get
suspend fun getRoleManagementPolicy(argument: GetRoleManagementPolicyPlainArgs): GetRoleManagementPolicyResult
Use this data source to get information on a role policy for an Azure Management Group, Subscription, Resource Group or resource.
Example Usage
Resource Group
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = azure.core.getResourceGroup({
name: "example-rg",
});
const rgContributor = example.then(example => azure.authorization.getRoleDefinition({
name: "Contributor",
scope: example.id,
}));
const exampleGetRoleManagementPolicy = azure.pim.getRoleManagementPolicy({
scope: test.id,
roleDefinitionId: contributor.id,
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.get_resource_group(name="example-rg")
rg_contributor = azure.authorization.get_role_definition(name="Contributor",
scope=example.id)
example_get_role_management_policy = azure.pim.get_role_management_policy(scope=test["id"],
role_definition_id=contributor["id"])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = Azure.Core.GetResourceGroup.Invoke(new()
{
Name = "example-rg",
});
var rgContributor = Azure.Authorization.GetRoleDefinition.Invoke(new()
{
Name = "Contributor",
Scope = example.Apply(getResourceGroupResult => getResourceGroupResult.Id),
});
var exampleGetRoleManagementPolicy = Azure.Pim.GetRoleManagementPolicy.Invoke(new()
{
Scope = test.Id,
RoleDefinitionId = contributor.Id,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/pim"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.LookupResourceGroup(ctx, &core.LookupResourceGroupArgs{
Name: "example-rg",
}, nil)
if err != nil {
return err
}
_, err = authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
Name: pulumi.StringRef("Contributor"),
Scope: pulumi.StringRef(example.Id),
}, nil)
if err != nil {
return err
}
_, err = pim.LookupRoleManagementPolicy(ctx, &pim.LookupRoleManagementPolicyArgs{
Scope: test.Id,
RoleDefinitionId: contributor.Id,
}, nil)
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetResourceGroupArgs;
import com.pulumi.azure.authorization.AuthorizationFunctions;
import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
import com.pulumi.azure.pim.PimFunctions;
import com.pulumi.azure.pim.inputs.GetRoleManagementPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = CoreFunctions.getResourceGroup(GetResourceGroupArgs.builder()
.name("example-rg")
.build());
final var rgContributor = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
.name("Contributor")
.scope(example.applyValue(getResourceGroupResult -> getResourceGroupResult.id()))
.build());
final var exampleGetRoleManagementPolicy = PimFunctions.getRoleManagementPolicy(GetRoleManagementPolicyArgs.builder()
.scope(test.id())
.roleDefinitionId(contributor.id())
.build());
}
}Content copied to clipboard
variables:
example:
fn::invoke:
function: azure:core:getResourceGroup
arguments:
name: example-rg
rgContributor:
fn::invoke:
function: azure:authorization:getRoleDefinition
arguments:
name: Contributor
scope: ${example.id}
exampleGetRoleManagementPolicy:
fn::invoke:
function: azure:pim:getRoleManagementPolicy
arguments:
scope: ${test.id}
roleDefinitionId: ${contributor.id}Content copied to clipboard
Management Group
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = azure.management.getGroup({
name: "example-group",
});
const mgContributor = azure.authorization.getRoleDefinition({
name: "Contributor",
scope: exampleAzurermManagementGroup.id,
});
const exampleGetRoleManagementPolicy = Promise.all([example, mgContributor]).then(([example, mgContributor]) => azure.pim.getRoleManagementPolicy({
scope: example.id,
roleDefinitionId: mgContributor.id,
}));Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.management.get_group(name="example-group")
mg_contributor = azure.authorization.get_role_definition(name="Contributor",
scope=example_azurerm_management_group["id"])
example_get_role_management_policy = azure.pim.get_role_management_policy(scope=example.id,
role_definition_id=mg_contributor.id)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = Azure.Management.GetGroup.Invoke(new()
{
Name = "example-group",
});
var mgContributor = Azure.Authorization.GetRoleDefinition.Invoke(new()
{
Name = "Contributor",
Scope = exampleAzurermManagementGroup.Id,
});
var exampleGetRoleManagementPolicy = Azure.Pim.GetRoleManagementPolicy.Invoke(new()
{
Scope = example.Apply(getGroupResult => getGroupResult.Id),
RoleDefinitionId = mgContributor.Apply(getRoleDefinitionResult => getRoleDefinitionResult.Id),
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/management"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/pim"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := management.LookupGroup(ctx, &management.LookupGroupArgs{
Name: pulumi.StringRef("example-group"),
}, nil)
if err != nil {
return err
}
mgContributor, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
Name: pulumi.StringRef("Contributor"),
Scope: pulumi.StringRef(exampleAzurermManagementGroup.Id),
}, nil)
if err != nil {
return err
}
_, err = pim.LookupRoleManagementPolicy(ctx, &pim.LookupRoleManagementPolicyArgs{
Scope: example.Id,
RoleDefinitionId: mgContributor.Id,
}, nil)
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.management.ManagementFunctions;
import com.pulumi.azure.management.inputs.GetGroupArgs;
import com.pulumi.azure.authorization.AuthorizationFunctions;
import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
import com.pulumi.azure.pim.PimFunctions;
import com.pulumi.azure.pim.inputs.GetRoleManagementPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = ManagementFunctions.getGroup(GetGroupArgs.builder()
.name("example-group")
.build());
final var mgContributor = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
.name("Contributor")
.scope(exampleAzurermManagementGroup.id())
.build());
final var exampleGetRoleManagementPolicy = PimFunctions.getRoleManagementPolicy(GetRoleManagementPolicyArgs.builder()
.scope(example.applyValue(getGroupResult -> getGroupResult.id()))
.roleDefinitionId(mgContributor.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.id()))
.build());
}
}Content copied to clipboard
variables:
example:
fn::invoke:
function: azure:management:getGroup
arguments:
name: example-group
mgContributor:
fn::invoke:
function: azure:authorization:getRoleDefinition
arguments:
name: Contributor
scope: ${exampleAzurermManagementGroup.id}
exampleGetRoleManagementPolicy:
fn::invoke:
function: azure:pim:getRoleManagementPolicy
arguments:
scope: ${example.id}
roleDefinitionId: ${mgContributor.id}Content copied to clipboard
Return
A collection of values returned by getRoleManagementPolicy.
Parameters
argument
A collection of arguments for invoking getRoleManagementPolicy.
suspend fun getRoleManagementPolicy(roleDefinitionId: String, scope: String): GetRoleManagementPolicyResult
Return
A collection of values returned by getRoleManagementPolicy.
Parameters
role
The scoped Role Definition ID of the role for which this policy applies.
scope
The scope to which this Role Management Policy applies. Can refer to a management group, a subscription, a resource group or a resource.
See also
suspend fun getRoleManagementPolicy(argument: suspend GetRoleManagementPolicyPlainArgsBuilder.() -> Unit): GetRoleManagementPolicyResult
Return
A collection of values returned by getRoleManagementPolicy.
Parameters
argument
Builder for com.pulumi.azure.pim.kotlin.inputs.GetRoleManagementPolicyPlainArgs.