pulumi-azure-kotlin/com.pulumi.azure.role.kotlin/AssignmentArgs

AssignmentArgs

data class AssignmentArgs constructor(val condition: Output<String>? = null, val conditionVersion: Output<String>? = null, val delegatedManagedIdentityResourceId: Output<String>? = null, val description: Output<String>? = null, val name: Output<String>? = null, val principalId: Output<String>? = null, val roleDefinitionId: Output<String>? = null, val roleDefinitionName: Output<String>? = null, val scope: Output<String>? = null, val skipServicePrincipalAadCheck: Output<Boolean>? = null) : ConvertibleToJava<AssignmentArgs>

Assigns a given Principal (User or Group) to a given Role.

Example Usage

Using A Built-In Role)

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
import com.pulumi.azure.authorization.Assignment;
import com.pulumi.azure.authorization.AssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var primary = CoreFunctions.getSubscription();
        final var exampleClientConfig = CoreFunctions.getClientConfig();
        var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
            .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .roleDefinitionName("Reader")
            .principalId(exampleClientConfig.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .build());
    }
}
Content copied to clipboard

Custom Role & Service Principal)

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
import com.pulumi.azure.authorization.RoleDefinition;
import com.pulumi.azure.authorization.RoleDefinitionArgs;
import com.pulumi.azure.authorization.inputs.RoleDefinitionPermissionArgs;
import com.pulumi.azure.authorization.Assignment;
import com.pulumi.azure.authorization.AssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var primary = CoreFunctions.getSubscription();
        final var exampleClientConfig = CoreFunctions.getClientConfig();
        var exampleRoleDefinition = new RoleDefinition("exampleRoleDefinition", RoleDefinitionArgs.builder()
            .roleDefinitionId("00000000-0000-0000-0000-000000000000")
            .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .permissions(RoleDefinitionPermissionArgs.builder()
                .actions("Microsoft.Resources/subscriptions/resourceGroups/read")
                .notActions()
                .build())
            .assignableScopes(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .build());
        var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
            .name("00000000-0000-0000-0000-000000000000")
            .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .roleDefinitionId(exampleRoleDefinition.roleDefinitionResourceId())
            .principalId(exampleClientConfig.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .build());
    }
}
Content copied to clipboard

Custom Role & User)

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
import com.pulumi.azure.authorization.RoleDefinition;
import com.pulumi.azure.authorization.RoleDefinitionArgs;
import com.pulumi.azure.authorization.inputs.RoleDefinitionPermissionArgs;
import com.pulumi.azure.authorization.Assignment;
import com.pulumi.azure.authorization.AssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var primary = CoreFunctions.getSubscription();
        final var exampleClientConfig = CoreFunctions.getClientConfig();
        var exampleRoleDefinition = new RoleDefinition("exampleRoleDefinition", RoleDefinitionArgs.builder()
            .roleDefinitionId("00000000-0000-0000-0000-000000000000")
            .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .permissions(RoleDefinitionPermissionArgs.builder()
                .actions("Microsoft.Resources/subscriptions/resourceGroups/read")
                .notActions()
                .build())
            .assignableScopes(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .build());
        var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
            .name("00000000-0000-0000-0000-000000000000")
            .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .roleDefinitionId(exampleRoleDefinition.roleDefinitionResourceId())
            .principalId(exampleClientConfig.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .build());
    }
}
Content copied to clipboard

Custom Role & Management Group)

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
import com.pulumi.azure.management.ManagementFunctions;
import com.pulumi.azure.management.inputs.GetGroupArgs;
import com.pulumi.azure.authorization.RoleDefinition;
import com.pulumi.azure.authorization.RoleDefinitionArgs;
import com.pulumi.azure.authorization.inputs.RoleDefinitionPermissionArgs;
import com.pulumi.azure.authorization.Assignment;
import com.pulumi.azure.authorization.AssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var primary = CoreFunctions.getSubscription();
        final var exampleClientConfig = CoreFunctions.getClientConfig();
        final var exampleGroup = ManagementFunctions.getGroup(GetGroupArgs.builder()
            .name("00000000-0000-0000-0000-000000000000")
            .build());
        var exampleRoleDefinition = new RoleDefinition("exampleRoleDefinition", RoleDefinitionArgs.builder()
            .roleDefinitionId("00000000-0000-0000-0000-000000000000")
            .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .permissions(RoleDefinitionPermissionArgs.builder()
                .actions("Microsoft.Resources/subscriptions/resourceGroups/read")
                .notActions()
                .build())
            .assignableScopes(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .build());
        var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
            .name("00000000-0000-0000-0000-000000000000")
            .scope(data.azurerm_management_group().primary().id())
            .roleDefinitionId(exampleRoleDefinition.roleDefinitionResourceId())
            .principalId(exampleClientConfig.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .build());
    }
}
Content copied to clipboard

Import

Role Assignments can be imported using the resource id, e.g.

$ pulumi import azure:role/assignment:Assignment example /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000
Content copied to clipboard

  • for scope Subscription, the id format is /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000 * for scope Resource Group, the id format is /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000 text /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000|00000000-0000-0000-0000-000000000000

Constructors

Link copied to clipboard
fun AssignmentArgs(condition: Output<String>? = null, conditionVersion: Output<String>? = null, delegatedManagedIdentityResourceId: Output<String>? = null, description: Output<String>? = null, name: Output<String>? = null, principalId: Output<String>? = null, roleDefinitionId: Output<String>? = null, roleDefinitionName: Output<String>? = null, scope: Output<String>? = null, skipServicePrincipalAadCheck: Output<Boolean>? = null)

Functions

Link copied to clipboard
open override fun toJava(): AssignmentArgs

Properties

Link copied to clipboard
val condition: Output<String>? = null

The condition that limits the resources that the role can be assigned to. Changing this forces a new resource to be created.

Link copied to clipboard
val conditionVersion: Output<String>? = null

The version of the condition. Possible values are 1.0 or 2.0. Changing this forces a new resource to be created.

Link copied to clipboard
val delegatedManagedIdentityResourceId: Output<String>? = null

The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created.

Link copied to clipboard
val description: Output<String>? = null

The description for this Role Assignment. Changing this forces a new resource to be created.

Link copied to clipboard
val name: Output<String>? = null

A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.

Link copied to clipboard
val principalId: Output<String>? = null

The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.

Link copied to clipboard
val roleDefinitionId: Output<String>? = null

The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with role_definition_name.

Link copied to clipboard
val roleDefinitionName: Output<String>? = null

The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with role_definition_id.

Link copied to clipboard
val scope: Output<String>? = null

The scope at which the Role Assignment applies to, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM, or /providers/Microsoft.Management/managementGroups/myMG. Changing this forces a new resource to be created.

Link copied to clipboard
val skipServicePrincipalAadCheck: Output<Boolean>? = null

If the principal_id is a newly provisioned Service Principal set this value to true to skip the Azure Active Directory check which may fail due to replication lag. This argument is only valid if the principal_id is a Service Principal identity. Defaults to false.