import * as enums from "./enums"; import * as pulumi from "@pulumi/pulumi"; /** * Access Review History Definition Instance. */ export interface AccessReviewHistoryInstanceArgs { /** * The display name for the parent history definition. */ displayName?: pulumi.Input; /** * Date time when history data report expires and the associated data is deleted. */ expiration?: pulumi.Input; /** * Date time when the history data report is scheduled to be generated. */ fulfilledDateTime?: pulumi.Input; /** * Date time used when selecting review data, all reviews included in data end on or before this date. For use only with one-time/non-recurring reports. */ reviewHistoryPeriodEndDateTime?: pulumi.Input; /** * Date time used when selecting review data, all reviews included in data start on or after this date. For use only with one-time/non-recurring reports. */ reviewHistoryPeriodStartDateTime?: pulumi.Input; /** * Date time when the history data report is scheduled to be generated. */ runDateTime?: pulumi.Input; } /** * Access Review Instance. */ export interface AccessReviewInstanceArgs { /** * This is the collection of backup reviewers. */ backupReviewers?: pulumi.Input[]>; /** * The DateTime when the review instance is scheduled to end. */ endDateTime?: pulumi.Input; /** * This is the collection of reviewers. */ reviewers?: pulumi.Input[]>; /** * The DateTime when the review instance is scheduled to be start. */ startDateTime?: pulumi.Input; } /** * Recurrence Range of an Access Review Schedule Definition. */ export interface AccessReviewRecurrenceRangeArgs { /** * The DateTime when the review is scheduled to end. Required if type is endDate */ endDate?: pulumi.Input; /** * The number of times to repeat the access review. Required and must be positive if type is numbered. */ numberOfOccurrences?: pulumi.Input; /** * The DateTime when the review is scheduled to be start. This could be a date in the future. Required on create. */ startDate?: pulumi.Input; /** * The recurrence range type. The possible values are: endDate, noEnd, numbered. */ type?: pulumi.Input; } /** * Descriptor for what needs to be reviewed */ export interface AccessReviewReviewerArgs { /** * The id of the reviewer(user/servicePrincipal) */ principalId?: pulumi.Input; } /** * Descriptor for what needs to be reviewed */ export interface AccessReviewScopeArgs { /** * This is used to indicate the resource id(s) to exclude */ excludeResourceId?: pulumi.Input; /** * This is used to indicate the role definition id(s) to exclude */ excludeRoleDefinitionId?: pulumi.Input; /** * Flag to indicate whether to expand nested memberships or not. */ expandNestedMemberships?: pulumi.Input; /** * Duration users are inactive for. The value should be in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations).This code can be used to convert TimeSpan to a valid interval string: XmlConvert.ToString(new TimeSpan(hours, minutes, seconds)) */ inactiveDuration?: pulumi.Input; /** * Flag to indicate whether to expand nested memberships or not. */ includeAccessBelowResource?: pulumi.Input; /** * Flag to indicate whether to expand nested memberships or not. */ includeInheritedAccess?: pulumi.Input; } /** * The approval settings. */ export interface ApprovalSettingsArgs { /** * The type of rule */ approvalMode?: pulumi.Input; /** * The approval stages of the request. */ approvalStages?: pulumi.Input[]>; /** * Determines whether approval is required or not. */ isApprovalRequired?: pulumi.Input; /** * Determines whether approval is required for assignment extension. */ isApprovalRequiredForExtension?: pulumi.Input; /** * Determine whether requestor justification is required. */ isRequestorJustificationRequired?: pulumi.Input; } /** * The approval stage. */ export interface ApprovalStageArgs { /** * The time in days when approval request would be timed out */ approvalStageTimeOutInDays?: pulumi.Input; /** * The escalation approver of the request. */ escalationApprovers?: pulumi.Input[]>; /** * The time in minutes when the approval request would be escalated if the primary approver does not approve */ escalationTimeInMinutes?: pulumi.Input; /** * Determines whether approver need to provide justification for his decision. */ isApproverJustificationRequired?: pulumi.Input; /** * The value determine whether escalation feature is enabled. */ isEscalationEnabled?: pulumi.Input; /** * The primary approver of the request. */ primaryApprovers?: pulumi.Input[]>; } /** * Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity. */ export interface IdentityArgs { /** * The identity type. This is the only required field when adding a system or user assigned identity to a resource. */ type?: pulumi.Input; /** * The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. */ userAssignedIdentities?: pulumi.Input[]>; } /** * Lock owner properties. */ export interface ManagementLockOwnerArgs { /** * The application ID of the lock owner. */ applicationId?: pulumi.Input; } /** * A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. */ export interface NonComplianceMessageArgs { /** * A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. */ message: pulumi.Input; /** * The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. */ policyDefinitionReferenceId?: pulumi.Input; } /** * The policy property value override. */ export interface OverrideArgs { /** * The override kind. */ kind?: pulumi.Input; /** * The list of the selector expressions. */ selectors?: pulumi.Input[]>; /** * The value to override the policy property. */ value?: pulumi.Input; } /** * The PIM Only Mode settings. */ export interface PIMOnlyModeSettingsArgs { /** * The list of excluded assignment types allowed. */ excludedAssignmentTypes?: pulumi.Input[]>; /** * The list of excluded entities that the rule does not apply to. */ excludes?: pulumi.Input[]>; /** * Determines whether the setting is enabled, disabled or report only. */ mode?: pulumi.Input; } /** * The definition of a parameter that can be provided to the policy. */ export interface ParameterDefinitionsValueArgs { /** * The allowed values for the parameter. */ allowedValues?: pulumi.Input; /** * The default value for the parameter if no value is provided. */ defaultValue?: any; /** * General metadata for the parameter. */ metadata?: pulumi.Input; /** * Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/. */ schema?: any; /** * The data type of the parameter. */ type?: pulumi.Input; } /** * General metadata for the parameter. */ export interface ParameterDefinitionsValueMetadataArgs { /** * Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope. */ assignPermissions?: pulumi.Input; /** * The description of the parameter. */ description?: pulumi.Input; /** * The display name for the parameter. */ displayName?: pulumi.Input; /** * Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from. */ strongType?: pulumi.Input; } /** * The value of a parameter. */ export interface ParameterValuesValueArgs { /** * The value of the parameter. */ value?: any; } /** * Role definition permissions. */ export interface PermissionArgs { /** * Allowed actions. */ actions?: pulumi.Input[]>; /** * Allowed Data actions. */ dataActions?: pulumi.Input[]>; /** * Denied actions. */ notActions?: pulumi.Input[]>; /** * Denied Data actions. */ notDataActions?: pulumi.Input[]>; } /** * The policy definition group. */ export interface PolicyDefinitionGroupArgs { /** * A resource ID of a resource that contains additional metadata about the group. */ additionalMetadataId?: pulumi.Input; /** * The group's category. */ category?: pulumi.Input; /** * The group's description. */ description?: pulumi.Input; /** * The group's display name. */ displayName?: pulumi.Input; /** * The name of the group. */ name: pulumi.Input; } /** * The policy definition reference. */ export interface PolicyDefinitionReferenceArgs { /** * The version of the policy definition to use. */ definitionVersion?: pulumi.Input; /** * The name of the groups that this policy definition reference belongs to. */ groupNames?: pulumi.Input[]>; /** * The parameter values for the referenced policy rule. The keys are the parameter names. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The ID of the policy definition or policy set definition. */ policyDefinitionId: pulumi.Input; /** * A unique id (within the policy set definition) for this policy definition reference. */ policyDefinitionReferenceId?: pulumi.Input; } /** * The variable column. */ export interface PolicyVariableColumnArgs { /** * The name of this policy variable column. */ columnName: pulumi.Input; } /** * The name value tuple for this variable value column. */ export interface PolicyVariableValueColumnValueArgs { /** * Column name for the variable value */ columnName: pulumi.Input; /** * Column value for the variable value; this can be an integer, double, boolean, null or a string. */ columnValue: any; } export interface PrivateLinkAssociationPropertiesArgs { /** * The rmpl Resource ID. */ privateLink?: pulumi.Input; publicNetworkAccess?: pulumi.Input; } /** * The resource selector to filter policies by resource properties. */ export interface ResourceSelectorArgs { /** * The name of the resource selector. */ name?: pulumi.Input; /** * The list of the selector expressions. */ selectors?: pulumi.Input[]>; } /** * Expiration of the role eligibility schedule */ export interface RoleEligibilityScheduleRequestPropertiesExpirationArgs { /** * Duration of the role eligibility schedule in TimeSpan. */ duration?: pulumi.Input; /** * End DateTime of the role eligibility schedule. */ endDateTime?: pulumi.Input; /** * Type of the role eligibility schedule expiration */ type?: pulumi.Input; } /** * Schedule info of the role eligibility schedule */ export interface RoleEligibilityScheduleRequestPropertiesScheduleInfoArgs { /** * Expiration of the role eligibility schedule */ expiration?: pulumi.Input; /** * Start DateTime of the role eligibility schedule. */ startDateTime?: pulumi.Input; } /** * Ticket Info of the role eligibility */ export interface RoleEligibilityScheduleRequestPropertiesTicketInfoArgs { /** * Ticket number for the role eligibility */ ticketNumber?: pulumi.Input; /** * Ticket system name for the role eligibility */ ticketSystem?: pulumi.Input; } /** * The role management policy approval rule. */ export interface RoleManagementPolicyApprovalRuleArgs { /** * The id of the rule. */ id?: pulumi.Input; /** * The type of rule * Expected value is 'RoleManagementPolicyApprovalRule'. */ ruleType: pulumi.Input<"RoleManagementPolicyApprovalRule">; /** * The approval setting */ setting?: pulumi.Input; /** * The target of the current rule. */ target?: pulumi.Input; } /** * The role management policy authentication context rule. */ export interface RoleManagementPolicyAuthenticationContextRuleArgs { /** * The claim value. */ claimValue?: pulumi.Input; /** * The id of the rule. */ id?: pulumi.Input; /** * The value indicating if rule is enabled. */ isEnabled?: pulumi.Input; /** * The type of rule * Expected value is 'RoleManagementPolicyAuthenticationContextRule'. */ ruleType: pulumi.Input<"RoleManagementPolicyAuthenticationContextRule">; /** * The target of the current rule. */ target?: pulumi.Input; } /** * The role management policy enablement rule. */ export interface RoleManagementPolicyEnablementRuleArgs { /** * The list of enabled rules. */ enabledRules?: pulumi.Input[]>; /** * The id of the rule. */ id?: pulumi.Input; /** * The type of rule * Expected value is 'RoleManagementPolicyEnablementRule'. */ ruleType: pulumi.Input<"RoleManagementPolicyEnablementRule">; /** * The target of the current rule. */ target?: pulumi.Input; } /** * The role management policy expiration rule. */ export interface RoleManagementPolicyExpirationRuleArgs { /** * The members not restricted by expiration rule. */ exceptionMembers?: pulumi.Input[]>; /** * The id of the rule. */ id?: pulumi.Input; /** * The value indicating whether expiration is required. */ isExpirationRequired?: pulumi.Input; /** * The maximum duration of expiration in timespan. */ maximumDuration?: pulumi.Input; /** * The type of rule * Expected value is 'RoleManagementPolicyExpirationRule'. */ ruleType: pulumi.Input<"RoleManagementPolicyExpirationRule">; /** * The target of the current rule. */ target?: pulumi.Input; } /** * The role management policy notification rule. */ export interface RoleManagementPolicyNotificationRuleArgs { /** * The id of the rule. */ id?: pulumi.Input; /** * Determines if the notification will be sent to the recipient type specified in the policy rule. */ isDefaultRecipientsEnabled?: pulumi.Input; /** * The notification level. */ notificationLevel?: pulumi.Input; /** * The list of notification recipients. */ notificationRecipients?: pulumi.Input[]>; /** * The type of notification. */ notificationType?: pulumi.Input; /** * The recipient type. */ recipientType?: pulumi.Input; /** * The type of rule * Expected value is 'RoleManagementPolicyNotificationRule'. */ ruleType: pulumi.Input<"RoleManagementPolicyNotificationRule">; /** * The target of the current rule. */ target?: pulumi.Input; } /** * The role management policy PIM only mode rule. */ export interface RoleManagementPolicyPimOnlyModeRuleArgs { /** * The id of the rule. */ id?: pulumi.Input; /** * The PIM Only Mode settings */ pimOnlyModeSettings?: pulumi.Input; /** * The type of rule * Expected value is 'RoleManagementPolicyPimOnlyModeRule'. */ ruleType: pulumi.Input<"RoleManagementPolicyPimOnlyModeRule">; /** * The target of the current rule. */ target?: pulumi.Input; } /** * The role management policy rule target. */ export interface RoleManagementPolicyRuleTargetArgs { /** * The caller of the setting. */ caller?: pulumi.Input; /** * The list of enforced settings. */ enforcedSettings?: pulumi.Input[]>; /** * The list of inheritable settings. */ inheritableSettings?: pulumi.Input[]>; /** * The assignment level to which rule is applied. */ level?: pulumi.Input; /** * The type of operation. */ operations?: pulumi.Input[]>; /** * The list of target objects. */ targetObjects?: pulumi.Input[]>; } /** * The selector expression. */ export interface SelectorArgs { /** * The list of values to filter in. */ in?: pulumi.Input[]>; /** * The selector kind. */ kind?: pulumi.Input; /** * The list of values to filter out. */ notIn?: pulumi.Input[]>; } /** * The detail of a user. */ export interface UserSetArgs { /** * The description of the user. */ description?: pulumi.Input; /** * The object id of the user. */ id?: pulumi.Input; /** * The value indicating whether the user is a backup fallback approver */ isBackup?: pulumi.Input; /** * The type of user. */ userType?: pulumi.Input; } /** * The detail of a subject. */ export interface UsersOrServicePrincipalSetArgs { /** * The display Name of the entity. */ displayName?: pulumi.Input; /** * The object id of the entity. */ id?: pulumi.Input; /** * The type of user. */ type?: pulumi.Input; }