Namespace Pulumi.Azure.Role

Classes

Assignment

Assigns a given Principal (User or Group) to a given Role.

Example Usage (using a built-in Role)

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
public MyStack()
{
    var primary = Output.Create(Azure.Core.GetSubscription.InvokeAsync());
    var exampleClientConfig = Output.Create(Azure.Core.GetClientConfig.InvokeAsync());
    var exampleAssignment = new Azure.Authorization.Assignment("exampleAssignment", new Azure.Authorization.AssignmentArgs
    {
        Scope = primary.Apply(primary => primary.Id),
        RoleDefinitionName = "Reader",
        PrincipalId = exampleClientConfig.Apply(exampleClientConfig => exampleClientConfig.ObjectId),
    });
}

}

Example Usage (Custom Role & Service Principal)

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
public MyStack()
{
    var primary = Output.Create(Azure.Core.GetSubscription.InvokeAsync());
    var exampleClientConfig = Output.Create(Azure.Core.GetClientConfig.InvokeAsync());
    var exampleRoleDefinition = new Azure.Authorization.RoleDefinition("exampleRoleDefinition", new Azure.Authorization.RoleDefinitionArgs
    {
        RoleDefinitionId = "00000000-0000-0000-0000-000000000000",
        Scope = primary.Apply(primary => primary.Id),
        Permissions = 
        {
            new Azure.Authorization.Inputs.RoleDefinitionPermissionArgs
            {
                Actions = 
                {
                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                },
                NotActions = {},
            },
        },
        AssignableScopes = 
        {
            primary.Apply(primary => primary.Id),
        },
    });
    var exampleAssignment = new Azure.Authorization.Assignment("exampleAssignment", new Azure.Authorization.AssignmentArgs
    {
        Name = "00000000-0000-0000-0000-000000000000",
        Scope = primary.Apply(primary => primary.Id),
        RoleDefinitionId = exampleRoleDefinition.Id,
        PrincipalId = exampleClientConfig.Apply(exampleClientConfig => exampleClientConfig.ObjectId),
    });
}

}

Example Usage (Custom Role & User)

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
public MyStack()
{
    var primary = Output.Create(Azure.Core.GetSubscription.InvokeAsync());
    var exampleClientConfig = Output.Create(Azure.Core.GetClientConfig.InvokeAsync());
    var exampleRoleDefinition = new Azure.Authorization.RoleDefinition("exampleRoleDefinition", new Azure.Authorization.RoleDefinitionArgs
    {
        RoleDefinitionId = "00000000-0000-0000-0000-000000000000",
        Scope = primary.Apply(primary => primary.Id),
        Permissions = 
        {
            new Azure.Authorization.Inputs.RoleDefinitionPermissionArgs
            {
                Actions = 
                {
                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                },
                NotActions = {},
            },
        },
        AssignableScopes = 
        {
            primary.Apply(primary => primary.Id),
        },
    });
    var exampleAssignment = new Azure.Authorization.Assignment("exampleAssignment", new Azure.Authorization.AssignmentArgs
    {
        Name = "00000000-0000-0000-0000-000000000000",
        Scope = primary.Apply(primary => primary.Id),
        RoleDefinitionId = exampleRoleDefinition.Id,
        PrincipalId = exampleClientConfig.Apply(exampleClientConfig => exampleClientConfig.ClientId),
    });
}

}

Example Usage (Custom Role & Management Group)

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
public MyStack()
{
    var primary = Output.Create(Azure.Core.GetSubscription.InvokeAsync());
    var exampleClientConfig = Output.Create(Azure.Core.GetClientConfig.InvokeAsync());
    var exampleGroup = Output.Create(Azure.Management.GetGroup.InvokeAsync());
    var exampleRoleDefinition = new Azure.Authorization.RoleDefinition("exampleRoleDefinition", new Azure.Authorization.RoleDefinitionArgs
    {
        RoleDefinitionId = "00000000-0000-0000-0000-000000000000",
        Scope = primary.Apply(primary => primary.Id),
        Permissions = 
        {
            new Azure.Authorization.Inputs.RoleDefinitionPermissionArgs
            {
                Actions = 
                {
                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                },
                NotActions = {},
            },
        },
        AssignableScopes = 
        {
            primary.Apply(primary => primary.Id),
        },
    });
    var exampleAssignment = new Azure.Authorization.Assignment("exampleAssignment", new Azure.Authorization.AssignmentArgs
    {
        Name = "00000000-0000-0000-0000-000000000000",
        Scope = data.Azurerm_management_group.Primary.Id,
        RoleDefinitionId = exampleRoleDefinition.Id,
        PrincipalId = exampleClientConfig.Apply(exampleClientConfig => exampleClientConfig.ClientId),
    });
}

}

AssignmentArgs

AssignmentState

Definition

Manages a custom Role Definition, used to assign Roles to Users/Principals. See 'Understand role definitions' in the Azure documentation for more details.

Example Usage

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
public MyStack()
{
    var primary = Output.Create(Azure.Core.GetSubscription.InvokeAsync());
    var example = new Azure.Authorization.RoleDefinition("example", new Azure.Authorization.RoleDefinitionArgs
    {
        Scope = primary.Apply(primary => primary.Id),
        Description = "This is a custom role created",
        Permissions = 
        {
            new Azure.Authorization.Inputs.RoleDefinitionPermissionArgs
            {
                Actions = 
                {
                    "*",
                },
                NotActions = {},
            },
        },
        AssignableScopes = 
        {
            primary.Apply(primary => primary.Id),
        },
    });
}

}

DefinitionArgs

DefinitionState

GetRoleDefinition

GetRoleDefinitionArgs

GetRoleDefinitionResult