import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manage a role policy for an Azure Management Group, Subscription, Resource Group or resource. * * ## Example Usage * * ### Management Group * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.management.Group("example", {name: "example-group"}); * const mgContributor = azure.authorization.getRoleDefinitionOutput({ * name: "Contributor", * scope: example.id, * }); * const exampleRoleManagementPolicy = new azure.pim.RoleManagementPolicy("example", { * scope: example.id, * roleDefinitionId: mgContributor.apply(mgContributor => mgContributor.id), * eligibleAssignmentRules: { * expirationRequired: false, * }, * activeAssignmentRules: { * expireAfter: "P90D", * }, * activationRules: { * maximumDuration: "PT1H", * requireApproval: true, * }, * notificationRules: { * activeAssignments: { * adminNotifications: { * notificationLevel: "Critical", * defaultRecipients: false, * additionalRecipients: ["someone@example.com"], * }, * }, * }, * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.Authorization` - 2020-10-01 * * ## Import * * Because these policies are created automatically by Azure, they will auto-import on first use. They can be imported using the `resource id` of the role definition, combined with the scope id, e.g. * * ```sh * $ pulumi import azure:pim/roleManagementPolicy:RoleManagementPolicy example "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000|" * ``` */ export declare class RoleManagementPolicy extends pulumi.CustomResource { /** * Get an existing RoleManagementPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: RoleManagementPolicyState, opts?: pulumi.CustomResourceOptions): RoleManagementPolicy; /** * Returns true if the given object is an instance of RoleManagementPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is RoleManagementPolicy; /** * An `activationRules` block as defined below. */ readonly activationRules: pulumi.Output; /** * An `activeAssignmentRules` block as defined below. */ readonly activeAssignmentRules: pulumi.Output; /** * (String) The description of this policy. */ readonly description: pulumi.Output; /** * An `eligibleAssignmentRules` block as defined below. */ readonly eligibleAssignmentRules: pulumi.Output; /** * (String) The name of this policy, which is typically a UUID and may change over time. */ readonly name: pulumi.Output; /** * A `notificationRules` block as defined below. */ readonly notificationRules: pulumi.Output; /** * The scoped Role Definition ID of the role for which this policy will apply. Changing this forces a new resource to be created. */ readonly roleDefinitionId: pulumi.Output; /** * The scope to which this Role Management Policy will apply. Can refer to a management group, a subscription, a resource group or a resource. Changing this forces a new resource to be created. */ readonly scope: pulumi.Output; /** * Create a RoleManagementPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: RoleManagementPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering RoleManagementPolicy resources. */ export interface RoleManagementPolicyState { /** * An `activationRules` block as defined below. */ activationRules?: pulumi.Input; /** * An `activeAssignmentRules` block as defined below. */ activeAssignmentRules?: pulumi.Input; /** * (String) The description of this policy. */ description?: pulumi.Input; /** * An `eligibleAssignmentRules` block as defined below. */ eligibleAssignmentRules?: pulumi.Input; /** * (String) The name of this policy, which is typically a UUID and may change over time. */ name?: pulumi.Input; /** * A `notificationRules` block as defined below. */ notificationRules?: pulumi.Input; /** * The scoped Role Definition ID of the role for which this policy will apply. Changing this forces a new resource to be created. */ roleDefinitionId?: pulumi.Input; /** * The scope to which this Role Management Policy will apply. Can refer to a management group, a subscription, a resource group or a resource. Changing this forces a new resource to be created. */ scope?: pulumi.Input; } /** * The set of arguments for constructing a RoleManagementPolicy resource. */ export interface RoleManagementPolicyArgs { /** * An `activationRules` block as defined below. */ activationRules?: pulumi.Input; /** * An `activeAssignmentRules` block as defined below. */ activeAssignmentRules?: pulumi.Input; /** * An `eligibleAssignmentRules` block as defined below. */ eligibleAssignmentRules?: pulumi.Input; /** * A `notificationRules` block as defined below. */ notificationRules?: pulumi.Input; /** * The scoped Role Definition ID of the role for which this policy will apply. Changing this forces a new resource to be created. */ roleDefinitionId: pulumi.Input; /** * The scope to which this Role Management Policy will apply. Can refer to a management group, a subscription, a resource group or a resource. Changing this forces a new resource to be created. */ scope: pulumi.Input; }