pulumi-azure-kotlin/com.pulumi.azure.pim.kotlin/EligibleRoleAssignmentArgs

EligibleRoleAssignmentArgs

data class EligibleRoleAssignmentArgs(val justification: Output<String>? = null, val principalId: Output<String>? = null, val roleDefinitionId: Output<String>? = null, val schedule: Output<EligibleRoleAssignmentScheduleArgs>? = null, val scope: Output<String>? = null, val ticket: Output<EligibleRoleAssignmentTicketArgs>? = null) : ConvertibleToJava<EligibleRoleAssignmentArgs>

Manages a Pim Eligible Role Assignment.

Example Usage

Subscription)

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
import com.pulumi.azure.authorization.AuthorizationFunctions;
import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
import com.pulumi.time.Static;
import com.pulumi.azure.pim.EligibleRoleAssignment;
import com.pulumi.azure.pim.EligibleRoleAssignmentArgs;
import com.pulumi.azure.pim.inputs.EligibleRoleAssignmentScheduleArgs;
import com.pulumi.azure.pim.inputs.EligibleRoleAssignmentScheduleExpirationArgs;
import com.pulumi.azure.pim.inputs.EligibleRoleAssignmentTicketArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var primary = CoreFunctions.getSubscription();
        final var exampleClientConfig = CoreFunctions.getClientConfig();
        final var exampleRoleDefinition = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
            .name("Reader")
            .build());
        var exampleStatic = new Static("exampleStatic");
        var exampleEligibleRoleAssignment = new EligibleRoleAssignment("exampleEligibleRoleAssignment", EligibleRoleAssignmentArgs.builder()
            .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .roleDefinitionId(String.format("%s%s", primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()),exampleRoleDefinition.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.id())))
            .principalId(exampleClientConfig.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .schedule(EligibleRoleAssignmentScheduleArgs.builder()
                .startDateTime(exampleStatic.rfc3339())
                .expiration(EligibleRoleAssignmentScheduleExpirationArgs.builder()
                    .durationHours(8)
                    .build())
                .build())
            .justification("Expiration Duration Set")
            .ticket(EligibleRoleAssignmentTicketArgs.builder()
                .number("1")
                .system("example ticket system")
                .build())
            .build());
    }
}
Content copied to clipboard

Management Group)

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.authorization.AuthorizationFunctions;
import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
import com.pulumi.azure.management.Group;
import com.pulumi.time.Static;
import com.pulumi.azure.pim.EligibleRoleAssignment;
import com.pulumi.azure.pim.EligibleRoleAssignmentArgs;
import com.pulumi.azure.pim.inputs.EligibleRoleAssignmentScheduleArgs;
import com.pulumi.azure.pim.inputs.EligibleRoleAssignmentScheduleExpirationArgs;
import com.pulumi.azure.pim.inputs.EligibleRoleAssignmentTicketArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var exampleClientConfig = CoreFunctions.getClientConfig();
        final var exampleRoleDefinition = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
            .name("Reader")
            .build());
        var exampleGroup = new Group("exampleGroup");
        var exampleStatic = new Static("exampleStatic");
        var exampleEligibleRoleAssignment = new EligibleRoleAssignment("exampleEligibleRoleAssignment", EligibleRoleAssignmentArgs.builder()
            .scope(exampleGroup.id())
            .roleDefinitionId(exampleRoleDefinition.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.id()))
            .principalId(exampleClientConfig.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .schedule(EligibleRoleAssignmentScheduleArgs.builder()
                .startDateTime(exampleStatic.rfc3339())
                .expiration(EligibleRoleAssignmentScheduleExpirationArgs.builder()
                    .durationHours(8)
                    .build())
                .build())
            .justification("Expiration Duration Set")
            .ticket(EligibleRoleAssignmentTicketArgs.builder()
                .number("1")
                .system("example ticket system")
                .build())
            .build());
    }
}
Content copied to clipboard

Import

Pim Eligible Role Assignments can be imported using the resource id, e.g.

$ pulumi import azure:pim/eligibleRoleAssignment:EligibleRoleAssignment example /subscriptions/00000000-0000-0000-0000-000000000000|/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000|00000000-0000-0000-0000-000000000000
Content copied to clipboard

Constructors

Link copied to clipboard
fun EligibleRoleAssignmentArgs(justification: Output<String>? = null, principalId: Output<String>? = null, roleDefinitionId: Output<String>? = null, schedule: Output<EligibleRoleAssignmentScheduleArgs>? = null, scope: Output<String>? = null, ticket: Output<EligibleRoleAssignmentTicketArgs>? = null)

Functions

Link copied to clipboard
open override fun toJava(): EligibleRoleAssignmentArgs

Properties

Link copied to clipboard
val justification: Output<String>? = null

The justification of the role assignment. Changing this forces a new Pim Eligible Role Assignment to be created.

Link copied to clipboard
val principalId: Output<String>? = null

The principal id. Changing this forces a new Pim Eligible Role Assignment to be created.

Link copied to clipboard
val roleDefinitionId: Output<String>? = null

The role definition id. Changing this forces a new Pim Eligible Role Assignment to be created.

Link copied to clipboard
val schedule: Output<EligibleRoleAssignmentScheduleArgs>? = null

A schedule block as defined below. Changing this forces a new Pim Eligible Role Assignment to be created.

Link copied to clipboard
val scope: Output<String>? = null

The scope. Changing this forces a new Pim Eligible Role Assignment to be created.

Link copied to clipboard
val ticket: Output<EligibleRoleAssignmentTicketArgs>? = null

A ticket block as defined below. Changing this forces a new Pim Eligible Role Assignment to be created.