import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages a PIM Active Role Assignment. * * ## Example Usage * * ### Subscription) * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * import * as time from "@pulumiverse/time"; * * const primary = azure.core.getSubscription({}); * const example = azure.core.getClientConfig({}); * const exampleGetRoleDefinition = azure.authorization.getRoleDefinition({ * name: "Reader", * }); * const exampleStatic = new time.Static("example", {}); * const exampleActiveRoleAssignment = new azure.pim.ActiveRoleAssignment("example", { * scope: primary.then(primary => primary.id), * roleDefinitionId: Promise.all([primary, exampleGetRoleDefinition]).then(([primary, exampleGetRoleDefinition]) => `${primary.id}${exampleGetRoleDefinition.id}`), * principalId: example.then(example => example.objectId), * schedule: { * startDateTime: exampleStatic.rfc3339, * expiration: { * durationHours: 8, * }, * }, * justification: "Expiration Duration Set", * ticket: { * number: "1", * system: "example ticket system", * }, * }); * ``` * * ### Management Group) * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * import * as time from "@pulumiverse/time"; * * const example = azure.core.getClientConfig({}); * const exampleGetRoleDefinition = azure.authorization.getRoleDefinition({ * name: "Reader", * }); * const exampleGroup = new azure.management.Group("example", {name: "Example-Management-Group"}); * const exampleStatic = new time.Static("example", {}); * const exampleActiveRoleAssignment = new azure.pim.ActiveRoleAssignment("example", { * scope: exampleGroup.id, * roleDefinitionId: exampleGetRoleDefinition.then(exampleGetRoleDefinition => exampleGetRoleDefinition.id), * principalId: example.then(example => example.objectId), * schedule: { * startDateTime: exampleStatic.rfc3339, * expiration: { * durationHours: 8, * }, * }, * justification: "Expiration Duration Set", * ticket: { * number: "1", * system: "example ticket system", * }, * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.Authorization` - 2020-10-01 * * ## Import * * PIM Active Role Assignments can be imported using the following composite resource ID, e.g. * * ```sh * $ pulumi import azure:pim/activeRoleAssignment:ActiveRoleAssignment example /subscriptions/00000000-0000-0000-0000-000000000000|/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000|00000000-0000-0000-0000-000000000000 * ``` * * > **Note:** This ID is specific to Terraform - and is of the format `{scope}|{roleDefinitionId}|{principalId}`, where the first segment is the scope of the role assignment, the second segment is the role definition ID, and the last segment is the principal object ID. */ export declare class ActiveRoleAssignment extends pulumi.CustomResource { /** * Get an existing ActiveRoleAssignment resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ActiveRoleAssignmentState, opts?: pulumi.CustomResourceOptions): ActiveRoleAssignment; /** * Returns true if the given object is an instance of ActiveRoleAssignment. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ActiveRoleAssignment; /** * The justification for the role assignment. Changing this forces a new resource to be created. */ readonly justification: pulumi.Output; /** * Object ID of the principal for this role assignment. Changing this forces a new resource to be created. */ readonly principalId: pulumi.Output; /** * Type of principal to which the role will be assigned. */ readonly principalType: pulumi.Output; /** * The role definition ID for this role assignment. Changing this forces a new resource to be created. */ readonly roleDefinitionId: pulumi.Output; /** * A `schedule` block as defined below. Changing this forces a new resource to be created. */ readonly schedule: pulumi.Output; /** * The scope for this role assignment, should be a valid resource ID. Changing this forces a new resource to be created. */ readonly scope: pulumi.Output; /** * A `ticket` block as defined below. Changing this forces a new resource to be created. */ readonly ticket: pulumi.Output; /** * Create a ActiveRoleAssignment resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ActiveRoleAssignmentArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ActiveRoleAssignment resources. */ export interface ActiveRoleAssignmentState { /** * The justification for the role assignment. Changing this forces a new resource to be created. */ justification?: pulumi.Input; /** * Object ID of the principal for this role assignment. Changing this forces a new resource to be created. */ principalId?: pulumi.Input; /** * Type of principal to which the role will be assigned. */ principalType?: pulumi.Input; /** * The role definition ID for this role assignment. Changing this forces a new resource to be created. */ roleDefinitionId?: pulumi.Input; /** * A `schedule` block as defined below. Changing this forces a new resource to be created. */ schedule?: pulumi.Input; /** * The scope for this role assignment, should be a valid resource ID. Changing this forces a new resource to be created. */ scope?: pulumi.Input; /** * A `ticket` block as defined below. Changing this forces a new resource to be created. */ ticket?: pulumi.Input; } /** * The set of arguments for constructing a ActiveRoleAssignment resource. */ export interface ActiveRoleAssignmentArgs { /** * The justification for the role assignment. Changing this forces a new resource to be created. */ justification?: pulumi.Input; /** * Object ID of the principal for this role assignment. Changing this forces a new resource to be created. */ principalId: pulumi.Input; /** * The role definition ID for this role assignment. Changing this forces a new resource to be created. */ roleDefinitionId: pulumi.Input; /** * A `schedule` block as defined below. Changing this forces a new resource to be created. */ schedule?: pulumi.Input; /** * The scope for this role assignment, should be a valid resource ID. Changing this forces a new resource to be created. */ scope: pulumi.Input; /** * A `ticket` block as defined below. Changing this forces a new resource to be created. */ ticket?: pulumi.Input; }