRoleAssignment.ts index 11a3b6226..18dee673f 100644 --- a/sdk/nodejs/appRoleAssignment.ts +++ b/sdk/nodejs/appRoleAssignment.ts @@ -133,6 +133,25 @@ import * as utilities from "./utilities"; * }); * ``` * + * *Assign a group to the default app role for an internal application* + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as azuread from "@pulumi/azuread"; + * + * const internalApplication = new azuread.Application("internalApplication", {displayName: "internal"}); + * const internalServicePrincipal = new azuread.ServicePrincipal("internalServicePrincipal", {applicationId: internalApplication.applicationId}); + * const exampleGroup = new azuread.Group("exampleGroup", { + * displayName: "example", + * securityEnabled: true, + * }); + * const exampleAppRoleAssignment = new azuread.AppRoleAssignment("exampleAppRoleAssignment", { + * appRoleId: "00000000-0000-0000-0000-000000000000", + * principalObjectId: exampleGroup.objectId, + * resourceObjectId: internalServicePrincipal.objectId, + * }); + * ``` + * * ## Import * * App role assignments can be imported using the object ID of the service principal representing the resource and the ID of the app role assignment (note_not_ the ID of the app role), e.g. @@ -172,7 +191,7 @@ export class AppRoleAssignment extends pulumi.CustomResource { } /** - * The ID of the app role to be assigned. Changing this forces a new resource to be created. + * The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. */ public readonly appRoleId!: pulumi.Output; /** @@ -243,7 +262,7 @@ export class AppRoleAssignment extends pulumi.CustomResource { */ export interface AppRoleAssignmentState { /** - * The ID of the app role to be assigned. Changing this forces a new resource to be created. + * The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. */ appRoleId?: pulumi.Input; /** @@ -273,7 +292,7 @@ export interface AppRoleAssignmentState { */ export interface AppRoleAssignmentArgs { /** - * The ID of the app role to be assigned. Changing this forces a new resource to be created. + * The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. */ appRoleId: pulumi.Input; /** diff --git a/sdk/nodejs/index.ts b/sdk/nodejs/index.ts index 139d0e261..30c17e4c3 100644 --- a/sdk/nodejs/index.ts +++ b/sdk/nodejs/index.ts @@ -42,6 +42,8 @@ export * from "./servicePrincipalCertificate"; export * from "./servicePrincipalClaimsMappingPolicyAssignment"; export * from "./servicePrincipalDelegatedPermissionGrant"; export * from "./servicePrincipalPassword"; +export * from "./synchronizationJob"; +export * from "./synchronizationSecret"; export * from "./user"; // Export sub-modules: @@ -77,6 +79,8 @@ import { ServicePrincipalCertificate } from "./servicePrincipalCertificate"; import { ServicePrincipalClaimsMappingPolicyAssignment } from "./servicePrincipalClaimsMappingPolicyAssignment"; import { ServicePrincipalDelegatedPermissionGrant } from "./servicePrincipalDelegatedPermissionGrant"; import { ServicePrincipalPassword } from "./servicePrincipalPassword"; +import { SynchronizationJob } from "./synchronizationJob"; +import { SynchronizationSecret } from "./synchronizationSecret"; import { User } from "./user"; const _module = { @@ -129,6 +133,10 @@ const _module = { return new ServicePrincipalDelegatedPermissionGrant(name, undefined, { urn }) case "azuread:index/servicePrincipalPassword:ServicePrincipalPassword": return new ServicePrincipalPassword(name, undefined, { urn }) + case "azuread:index/synchronizationJob:SynchronizationJob": + return new SynchronizationJob(name, undefined, { urn }) + case "azuread:index/synchronizationSecret:SynchronizationSecret": + return new SynchronizationSecret(name, undefined, { urn }) case "azuread:index/user:User": return new User(name, undefined, { urn }) default: @@ -159,6 +167,8 @@ pulumi.runtime.registerResourceModule("azuread", "index/servicePrincipalCertific pulumi.runtime.registerResourceModule("azuread", "index/servicePrincipalClaimsMappingPolicyAssignment", _module) pulumi.runtime.registerResourceModule("azuread", "index/servicePrincipalDelegatedPermissionGrant", _module) pulumi.runtime.registerResourceModule("azuread", "index/servicePrincipalPassword", _module) +pulumi.runtime.registerResourceModule("azuread", "index/synchronizationJob", _module) +pulumi.runtime.registerResourceModule("azuread", "index/synchronizationSecret", _module) pulumi.runtime.registerResourceModule("azuread", "index/user", _module) import { Provider } from "./provider"; diff --git a/sdk/nodejs/synchronizationJob.ts b/sdk/nodejs/synchronizationJob.ts new file mode 100644 index 000000000..fc75ba7ca --- /dev/null +++ b/sdk/nodejs/synchronizationJob.ts @@ -0,0 +1,188 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import { input as inputs, output as outputs } from "./types"; +import * as utilities from "./utilities"; + +/** + * Manages a synchronization job associated with a service principal (enterprise application) within Azure Active Directory. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All` + * + * ## Example Usage + * + * *Basic example* + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as azuread from "@pulumi/azuread"; + * + * const exampleApplicationTemplate = azuread.getApplicationTemplate({ + * displayName: "Azure Databricks SCIM Provisioning Connector", + * }); + * const exampleApplication = new azuread.Application("exampleApplication", { + * displayName: "example", + * templateId: exampleApplicationTemplate.then(exampleApplicationTemplate => exampleApplicationTemplate.templateId), + * featureTags: [{ + * enterprise: true, + * gallery: true, + * }], + * }); + * const exampleServicePrincipal = new azuread.ServicePrincipal("exampleServicePrincipal", { + * applicationId: exampleApplication.applicationId, + * useExisting: true, + * }); + * const exampleSynchronizationSecret = new azuread.SynchronizationSecret("exampleSynchronizationSecret", { + * servicePrincipalId: exampleServicePrincipal.id, + * credentials: [ + * { + * key: "BaseAddress", + * value: "https://adb-example.azuredatabricks.net/api/2.0/preview/scim", + * }, + * { + * key: "SecretToken", + * value: "some-token", + * }, + * ], + * }); + * const exampleSynchronizationJob = new azuread.SynchronizationJob("exampleSynchronizationJob", { + * servicePrincipalId: exampleServicePrincipal.id, + * templateId: "dataBricks", + * enabled: true, + * }); + * ``` + * + * ## Import + * + * Synchronization jobs can be imported using the `id`, e.g. + * + * ```sh + * $ pulumi import azuread:index/synchronizationJob:SynchronizationJob example 00000000-0000-0000-0000-000000000000/job/dataBricks.f5532fc709734b1a90e8a1fa9fd03a82.8442fd39-2183-419c-8732-74b6ce866bd5 + * ``` + * + * -> This ID format is unique to Terraform and is composed of the Service Principal Object ID and the ID of the Synchronization Job Id in the format `{servicePrincipalId}/job/{jobId}`. + */ +export class SynchronizationJob extends pulumi.CustomResource { + /** + * Get an existing SynchronizationJob resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: SynchronizationJobState, opts?: pulumi.CustomResourceOptions): SynchronizationJob { + return new SynchronizationJob(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'azuread:index/synchronizationJob:SynchronizationJob'; + + /** + * Returns true if the given object is an instance of SynchronizationJob. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is SynchronizationJob { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === SynchronizationJob.__pulumiType; + } + + /** + * Whether or not the provisioning job is enabled. Default state is `true`. + */ + public readonly enabled!: pulumi.Output; + /** + * A `schedule` list as documented below. + */ + public /*out*/ readonly schedules!: pulumi.Output; + /** + * The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + */ + public readonly servicePrincipalId!: pulumi.Output; + /** + * Identifier of the synchronization template this job is based on. + */ + public readonly templateId!: pulumi.Output; + + /** + * Create a SynchronizationJob resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: SynchronizationJobArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: SynchronizationJobArgs | SynchronizationJobState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as SynchronizationJobState | undefined; + resourceInputs["enabled"] = state ? state.enabled : undefined; + resourceInputs["schedules"] = state ? state.schedules : undefined; + resourceInputs["servicePrincipalId"] = state ? state.servicePrincipalId : undefined; + resourceInputs["templateId"] = state ? state.templateId : undefined; + } else { + const args = argsOrState as SynchronizationJobArgs | undefined; + if ((!args || args.servicePrincipalId === undefined) && !opts.urn) { + throw new Error("Missing required property 'servicePrincipalId'"); + } + if ((!args || args.templateId === undefined) && !opts.urn) { + throw new Error("Missing required property 'templateId'"); + } + resourceInputs["enabled"] = args ? args.enabled : undefined; + resourceInputs["servicePrincipalId"] = args ? args.servicePrincipalId : undefined; + resourceInputs["templateId"] = args ? args.templateId : undefined; + resourceInputs["schedules"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(SynchronizationJob.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering SynchronizationJob resources. + */ +export interface SynchronizationJobState { + /** + * Whether or not the provisioning job is enabled. Default state is `true`. + */ + enabled?: pulumi.Input; + /** + * A `schedule` list as documented below. + */ + schedules?: pulumi.Input[]>; + /** + * The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + */ + servicePrincipalId?: pulumi.Input; + /** + * Identifier of the synchronization template this job is based on. + */ + templateId?: pulumi.Input; +} + +/** + * The set of arguments for constructing a SynchronizationJob resource. + */ +export interface SynchronizationJobArgs { + /** + * Whether or not the provisioning job is enabled. Default state is `true`. + */ + enabled?: pulumi.Input; + /** + * The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + */ + servicePrincipalId: pulumi.Input; + /** + * Identifier of the synchronization template this job is based on. + */ + templateId: pulumi.Input; +} diff --git a/sdk/nodejs/synchronizationSecret.ts b/sdk/nodejs/synchronizationSecret.ts new file mode 100644 index 000000000..1dc5ecce7 --- /dev/null +++ b/sdk/nodejs/synchronizationSecret.ts @@ -0,0 +1,150 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import { input as inputs, output as outputs } from "./types"; +import * as utilities from "./utilities"; + +/** + * Manages synchronization secrets associated with a service principal (enterprise application) within Azure Active Directory. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All` + * + * ## Example Usage + * + * *Basic example* + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as azuread from "@pulumi/azuread"; + * + * const exampleApplicationTemplate = azuread.getApplicationTemplate({ + * displayName: "Azure Databricks SCIM Provisioning Connector", + * }); + * const exampleApplication = new azuread.Application("exampleApplication", { + * displayName: "example", + * templateId: exampleApplicationTemplate.then(exampleApplicationTemplate => exampleApplicationTemplate.templateId), + * featureTags: [{ + * enterprise: true, + * gallery: true, + * }], + * }); + * const exampleServicePrincipal = new azuread.ServicePrincipal("exampleServicePrincipal", { + * applicationId: exampleApplication.applicationId, + * useExisting: true, + * }); + * const exampleSynchronizationSecret = new azuread.SynchronizationSecret("exampleSynchronizationSecret", { + * servicePrincipalId: exampleServicePrincipal.id, + * credentials: [ + * { + * key: "BaseAddress", + * value: "abc", + * }, + * { + * key: "SecretToken", + * value: "some-token", + * }, + * ], + * }); + * ``` + * + * ## Import + * + * This resource does not support importing. + */ +export class SynchronizationSecret extends pulumi.CustomResource { + /** + * Get an existing SynchronizationSecret resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: SynchronizationSecretState, opts?: pulumi.CustomResourceOptions): SynchronizationSecret { + return new SynchronizationSecret(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'azuread:index/synchronizationSecret:SynchronizationSecret'; + + /** + * Returns true if the given object is an instance of SynchronizationSecret. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is SynchronizationSecret { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === SynchronizationSecret.__pulumiType; + } + + /** + * One or more `credential` blocks as documented below. + */ + public readonly credentials!: pulumi.Output; + /** + * The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + */ + public readonly servicePrincipalId!: pulumi.Output; + + /** + * Create a SynchronizationSecret resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: SynchronizationSecretArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: SynchronizationSecretArgs | SynchronizationSecretState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as SynchronizationSecretState | undefined; + resourceInputs["credentials"] = state ? state.credentials : undefined; + resourceInputs["servicePrincipalId"] = state ? state.servicePrincipalId : undefined; + } else { + const args = argsOrState as SynchronizationSecretArgs | undefined; + if ((!args || args.servicePrincipalId === undefined) && !opts.urn) { + throw new Error("Missing required property 'servicePrincipalId'"); + } + resourceInputs["credentials"] = args ? args.credentials : undefined; + resourceInputs["servicePrincipalId"] = args ? args.servicePrincipalId : undefined; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(SynchronizationSecret.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering SynchronizationSecret resources. + */ +export interface SynchronizationSecretState { + /** + * One or more `credential` blocks as documented below. + */ + credentials?: pulumi.Input[]>; + /** + * The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + */ + servicePrincipalId?: pulumi.Input; +} + +/** + * The set of arguments for constructing a SynchronizationSecret resource. + */ +export interface SynchronizationSecretArgs { + /** + * One or more `credential` blocks as documented below. + */ + credentials?: pulumi.Input[]>; + /** + * The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + */ + servicePrincipalId: pulumi.Input; +} diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json index 4c21dea41..03c842d87 100644 --- a/sdk/nodejs/tsconfig.json +++ b/sdk/nodejs/tsconfig.json @@ -53,6 +53,8 @@ "servicePrincipalClaimsMappingPolicyAssignment.ts", "servicePrincipalDelegatedPermissionGrant.ts", "servicePrincipalPassword.ts", + "synchronizationJob.ts", + "synchronizationSecret.ts", "types/index.ts", "types/input.ts", "types/output.ts", diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts index ce16cabe3..19a5b9f7e 100644 --- a/sdk/nodejs/types/input.ts +++ b/sdk/nodejs/types/input.ts @@ -551,3 +551,29 @@ export interface ServicePrincipalSamlSingleSignOn { relayState?: pulumi.Input; } +export interface SynchronizationJobSchedule { + /** + * Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + */ + expiration?: pulumi.Input; + /** + * The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + */ + interval?: pulumi.Input; + /** + * State of the job. + */ + state?: pulumi.Input; +} + +export interface SynchronizationSecretCredential { + /** + * The key of the secret. + */ + key: pulumi.Input; + /** + * The value of the secret. + */ + value: pulumi.Input; +} + diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts index 8e3364b8a..300da01be 100644 --- a/sdk/nodejs/types/output.ts +++ b/sdk/nodejs/types/output.ts @@ -1023,3 +1023,29 @@ export interface ServicePrincipalSamlSingleSignOn { */ relayState?: string; } + +export interface SynchronizationJobSchedule { + /** + * Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + */ + expiration: string; + /** + * The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + */ + interval: string; + /** + * State of the job. + */ + state: string; +} + +export interface SynchronizationSecretCredential { + /** + * The key of the secret. + */ + key: string; + /** + * The value of the secret. + */ + value: string; +} diff --git a/sdk/python/pulumi_azuread/__init__.py b/sdk/python/pulumi_azuread/__init__.py index 36488f014..503968e6d 100644 --- a/sdk/python/pulumi_azuread/__init__.py +++ b/sdk/python/pulumi_azuread/__init__.py @@ -42,6 +42,8 @@ from .service_principal_claims_mapping_policy_assignment import * from .service_principal_delegated_permission_grant import * from .service_principal_password import * +from .synchronization_job import * +from .synchronization_secret import * from .user import * from ._inputs import * from . import outputs @@ -240,6 +242,22 @@ "azuread:index/servicePrincipalPassword:ServicePrincipalPassword": "ServicePrincipalPassword" } }, + { + "pkg": "azuread", + "mod": "index/synchronizationJob", + "fqn": "pulumi_azuread", + "classes": { + "azuread:index/synchronizationJob:SynchronizationJob": "SynchronizationJob" + } + }, + { + "pkg": "azuread", + "mod": "index/synchronizationSecret", + "fqn": "pulumi_azuread", + "classes": { + "azuread:index/synchronizationSecret:SynchronizationSecret": "SynchronizationSecret" + } + }, { "pkg": "azuread", "mod": "index/user", diff --git a/sdk/python/pulumi_azuread/_inputs.py b/sdk/python/pulumi_azuread/_inputs.py index fbc03cc73..e3bcf8a11 100644 --- a/sdk/python/pulumi_azuread/_inputs.py +++ b/sdk/python/pulumi_azuread/_inputs.py @@ -43,6 +43,8 @@ 'ServicePrincipalFeatureTagArgs', 'ServicePrincipalOauth2PermissionScopeArgs', 'ServicePrincipalSamlSingleSignOnArgs', + 'SynchronizationJobScheduleArgs', + 'SynchronizationSecretCredentialArgs', ] @pulumi.input_type @@ -2072,3 +2074,95 @@ def relay_state(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "relay_state", value) +@pulumi.input_type +class SynchronizationJobScheduleArgs: + def __init__(__self__, *, + expiration: Optional[pulumi.Input[str]] = None, + interval: Optional[pulumi.Input[str]] = None, + state: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] expiration: Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + :param pulumi.Input[str] interval: The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + :param pulumi.Input[str] state: State of the job. + """ + if expiration is not None: + pulumi.set(__self__, "expiration", expiration) + if interval is not None: + pulumi.set(__self__, "interval", interval) + if state is not None: + pulumi.set(__self__, "state", state) + + @property + @pulumi.getter + def expiration(self) -> Optional[pulumi.Input[str]]: + """ + Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + """ + return pulumi.get(self, "expiration") + + @expiration.setter + def expiration(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "expiration", value) + + @property + @pulumi.getter + def interval(self) -> Optional[pulumi.Input[str]]: + """ + The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + """ + return pulumi.get(self, "interval") + + @interval.setter + def interval(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "interval", value) + + @property + @pulumi.getter + def state(self) -> Optional[pulumi.Input[str]]: + """ + State of the job. + """ + return pulumi.get(self, "state") + + @state.setter + def state(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "state", value) + + +@pulumi.input_type +class SynchronizationSecretCredentialArgs: + def __init__(__self__, *, + key: pulumi.Input[str], + value: pulumi.Input[str]): + """ + :param pulumi.Input[str] key: The key of the secret. + :param pulumi.Input[str] value: The value of the secret. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def key(self) -> pulumi.Input[str]: + """ + The key of the secret. + """ + return pulumi.get(self, "key") + + @key.setter + def key(self, value: pulumi.Input[str]): + pulumi.set(self, "key", value) + + @property + @pulumi.getter + def value(self) -> pulumi.Input[str]: + """ + The value of the secret. + """ + return pulumi.get(self, "value") + + @value.setter + def value(self, value: pulumi.Input[str]): + pulumi.set(self, "value", value) + + diff --git a/sdk/python/pulumi_azuread/app_role_assignment.py b/sdk/python/pulumi_azuread/app_role_assignment.py index 64a31682a..a861c48a0 100644 --- a/sdk/python/pulumi_azuread/app_role_assignment.py +++ b/sdk/python/pulumi_azuread/app_role_assignment.py @@ -19,7 +19,7 @@ def __init__(__self__, *, resource_object_id: pulumi.Input[str]): """ The set of arguments for constructing a AppRoleAssignment resource. - :param pulumi.Input[str] app_role_id: The ID of the app role to be assigned. Changing this forces a new resource to be created. + :param pulumi.Input[str] app_role_id: The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. :param pulumi.Input[str] principal_object_id: The object ID of the user, group or service principal to be assigned this app role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created. :param pulumi.Input[str] resource_object_id: The object ID of the service principal representing the resource. Changing this forces a new resource to be created. """ @@ -31,7 +31,7 @@ def __init__(__self__, *, @pulumi.getter(name="appRoleId") def app_role_id(self) -> pulumi.Input[str]: """ - The ID of the app role to be assigned. Changing this forces a new resource to be created. + The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. """ return pulumi.get(self, "app_role_id") @@ -75,7 +75,7 @@ def __init__(__self__, *, resource_object_id: Optional[pulumi.Input[str]] = None): """ Input properties used for looking up and filtering AppRoleAssignment resources. - :param pulumi.Input[str] app_role_id: The ID of the app role to be assigned. Changing this forces a new resource to be created. + :param pulumi.Input[str] app_role_id: The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. :param pulumi.Input[str] principal_display_name: The display name of the principal to which the app role is assigned. :param pulumi.Input[str] principal_object_id: The object ID of the user, group or service principal to be assigned this app role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created. :param pulumi.Input[str] principal_type: The object type of the principal to which the app role is assigned. @@ -99,7 +99,7 @@ def __init__(__self__, *, @pulumi.getter(name="appRoleId") def app_role_id(self) -> Optional[pulumi.Input[str]]: """ - The ID of the app role to be assigned. Changing this forces a new resource to be created. + The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. """ return pulumi.get(self, "app_role_id") @@ -200,7 +200,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] app_role_id: The ID of the app role to be assigned. Changing this forces a new resource to be created. + :param pulumi.Input[str] app_role_id: The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. :param pulumi.Input[str] principal_object_id: The object ID of the user, group or service principal to be assigned this app role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created. :param pulumi.Input[str] resource_object_id: The object ID of the service principal representing the resource. Changing this forces a new resource to be created. """ @@ -293,7 +293,7 @@ def get(resource_name: str, :param str resource_name: The unique name of the resulting resource. :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] app_role_id: The ID of the app role to be assigned. Changing this forces a new resource to be created. + :param pulumi.Input[str] app_role_id: The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. :param pulumi.Input[str] principal_display_name: The display name of the principal to which the app role is assigned. :param pulumi.Input[str] principal_object_id: The object ID of the user, group or service principal to be assigned this app role. Supported object types are Users, Groups or Service Principals. Changing this forces a new resource to be created. :param pulumi.Input[str] principal_type: The object type of the principal to which the app role is assigned. @@ -316,7 +316,7 @@ def get(resource_name: str, @pulumi.getter(name="appRoleId") def app_role_id(self) -> pulumi.Output[str]: """ - The ID of the app role to be assigned. Changing this forces a new resource to be created. + The ID of the app role to be assigned, or the default role ID `00000000-0000-0000-0000-000000000000`. Changing this forces a new resource to be created. """ return pulumi.get(self, "app_role_id") diff --git a/sdk/python/pulumi_azuread/outputs.py b/sdk/python/pulumi_azuread/outputs.py index 509ee601a..099c8c016 100644 --- a/sdk/python/pulumi_azuread/outputs.py +++ b/sdk/python/pulumi_azuread/outputs.py @@ -44,6 +44,8 @@ 'ServicePrincipalFeatureTag', 'ServicePrincipalOauth2PermissionScope', 'ServicePrincipalSamlSingleSignOn', + 'SynchronizationJobSchedule', + 'SynchronizationSecretCredential', 'GetApplicationApiResult', 'GetApplicationApiOauth2PermissionScopeResult', 'GetApplicationAppRoleResult', @@ -2207,6 +2209,78 @@ def relay_state(self) -> Optional[str]: return pulumi.get(self, "relay_state") +@pulumi.output_type +class SynchronizationJobSchedule(dict): + def __init__(__self__, *, + expiration: Optional[str] = None, + interval: Optional[str] = None, + state: Optional[str] = None): + """ + :param str expiration: Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + :param str interval: The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + :param str state: State of the job. + """ + if expiration is not None: + pulumi.set(__self__, "expiration", expiration) + if interval is not None: + pulumi.set(__self__, "interval", interval) + if state is not None: + pulumi.set(__self__, "state", state) + + @property + @pulumi.getter + def expiration(self) -> Optional[str]: + """ + Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). + """ + return pulumi.get(self, "expiration") + + @property + @pulumi.getter + def interval(self) -> Optional[str]: + """ + The interval between synchronization iterations ISO8601. E.g. PT40M run every 40 minutes. + """ + return pulumi.get(self, "interval") + + @property + @pulumi.getter + def state(self) -> Optional[str]: + """ + State of the job. + """ + return pulumi.get(self, "state") + + +@pulumi.output_type +class SynchronizationSecretCredential(dict): + def __init__(__self__, *, + key: str, + value: str): + """ + :param str key: The key of the secret. + :param str value: The value of the secret. + """ + pulumi.set(__self__, "key", key) + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def key(self) -> str: + """ + The key of the secret. + """ + return pulumi.get(self, "key") + + @property + @pulumi.getter + def value(self) -> str: + """ + The value of the secret. + """ + return pulumi.get(self, "value") + + @pulumi.output_type class GetApplicationApiResult(dict): def __init__(__self__, *, diff --git a/sdk/python/pulumi_azuread/synchronization_job.py b/sdk/python/pulumi_azuread/synchronization_job.py new file mode 100644 index 000000000..cac49bdd4 --- /dev/null +++ b/sdk/python/pulumi_azuread/synchronization_job.py @@ -0,0 +1,377 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from . import _utilities +from . import outputs +from ._inputs import * + +__all__ = ['SynchronizationJobArgs', 'SynchronizationJob'] + +@pulumi.input_type +class SynchronizationJobArgs: + def __init__(__self__, *, + service_principal_id: pulumi.Input[str], + template_id: pulumi.Input[str], + enabled: Optional[pulumi.Input[bool]] = None): + """ + The set of arguments for constructing a SynchronizationJob resource. + :param pulumi.Input[str] service_principal_id: The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + :param pulumi.Input[str] template_id: Identifier of the synchronization template this job is based on. + :param pulumi.Input[bool] enabled: Whether or not the provisioning job is enabled. Default state is `true`. + """ + pulumi.set(__self__, "service_principal_id", service_principal_id) + pulumi.set(__self__, "template_id", template_id) + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter(name="servicePrincipalId") + def service_principal_id(self) -> pulumi.Input[str]: + """ + The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + """ + return pulumi.get(self, "service_principal_id") + + @service_principal_id.setter + def service_principal_id(self, value: pulumi.Input[str]): + pulumi.set(self, "service_principal_id", value) + + @property + @pulumi.getter(name="templateId") + def template_id(self) -> pulumi.Input[str]: + """ + Identifier of the synchronization template this job is based on. + """ + return pulumi.get(self, "template_id") + + @template_id.setter + def template_id(self, value: pulumi.Input[str]): + pulumi.set(self, "template_id", value) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether or not the provisioning job is enabled. Default state is `true`. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + +@pulumi.input_type +class _SynchronizationJobState: + def __init__(__self__, *, + enabled: Optional[pulumi.Input[bool]] = None, + schedules: Optional[pulumi.Input[Sequence[pulumi.Input['SynchronizationJobScheduleArgs']]]] = None, + service_principal_id: Optional[pulumi.Input[str]] = None, + template_id: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering SynchronizationJob resources. + :param pulumi.Input[bool] enabled: Whether or not the provisioning job is enabled. Default state is `true`. + :param pulumi.Input[Sequence[pulumi.Input['SynchronizationJobScheduleArgs']]] schedules: A `schedule` list as documented below. + :param pulumi.Input[str] service_principal_id: The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + :param pulumi.Input[str] template_id: Identifier of the synchronization template this job is based on. + """ + if enabled is not None: + pulumi.set(__self__, "enabled", enabled) + if schedules is not None: + pulumi.set(__self__, "schedules", schedules) + if service_principal_id is not None: + pulumi.set(__self__, "service_principal_id", service_principal_id) + if template_id is not None: + pulumi.set(__self__, "template_id", template_id) + + @property + @pulumi.getter + def enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Whether or not the provisioning job is enabled. Default state is `true`. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "enabled", value) + + @property + @pulumi.getter + def schedules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SynchronizationJobScheduleArgs']]]]: + """ + A `schedule` list as documented below. + """ + return pulumi.get(self, "schedules") + + @schedules.setter + def schedules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SynchronizationJobScheduleArgs']]]]): + pulumi.set(self, "schedules", value) + + @property + @pulumi.getter(name="servicePrincipalId") + def service_principal_id(self) -> Optional[pulumi.Input[str]]: + """ + The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + """ + return pulumi.get(self, "service_principal_id") + + @service_principal_id.setter + def service_principal_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service_principal_id", value) + + @property + @pulumi.getter(name="templateId") + def template_id(self) -> Optional[pulumi.Input[str]]: + """ + Identifier of the synchronization template this job is based on. + """ + return pulumi.get(self, "template_id") + + @template_id.setter + def template_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "template_id", value) + + +class SynchronizationJob(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + enabled: Optional[pulumi.Input[bool]] = None, + service_principal_id: Optional[pulumi.Input[str]] = None, + template_id: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Manages a synchronization job associated with a service principal (enterprise application) within Azure Active Directory. + + ## API Permissions + + The following API permissions are required in order to use this resource. + + When authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All` + + ## Example Usage + + *Basic example* + + ```python + import pulumi + import pulumi_azuread as azuread + + example_application_template = azuread.get_application_template(display_name="Azure Databricks SCIM Provisioning Connector") + example_application = azuread.Application("exampleApplication", + display_name="example", + template_id=example_application_template.template_id, + feature_tags=[azuread.ApplicationFeatureTagArgs( + enterprise=True, + gallery=True, + )]) + example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal", + application_id=example_application.application_id, + use_existing=True) + example_synchronization_secret = azuread.SynchronizationSecret("exampleSynchronizationSecret", + service_principal_id=example_service_principal.id, + credentials=[ + azuread.SynchronizationSecretCredentialArgs( + key="BaseAddress", + value="https://adb-example.azuredatabricks.net/api/2.0/preview/scim", + ), + azuread.SynchronizationSecretCredentialArgs( + key="SecretToken", + value="some-token", + ), + ]) + example_synchronization_job = azuread.SynchronizationJob("exampleSynchronizationJob", + service_principal_id=example_service_principal.id, + template_id="dataBricks", + enabled=True) + ``` + + ## Import + + Synchronization jobs can be imported using the `id`, e.g. + + ```sh + $ pulumi import azuread:index/synchronizationJob:SynchronizationJob example 00000000-0000-0000-0000-000000000000/job/dataBricks.f5532fc709734b1a90e8a1fa9fd03a82.8442fd39-2183-419c-8732-74b6ce866bd5 + ``` + + -> This ID format is unique to Terraform and is composed of the Service Principal Object ID and the ID of the Synchronization Job Id in the format `{servicePrincipalId}/job/{jobId}`. + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[bool] enabled: Whether or not the provisioning job is enabled. Default state is `true`. + :param pulumi.Input[str] service_principal_id: The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + :param pulumi.Input[str] template_id: Identifier of the synchronization template this job is based on. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: SynchronizationJobArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Manages a synchronization job associated with a service principal (enterprise application) within Azure Active Directory. + + ## API Permissions + + The following API permissions are required in order to use this resource. + + When authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All` + + ## Example Usage + + *Basic example* + + ```python + import pulumi + import pulumi_azuread as azuread + + example_application_template = azuread.get_application_template(display_name="Azure Databricks SCIM Provisioning Connector") + example_application = azuread.Application("exampleApplication", + display_name="example", + template_id=example_application_template.template_id, + feature_tags=[azuread.ApplicationFeatureTagArgs( + enterprise=True, + gallery=True, + )]) + example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal", + application_id=example_application.application_id, + use_existing=True) + example_synchronization_secret = azuread.SynchronizationSecret("exampleSynchronizationSecret", + service_principal_id=example_service_principal.id, + credentials=[ + azuread.SynchronizationSecretCredentialArgs( + key="BaseAddress", + value="https://adb-example.azuredatabricks.net/api/2.0/preview/scim", + ), + azuread.SynchronizationSecretCredentialArgs( + key="SecretToken", + value="some-token", + ), + ]) + example_synchronization_job = azuread.SynchronizationJob("exampleSynchronizationJob", + service_principal_id=example_service_principal.id, + template_id="dataBricks", + enabled=True) + ``` + + ## Import + + Synchronization jobs can be imported using the `id`, e.g. + + ```sh + $ pulumi import azuread:index/synchronizationJob:SynchronizationJob example 00000000-0000-0000-0000-000000000000/job/dataBricks.f5532fc709734b1a90e8a1fa9fd03a82.8442fd39-2183-419c-8732-74b6ce866bd5 + ``` + + -> This ID format is unique to Terraform and is composed of the Service Principal Object ID and the ID of the Synchronization Job Id in the format `{servicePrincipalId}/job/{jobId}`. + + :param str resource_name: The name of the resource. + :param SynchronizationJobArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(SynchronizationJobArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + enabled: Optional[pulumi.Input[bool]] = None, + service_principal_id: Optional[pulumi.Input[str]] = None, + template_id: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = SynchronizationJobArgs.__new__(SynchronizationJobArgs) + + __props__.__dict__["enabled"] = enabled + if service_principal_id is None and not opts.urn: + raise TypeError("Missing required property 'service_principal_id'") + __props__.__dict__["service_principal_id"] = service_principal_id + if template_id is None and not opts.urn: + raise TypeError("Missing required property 'template_id'") + __props__.__dict__["template_id"] = template_id + __props__.__dict__["schedules"] = None + super(SynchronizationJob, __self__).__init__( + 'azuread:index/synchronizationJob:SynchronizationJob', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + enabled: Optional[pulumi.Input[bool]] = None, + schedules: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SynchronizationJobScheduleArgs']]]]] = None, + service_principal_id: Optional[pulumi.Input[str]] = None, + template_id: Optional[pulumi.Input[str]] = None) -> 'SynchronizationJob': + """ + Get an existing SynchronizationJob resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[bool] enabled: Whether or not the provisioning job is enabled. Default state is `true`. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SynchronizationJobScheduleArgs']]]] schedules: A `schedule` list as documented below. + :param pulumi.Input[str] service_principal_id: The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + :param pulumi.Input[str] template_id: Identifier of the synchronization template this job is based on. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _SynchronizationJobState.__new__(_SynchronizationJobState) + + __props__.__dict__["enabled"] = enabled + __props__.__dict__["schedules"] = schedules + __props__.__dict__["service_principal_id"] = service_principal_id + __props__.__dict__["template_id"] = template_id + return SynchronizationJob(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def enabled(self) -> pulumi.Output[Optional[bool]]: + """ + Whether or not the provisioning job is enabled. Default state is `true`. + """ + return pulumi.get(self, "enabled") + + @property + @pulumi.getter + def schedules(self) -> pulumi.Output[Sequence['outputs.SynchronizationJobSchedule']]: + """ + A `schedule` list as documented below. + """ + return pulumi.get(self, "schedules") + + @property + @pulumi.getter(name="servicePrincipalId") + def service_principal_id(self) -> pulumi.Output[str]: + """ + The object ID of the service principal for which this synchronization job should be created. Changing this field forces a new resource to be created. + """ + return pulumi.get(self, "service_principal_id") + + @property + @pulumi.getter(name="templateId") + def template_id(self) -> pulumi.Output[str]: + """ + Identifier of the synchronization template this job is based on. + """ + return pulumi.get(self, "template_id") + diff --git a/sdk/python/pulumi_azuread/synchronization_secret.py b/sdk/python/pulumi_azuread/synchronization_secret.py new file mode 100644 index 000000000..47de61045 --- /dev/null +++ b/sdk/python/pulumi_azuread/synchronization_secret.py @@ -0,0 +1,281 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from . import _utilities +from . import outputs +from ._inputs import * + +__all__ = ['SynchronizationSecretArgs', 'SynchronizationSecret'] + +@pulumi.input_type +class SynchronizationSecretArgs: + def __init__(__self__, *, + service_principal_id: pulumi.Input[str], + credentials: Optional[pulumi.Input[Sequence[pulumi.Input['SynchronizationSecretCredentialArgs']]]] = None): + """ + The set of arguments for constructing a SynchronizationSecret resource. + :param pulumi.Input[str] service_principal_id: The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + :param pulumi.Input[Sequence[pulumi.Input['SynchronizationSecretCredentialArgs']]] credentials: One or more `credential` blocks as documented below. + """ + pulumi.set(__self__, "service_principal_id", service_principal_id) + if credentials is not None: + pulumi.set(__self__, "credentials", credentials) + + @property + @pulumi.getter(name="servicePrincipalId") + def service_principal_id(self) -> pulumi.Input[str]: + """ + The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + """ + return pulumi.get(self, "service_principal_id") + + @service_principal_id.setter + def service_principal_id(self, value: pulumi.Input[str]): + pulumi.set(self, "service_principal_id", value) + + @property + @pulumi.getter + def credentials(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SynchronizationSecretCredentialArgs']]]]: + """ + One or more `credential` blocks as documented below. + """ + return pulumi.get(self, "credentials") + + @credentials.setter + def credentials(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SynchronizationSecretCredentialArgs']]]]): + pulumi.set(self, "credentials", value) + + +@pulumi.input_type +class _SynchronizationSecretState: + def __init__(__self__, *, + credentials: Optional[pulumi.Input[Sequence[pulumi.Input['SynchronizationSecretCredentialArgs']]]] = None, + service_principal_id: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering SynchronizationSecret resources. + :param pulumi.Input[Sequence[pulumi.Input['SynchronizationSecretCredentialArgs']]] credentials: One or more `credential` blocks as documented below. + :param pulumi.Input[str] service_principal_id: The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + """ + if credentials is not None: + pulumi.set(__self__, "credentials", credentials) + if service_principal_id is not None: + pulumi.set(__self__, "service_principal_id", service_principal_id) + + @property + @pulumi.getter + def credentials(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SynchronizationSecretCredentialArgs']]]]: + """ + One or more `credential` blocks as documented below. + """ + return pulumi.get(self, "credentials") + + @credentials.setter + def credentials(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SynchronizationSecretCredentialArgs']]]]): + pulumi.set(self, "credentials", value) + + @property + @pulumi.getter(name="servicePrincipalId") + def service_principal_id(self) -> Optional[pulumi.Input[str]]: + """ + The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + """ + return pulumi.get(self, "service_principal_id") + + @service_principal_id.setter + def service_principal_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service_principal_id", value) + + +class SynchronizationSecret(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + credentials: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SynchronizationSecretCredentialArgs']]]]] = None, + service_principal_id: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Manages synchronization secrets associated with a service principal (enterprise application) within Azure Active Directory. + + ## API Permissions + + The following API permissions are required in order to use this resource. + + When authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All` + + ## Example Usage + + *Basic example* + + ```python + import pulumi + import pulumi_azuread as azuread + + example_application_template = azuread.get_application_template(display_name="Azure Databricks SCIM Provisioning Connector") + example_application = azuread.Application("exampleApplication", + display_name="example", + template_id=example_application_template.template_id, + feature_tags=[azuread.ApplicationFeatureTagArgs( + enterprise=True, + gallery=True, + )]) + example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal", + application_id=example_application.application_id, + use_existing=True) + example_synchronization_secret = azuread.SynchronizationSecret("exampleSynchronizationSecret", + service_principal_id=example_service_principal.id, + credentials=[ + azuread.SynchronizationSecretCredentialArgs( + key="BaseAddress", + value="abc", + ), + azuread.SynchronizationSecretCredentialArgs( + key="SecretToken", + value="some-token", + ), + ]) + ``` + + ## Import + + This resource does not support importing. + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SynchronizationSecretCredentialArgs']]]] credentials: One or more `credential` blocks as documented below. + :param pulumi.Input[str] service_principal_id: The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: SynchronizationSecretArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Manages synchronization secrets associated with a service principal (enterprise application) within Azure Active Directory. + + ## API Permissions + + The following API permissions are required in order to use this resource. + + When authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All` + + ## Example Usage + + *Basic example* + + ```python + import pulumi + import pulumi_azuread as azuread + + example_application_template = azuread.get_application_template(display_name="Azure Databricks SCIM Provisioning Connector") + example_application = azuread.Application("exampleApplication", + display_name="example", + template_id=example_application_template.template_id, + feature_tags=[azuread.ApplicationFeatureTagArgs( + enterprise=True, + gallery=True, + )]) + example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal", + application_id=example_application.application_id, + use_existing=True) + example_synchronization_secret = azuread.SynchronizationSecret("exampleSynchronizationSecret", + service_principal_id=example_service_principal.id, + credentials=[ + azuread.SynchronizationSecretCredentialArgs( + key="BaseAddress", + value="abc", + ), + azuread.SynchronizationSecretCredentialArgs( + key="SecretToken", + value="some-token", + ), + ]) + ``` + + ## Import + + This resource does not support importing. + + :param str resource_name: The name of the resource. + :param SynchronizationSecretArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(SynchronizationSecretArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + credentials: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SynchronizationSecretCredentialArgs']]]]] = None, + service_principal_id: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = SynchronizationSecretArgs.__new__(SynchronizationSecretArgs) + + __props__.__dict__["credentials"] = credentials + if service_principal_id is None and not opts.urn: + raise TypeError("Missing required property 'service_principal_id'") + __props__.__dict__["service_principal_id"] = service_principal_id + super(SynchronizationSecret, __self__).__init__( + 'azuread:index/synchronizationSecret:SynchronizationSecret', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + credentials: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SynchronizationSecretCredentialArgs']]]]] = None, + service_principal_id: Optional[pulumi.Input[str]] = None) -> 'SynchronizationSecret': + """ + Get an existing SynchronizationSecret resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SynchronizationSecretCredentialArgs']]]] credentials: One or more `credential` blocks as documented below. + :param pulumi.Input[str] service_principal_id: The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _SynchronizationSecretState.__new__(_SynchronizationSecretState) + + __props__.__dict__["credentials"] = credentials + __props__.__dict__["service_principal_id"] = service_principal_id + return SynchronizationSecret(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def credentials(self) -> pulumi.Output[Optional[Sequence['outputs.SynchronizationSecretCredential']]]: + """ + One or more `credential` blocks as documented below. + """ + return pulumi.get(self, "credentials") + + @property + @pulumi.getter(name="servicePrincipalId") + def service_principal_id(self) -> pulumi.Output[str]: + """ + The object ID of the service principal for which this synchronization secrets should be stored. Changing this field forces a new resource to be created. + """ + return pulumi.get(self, "service_principal_id") +