From 02a8a45412a47babc3df7493c86750136e1ea4be Mon Sep 17 00:00:00 2001 From: Pulumi Bot <30351955+pulumi-bot@users.noreply.github.com> Date: Tue, 14 May 2024 07:49:23 -0700 Subject: [PATCH] Upgrade terraform-provider-azuread to v2.49.1 (#1053) This PR was generated via `$ upgrade-provider pulumi/pulumi-azuread --kind=all --target-bridge-version=latest`. --- - Upgrading terraform-provider-azuread from 2.49.0 to 2.49.1. Fixes #1052 --- .../cmd/pulumi-resource-azuread/schema.json | 6 +- provider/go.mod | 2 +- provider/go.sum | 4 +- provider/shim/go.mod | 2 +- provider/shim/go.sum | 4 +- sdk/dotnet/GroupRoleManagementPolicy.cs | 61 ++++++++++++++ ...RoleManagementPolicyActivationRulesArgs.cs | 4 +- ...eManagementPolicyActivationRulesGetArgs.cs | 4 +- ...roupRoleManagementPolicyActivationRules.cs | 4 +- sdk/go/azuread/groupRoleManagementPolicy.go | 65 +++++++++++++++ sdk/go/azuread/pulumiTypes.go | 16 ++-- .../azuread/GroupRoleManagementPolicy.java | 2 +- ...leManagementPolicyActivationRulesArgs.java | 16 ++-- ...upRoleManagementPolicyActivationRules.java | 8 +- sdk/nodejs/groupRoleManagementPolicy.ts | 44 ++++++++++ sdk/nodejs/types/input.ts | 4 +- sdk/nodejs/types/output.ts | 4 +- sdk/python/pulumi_azuread/_inputs.py | 8 +- .../group_role_management_policy.py | 82 +++++++++++++++++++ sdk/python/pulumi_azuread/outputs.py | 8 +- 20 files changed, 300 insertions(+), 48 deletions(-) diff --git a/provider/cmd/pulumi-resource-azuread/schema.json b/provider/cmd/pulumi-resource-azuread/schema.json index 51d1996b5..b379f4b4c 100644 --- a/provider/cmd/pulumi-resource-azuread/schema.json +++ b/provider/cmd/pulumi-resource-azuread/schema.json @@ -1248,7 +1248,7 @@ }, "maximumDuration": { "type": "string", - "description": "The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`.\n" + "description": "The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`.\n" }, "requireApproval": { "type": "boolean", @@ -1268,7 +1268,7 @@ }, "requiredConditionalAccessAuthenticationContext": { "type": "string", - "description": "The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`.\n" + "description": "The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `require_multifactor_authentication`.\n" } }, "type": "object", @@ -7159,7 +7159,7 @@ } }, "azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy": { - "description": "Manage a role policy for an Azure AD group.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the `RoleManagementPolicy.ReadWrite.AzureADGroup` Microsoft Graph API permissions.\n\nWhen authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.GroupRoleManagementPolicy;\nimport com.pulumi.azuread.GroupRoleManagementPolicyArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyActiveAssignmentRulesArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyEligibleAssignmentRulesArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Group(\"example\", GroupArgs.builder() \n .displayName(\"group-name\")\n .securityEnabled(true)\n .build());\n\n var member = new User(\"member\", UserArgs.builder() \n .userPrincipalName(\"jdoe@example.com\")\n .displayName(\"J. Doe\")\n .mailNickname(\"jdoe\")\n .password(\"SecretP@sswd99!\")\n .build());\n\n var exampleGroupRoleManagementPolicy = new GroupRoleManagementPolicy(\"exampleGroupRoleManagementPolicy\", GroupRoleManagementPolicyArgs.builder() \n .groupId(example.id())\n .assignmentType(\"member\")\n .activeAssignmentRules(GroupRoleManagementPolicyActiveAssignmentRulesArgs.builder()\n .expireAfter(\"P365D\")\n .build())\n .eligibleAssignmentRules(GroupRoleManagementPolicyEligibleAssignmentRulesArgs.builder()\n .expirationRequired(false)\n .build())\n .notificationRules(GroupRoleManagementPolicyNotificationRulesArgs.builder()\n .eligibleAssignments(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs.builder()\n .approverNotifications(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs.builder()\n .notificationLevel(\"Critical\")\n .defaultRecipients(false)\n .additionalRecipients( \n \"someone@example.com\",\n \"someone.else@example.com\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Group\n properties:\n displayName: group-name\n securityEnabled: true\n member:\n type: azuread:User\n properties:\n userPrincipalName: jdoe@example.com\n displayName: J. Doe\n mailNickname: jdoe\n password: SecretP@sswd99!\n exampleGroupRoleManagementPolicy:\n type: azuread:GroupRoleManagementPolicy\n name: example\n properties:\n groupId: ${example.id}\n assignmentType: member\n activeAssignmentRules:\n expireAfter: P365D\n eligibleAssignmentRules:\n expirationRequired: false\n notificationRules:\n eligibleAssignments:\n approverNotifications:\n notificationLevel: Critical\n defaultRecipients: false\n additionalRecipients:\n - someone@example.com\n - someone.else@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nBecause these policies are created automatically by Entra ID, they will auto-import on first use.\n\n", + "description": "Manage a role policy for an Azure AD group.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the `RoleManagementPolicy.ReadWrite.AzureADGroup` Microsoft Graph API permissions.\n\nWhen authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Group(\"example\", {\n displayName: \"group-name\",\n securityEnabled: true,\n});\nconst member = new azuread.User(\"member\", {\n userPrincipalName: \"jdoe@example.com\",\n displayName: \"J. Doe\",\n mailNickname: \"jdoe\",\n password: \"SecretP@sswd99!\",\n});\nconst exampleGroupRoleManagementPolicy = new azuread.GroupRoleManagementPolicy(\"example\", {\n groupId: example.id,\n roleId: \"member\",\n activeAssignmentRules: {\n expireAfter: \"P365D\",\n },\n eligibleAssignmentRules: {\n expirationRequired: false,\n },\n notificationRules: {\n eligibleAssignments: {\n approverNotifications: {\n notificationLevel: \"Critical\",\n defaultRecipients: false,\n additionalRecipients: [\n \"someone@example.com\",\n \"someone.else@example.com\",\n ],\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Group(\"example\",\n display_name=\"group-name\",\n security_enabled=True)\nmember = azuread.User(\"member\",\n user_principal_name=\"jdoe@example.com\",\n display_name=\"J. Doe\",\n mail_nickname=\"jdoe\",\n password=\"SecretP@sswd99!\")\nexample_group_role_management_policy = azuread.GroupRoleManagementPolicy(\"example\",\n group_id=example.id,\n role_id=\"member\",\n active_assignment_rules=azuread.GroupRoleManagementPolicyActiveAssignmentRulesArgs(\n expire_after=\"P365D\",\n ),\n eligible_assignment_rules=azuread.GroupRoleManagementPolicyEligibleAssignmentRulesArgs(\n expiration_required=False,\n ),\n notification_rules=azuread.GroupRoleManagementPolicyNotificationRulesArgs(\n eligible_assignments=azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs(\n approver_notifications=azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs(\n notification_level=\"Critical\",\n default_recipients=False,\n additional_recipients=[\n \"someone@example.com\",\n \"someone.else@example.com\",\n ],\n ),\n ),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"group-name\",\n SecurityEnabled = true,\n });\n\n var member = new AzureAD.User(\"member\", new()\n {\n UserPrincipalName = \"jdoe@example.com\",\n DisplayName = \"J. Doe\",\n MailNickname = \"jdoe\",\n Password = \"SecretP@sswd99!\",\n });\n\n var exampleGroupRoleManagementPolicy = new AzureAD.GroupRoleManagementPolicy(\"example\", new()\n {\n GroupId = example.Id,\n RoleId = \"member\",\n ActiveAssignmentRules = new AzureAD.Inputs.GroupRoleManagementPolicyActiveAssignmentRulesArgs\n {\n ExpireAfter = \"P365D\",\n },\n EligibleAssignmentRules = new AzureAD.Inputs.GroupRoleManagementPolicyEligibleAssignmentRulesArgs\n {\n ExpirationRequired = false,\n },\n NotificationRules = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesArgs\n {\n EligibleAssignments = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs\n {\n ApproverNotifications = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs\n {\n NotificationLevel = \"Critical\",\n DefaultRecipients = false,\n AdditionalRecipients = new[]\n {\n \"someone@example.com\",\n \"someone.else@example.com\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"group-name\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewUser(ctx, \"member\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"jdoe@example.com\"),\n\t\t\tDisplayName: pulumi.String(\"J. Doe\"),\n\t\t\tMailNickname: pulumi.String(\"jdoe\"),\n\t\t\tPassword: pulumi.String(\"SecretP@sswd99!\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroupRoleManagementPolicy(ctx, \"example\", \u0026azuread.GroupRoleManagementPolicyArgs{\n\t\t\tGroupId: example.ID(),\n\t\t\tRoleId: pulumi.String(\"member\"),\n\t\t\tActiveAssignmentRules: \u0026azuread.GroupRoleManagementPolicyActiveAssignmentRulesArgs{\n\t\t\t\tExpireAfter: pulumi.String(\"P365D\"),\n\t\t\t},\n\t\t\tEligibleAssignmentRules: \u0026azuread.GroupRoleManagementPolicyEligibleAssignmentRulesArgs{\n\t\t\t\tExpirationRequired: pulumi.Bool(false),\n\t\t\t},\n\t\t\tNotificationRules: \u0026azuread.GroupRoleManagementPolicyNotificationRulesArgs{\n\t\t\t\tEligibleAssignments: \u0026azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs{\n\t\t\t\t\tApproverNotifications: \u0026azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs{\n\t\t\t\t\t\tNotificationLevel: pulumi.String(\"Critical\"),\n\t\t\t\t\t\tDefaultRecipients: pulumi.Bool(false),\n\t\t\t\t\t\tAdditionalRecipients: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"someone@example.com\"),\n\t\t\t\t\t\t\tpulumi.String(\"someone.else@example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.GroupRoleManagementPolicy;\nimport com.pulumi.azuread.GroupRoleManagementPolicyArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyActiveAssignmentRulesArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyEligibleAssignmentRulesArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Group(\"example\", GroupArgs.builder() \n .displayName(\"group-name\")\n .securityEnabled(true)\n .build());\n\n var member = new User(\"member\", UserArgs.builder() \n .userPrincipalName(\"jdoe@example.com\")\n .displayName(\"J. Doe\")\n .mailNickname(\"jdoe\")\n .password(\"SecretP@sswd99!\")\n .build());\n\n var exampleGroupRoleManagementPolicy = new GroupRoleManagementPolicy(\"exampleGroupRoleManagementPolicy\", GroupRoleManagementPolicyArgs.builder() \n .groupId(example.id())\n .roleId(\"member\")\n .activeAssignmentRules(GroupRoleManagementPolicyActiveAssignmentRulesArgs.builder()\n .expireAfter(\"P365D\")\n .build())\n .eligibleAssignmentRules(GroupRoleManagementPolicyEligibleAssignmentRulesArgs.builder()\n .expirationRequired(false)\n .build())\n .notificationRules(GroupRoleManagementPolicyNotificationRulesArgs.builder()\n .eligibleAssignments(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs.builder()\n .approverNotifications(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs.builder()\n .notificationLevel(\"Critical\")\n .defaultRecipients(false)\n .additionalRecipients( \n \"someone@example.com\",\n \"someone.else@example.com\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Group\n properties:\n displayName: group-name\n securityEnabled: true\n member:\n type: azuread:User\n properties:\n userPrincipalName: jdoe@example.com\n displayName: J. Doe\n mailNickname: jdoe\n password: SecretP@sswd99!\n exampleGroupRoleManagementPolicy:\n type: azuread:GroupRoleManagementPolicy\n name: example\n properties:\n groupId: ${example.id}\n roleId: member\n activeAssignmentRules:\n expireAfter: P365D\n eligibleAssignmentRules:\n expirationRequired: false\n notificationRules:\n eligibleAssignments:\n approverNotifications:\n notificationLevel: Critical\n defaultRecipients: false\n additionalRecipients:\n - someone@example.com\n - someone.else@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nBecause these policies are created automatically by Entra ID, they will auto-import on first use.\n\n", "properties": { "activationRules": { "$ref": "#/types/azuread:index/GroupRoleManagementPolicyActivationRules:GroupRoleManagementPolicyActivationRules", diff --git a/provider/go.mod b/provider/go.mod index 16f3211e0..b205df77c 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -134,7 +134,7 @@ require ( github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 // indirect github.com/hashicorp/terraform-plugin-testing v1.5.1 // indirect - github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240509203949-3503c4ecac1d // indirect + github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240513072501-5f29606b5417 // indirect github.com/hashicorp/terraform-registry-address v0.2.3 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect github.com/hashicorp/vault/api v1.8.2 // indirect diff --git a/provider/go.sum b/provider/go.sum index 156f21900..fd54457af 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -2264,8 +2264,8 @@ github.com/hashicorp/terraform-plugin-sdk v1.7.0/go.mod h1:OjgQmey5VxnPej/buEhe+ github.com/hashicorp/terraform-plugin-test v1.2.0/go.mod h1:QIJHYz8j+xJtdtLrFTlzQVC0ocr3rf/OjIpgZLK56Hs= github.com/hashicorp/terraform-plugin-testing v1.5.1 h1:T4aQh9JAhmWo4+t1A7x+rnxAJHCDIYW9kXyo4sVO92c= github.com/hashicorp/terraform-plugin-testing v1.5.1/go.mod h1:dg8clO6K59rZ8w9EshBmDp1CxTIPu3yA4iaDpX1h5u0= -github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240509203949-3503c4ecac1d h1:Hrtiw5ksSBVl9eVcjbSSrZ7sWUPMQdjIxYe1UphTa6I= -github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240509203949-3503c4ecac1d/go.mod h1:U3wupRNisNU5eP+kqfCWLFApydrSw0U0v1b/yZZpwsk= +github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240513072501-5f29606b5417 h1:0swSdt1VXk/MN1QrnpJ/pgG5W884mw7kpcJOy/AQuao= +github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240513072501-5f29606b5417/go.mod h1:U3wupRNisNU5eP+kqfCWLFApydrSw0U0v1b/yZZpwsk= github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI= github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg= diff --git a/provider/shim/go.mod b/provider/shim/go.mod index dca116c0e..3679f2a8e 100644 --- a/provider/shim/go.mod +++ b/provider/shim/go.mod @@ -4,7 +4,7 @@ go 1.21.3 require ( github.com/hashicorp/terraform-plugin-sdk/v2 v2.29.0 - github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240509203949-3503c4ecac1d + github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240513072501-5f29606b5417 ) require ( diff --git a/provider/shim/go.sum b/provider/shim/go.sum index 04f651acf..acbc4e976 100644 --- a/provider/shim/go.sum +++ b/provider/shim/go.sum @@ -90,8 +90,8 @@ github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9T github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= github.com/hashicorp/terraform-plugin-testing v1.5.1 h1:T4aQh9JAhmWo4+t1A7x+rnxAJHCDIYW9kXyo4sVO92c= github.com/hashicorp/terraform-plugin-testing v1.5.1/go.mod h1:dg8clO6K59rZ8w9EshBmDp1CxTIPu3yA4iaDpX1h5u0= -github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240509203949-3503c4ecac1d h1:Hrtiw5ksSBVl9eVcjbSSrZ7sWUPMQdjIxYe1UphTa6I= -github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240509203949-3503c4ecac1d/go.mod h1:U3wupRNisNU5eP+kqfCWLFApydrSw0U0v1b/yZZpwsk= +github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240513072501-5f29606b5417 h1:0swSdt1VXk/MN1QrnpJ/pgG5W884mw7kpcJOy/AQuao= +github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240513072501-5f29606b5417/go.mod h1:U3wupRNisNU5eP+kqfCWLFApydrSw0U0v1b/yZZpwsk= github.com/hashicorp/terraform-registry-address v0.2.2 h1:lPQBg403El8PPicg/qONZJDC6YlgCVbWDtNmmZKtBno= github.com/hashicorp/terraform-registry-address v0.2.2/go.mod h1:LtwNbCihUoUZ3RYriyS2wF/lGPB6gF9ICLRtuDk7hSo= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= diff --git a/sdk/dotnet/GroupRoleManagementPolicy.cs b/sdk/dotnet/GroupRoleManagementPolicy.cs index 67880cb14..21d3f0fbd 100644 --- a/sdk/dotnet/GroupRoleManagementPolicy.cs +++ b/sdk/dotnet/GroupRoleManagementPolicy.cs @@ -19,6 +19,67 @@ namespace Pulumi.AzureAD /// When authenticated with a service principal, this resource requires the `RoleManagementPolicy.ReadWrite.AzureADGroup` Microsoft Graph API permissions. /// /// When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using AzureAD = Pulumi.AzureAD; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var example = new AzureAD.Group("example", new() + /// { + /// DisplayName = "group-name", + /// SecurityEnabled = true, + /// }); + /// + /// var member = new AzureAD.User("member", new() + /// { + /// UserPrincipalName = "jdoe@example.com", + /// DisplayName = "J. Doe", + /// MailNickname = "jdoe", + /// Password = "SecretP@sswd99!", + /// }); + /// + /// var exampleGroupRoleManagementPolicy = new AzureAD.GroupRoleManagementPolicy("example", new() + /// { + /// GroupId = example.Id, + /// RoleId = "member", + /// ActiveAssignmentRules = new AzureAD.Inputs.GroupRoleManagementPolicyActiveAssignmentRulesArgs + /// { + /// ExpireAfter = "P365D", + /// }, + /// EligibleAssignmentRules = new AzureAD.Inputs.GroupRoleManagementPolicyEligibleAssignmentRulesArgs + /// { + /// ExpirationRequired = false, + /// }, + /// NotificationRules = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesArgs + /// { + /// EligibleAssignments = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs + /// { + /// ApproverNotifications = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs + /// { + /// NotificationLevel = "Critical", + /// DefaultRecipients = false, + /// AdditionalRecipients = new[] + /// { + /// "someone@example.com", + /// "someone.else@example.com", + /// }, + /// }, + /// }, + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// Because these policies are created automatically by Entra ID, they will auto-import on first use. /// [AzureADResourceType("azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy")] public partial class GroupRoleManagementPolicy : global::Pulumi.CustomResource diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesArgs.cs index b966c2785..4fe5507a9 100644 --- a/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesArgs.cs +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesArgs.cs @@ -19,7 +19,7 @@ public sealed class GroupRoleManagementPolicyActivationRulesArgs : global::Pulum public Input? ApprovalStage { get; set; } /// - /// The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + /// The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. /// [Input("maximumDuration")] public Input? MaximumDuration { get; set; } @@ -49,7 +49,7 @@ public sealed class GroupRoleManagementPolicyActivationRulesArgs : global::Pulum public Input? RequireTicketInfo { get; set; } /// - /// The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + /// The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `require_multifactor_authentication`. /// [Input("requiredConditionalAccessAuthenticationContext")] public Input? RequiredConditionalAccessAuthenticationContext { get; set; } diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesGetArgs.cs index baabbe97c..452396e2b 100644 --- a/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesGetArgs.cs +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesGetArgs.cs @@ -19,7 +19,7 @@ public sealed class GroupRoleManagementPolicyActivationRulesGetArgs : global::Pu public Input? ApprovalStage { get; set; } /// - /// The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + /// The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. /// [Input("maximumDuration")] public Input? MaximumDuration { get; set; } @@ -49,7 +49,7 @@ public sealed class GroupRoleManagementPolicyActivationRulesGetArgs : global::Pu public Input? RequireTicketInfo { get; set; } /// - /// The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + /// The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `require_multifactor_authentication`. /// [Input("requiredConditionalAccessAuthenticationContext")] public Input? RequiredConditionalAccessAuthenticationContext { get; set; } diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyActivationRules.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyActivationRules.cs index a5a3a21d3..976bbc1d6 100644 --- a/sdk/dotnet/Outputs/GroupRoleManagementPolicyActivationRules.cs +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyActivationRules.cs @@ -18,7 +18,7 @@ public sealed class GroupRoleManagementPolicyActivationRules /// public readonly Outputs.GroupRoleManagementPolicyActivationRulesApprovalStage? ApprovalStage; /// - /// The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + /// The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. /// public readonly string? MaximumDuration; /// @@ -38,7 +38,7 @@ public sealed class GroupRoleManagementPolicyActivationRules /// public readonly bool? RequireTicketInfo; /// - /// The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + /// The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `require_multifactor_authentication`. /// public readonly string? RequiredConditionalAccessAuthenticationContext; diff --git a/sdk/go/azuread/groupRoleManagementPolicy.go b/sdk/go/azuread/groupRoleManagementPolicy.go index 1c2072619..941511186 100644 --- a/sdk/go/azuread/groupRoleManagementPolicy.go +++ b/sdk/go/azuread/groupRoleManagementPolicy.go @@ -21,6 +21,71 @@ import ( // When authenticated with a service principal, this resource requires the `RoleManagementPolicy.ReadWrite.AzureADGroup` Microsoft Graph API permissions. // // When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. +// +// ## Example Usage +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// example, err := azuread.NewGroup(ctx, "example", &azuread.GroupArgs{ +// DisplayName: pulumi.String("group-name"), +// SecurityEnabled: pulumi.Bool(true), +// }) +// if err != nil { +// return err +// } +// _, err = azuread.NewUser(ctx, "member", &azuread.UserArgs{ +// UserPrincipalName: pulumi.String("jdoe@example.com"), +// DisplayName: pulumi.String("J. Doe"), +// MailNickname: pulumi.String("jdoe"), +// Password: pulumi.String("SecretP@sswd99!"), +// }) +// if err != nil { +// return err +// } +// _, err = azuread.NewGroupRoleManagementPolicy(ctx, "example", &azuread.GroupRoleManagementPolicyArgs{ +// GroupId: example.ID(), +// RoleId: pulumi.String("member"), +// ActiveAssignmentRules: &azuread.GroupRoleManagementPolicyActiveAssignmentRulesArgs{ +// ExpireAfter: pulumi.String("P365D"), +// }, +// EligibleAssignmentRules: &azuread.GroupRoleManagementPolicyEligibleAssignmentRulesArgs{ +// ExpirationRequired: pulumi.Bool(false), +// }, +// NotificationRules: &azuread.GroupRoleManagementPolicyNotificationRulesArgs{ +// EligibleAssignments: &azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs{ +// ApproverNotifications: &azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs{ +// NotificationLevel: pulumi.String("Critical"), +// DefaultRecipients: pulumi.Bool(false), +// AdditionalRecipients: pulumi.StringArray{ +// pulumi.String("someone@example.com"), +// pulumi.String("someone.else@example.com"), +// }, +// }, +// }, +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// Because these policies are created automatically by Entra ID, they will auto-import on first use. type GroupRoleManagementPolicy struct { pulumi.CustomResourceState diff --git a/sdk/go/azuread/pulumiTypes.go b/sdk/go/azuread/pulumiTypes.go index 4240842c3..a7743be9b 100644 --- a/sdk/go/azuread/pulumiTypes.go +++ b/sdk/go/azuread/pulumiTypes.go @@ -6635,7 +6635,7 @@ func (o GroupDynamicMembershipPtrOutput) Rule() pulumi.StringPtrOutput { type GroupRoleManagementPolicyActivationRules struct { // An `approvalStage` block as defined below. ApprovalStage *GroupRoleManagementPolicyActivationRulesApprovalStage `pulumi:"approvalStage"` - // The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + // The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. MaximumDuration *string `pulumi:"maximumDuration"` // Is approval required for activation. If `true` an `approvalStage` block must be provided. RequireApproval *bool `pulumi:"requireApproval"` @@ -6645,7 +6645,7 @@ type GroupRoleManagementPolicyActivationRules struct { RequireMultifactorAuthentication *bool `pulumi:"requireMultifactorAuthentication"` // Is ticket information requrired during activation of the role. RequireTicketInfo *bool `pulumi:"requireTicketInfo"` - // The Entra ID Conditional Access context that must be present for activation. Conflicts with `requireMultifactorAuthentication`. + // The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `requireMultifactorAuthentication`. RequiredConditionalAccessAuthenticationContext *string `pulumi:"requiredConditionalAccessAuthenticationContext"` } @@ -6663,7 +6663,7 @@ type GroupRoleManagementPolicyActivationRulesInput interface { type GroupRoleManagementPolicyActivationRulesArgs struct { // An `approvalStage` block as defined below. ApprovalStage GroupRoleManagementPolicyActivationRulesApprovalStagePtrInput `pulumi:"approvalStage"` - // The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + // The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. MaximumDuration pulumi.StringPtrInput `pulumi:"maximumDuration"` // Is approval required for activation. If `true` an `approvalStage` block must be provided. RequireApproval pulumi.BoolPtrInput `pulumi:"requireApproval"` @@ -6673,7 +6673,7 @@ type GroupRoleManagementPolicyActivationRulesArgs struct { RequireMultifactorAuthentication pulumi.BoolPtrInput `pulumi:"requireMultifactorAuthentication"` // Is ticket information requrired during activation of the role. RequireTicketInfo pulumi.BoolPtrInput `pulumi:"requireTicketInfo"` - // The Entra ID Conditional Access context that must be present for activation. Conflicts with `requireMultifactorAuthentication`. + // The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `requireMultifactorAuthentication`. RequiredConditionalAccessAuthenticationContext pulumi.StringPtrInput `pulumi:"requiredConditionalAccessAuthenticationContext"` } @@ -6761,7 +6761,7 @@ func (o GroupRoleManagementPolicyActivationRulesOutput) ApprovalStage() GroupRol }).(GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput) } -// The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. +// The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. func (o GroupRoleManagementPolicyActivationRulesOutput) MaximumDuration() pulumi.StringPtrOutput { return o.ApplyT(func(v GroupRoleManagementPolicyActivationRules) *string { return v.MaximumDuration }).(pulumi.StringPtrOutput) } @@ -6786,7 +6786,7 @@ func (o GroupRoleManagementPolicyActivationRulesOutput) RequireTicketInfo() pulu return o.ApplyT(func(v GroupRoleManagementPolicyActivationRules) *bool { return v.RequireTicketInfo }).(pulumi.BoolPtrOutput) } -// The Entra ID Conditional Access context that must be present for activation. Conflicts with `requireMultifactorAuthentication`. +// The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `requireMultifactorAuthentication`. func (o GroupRoleManagementPolicyActivationRulesOutput) RequiredConditionalAccessAuthenticationContext() pulumi.StringPtrOutput { return o.ApplyT(func(v GroupRoleManagementPolicyActivationRules) *string { return v.RequiredConditionalAccessAuthenticationContext @@ -6827,7 +6827,7 @@ func (o GroupRoleManagementPolicyActivationRulesPtrOutput) ApprovalStage() Group }).(GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput) } -// The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. +// The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. func (o GroupRoleManagementPolicyActivationRulesPtrOutput) MaximumDuration() pulumi.StringPtrOutput { return o.ApplyT(func(v *GroupRoleManagementPolicyActivationRules) *string { if v == nil { @@ -6877,7 +6877,7 @@ func (o GroupRoleManagementPolicyActivationRulesPtrOutput) RequireTicketInfo() p }).(pulumi.BoolPtrOutput) } -// The Entra ID Conditional Access context that must be present for activation. Conflicts with `requireMultifactorAuthentication`. +// The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `requireMultifactorAuthentication`. func (o GroupRoleManagementPolicyActivationRulesPtrOutput) RequiredConditionalAccessAuthenticationContext() pulumi.StringPtrOutput { return o.ApplyT(func(v *GroupRoleManagementPolicyActivationRules) *string { if v == nil { diff --git a/sdk/java/src/main/java/com/pulumi/azuread/GroupRoleManagementPolicy.java b/sdk/java/src/main/java/com/pulumi/azuread/GroupRoleManagementPolicy.java index f20eb7057..984fbd4b3 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/GroupRoleManagementPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/GroupRoleManagementPolicy.java @@ -76,7 +76,7 @@ * * var exampleGroupRoleManagementPolicy = new GroupRoleManagementPolicy("exampleGroupRoleManagementPolicy", GroupRoleManagementPolicyArgs.builder() * .groupId(example.id()) - * .assignmentType("member") + * .roleId("member") * .activeAssignmentRules(GroupRoleManagementPolicyActiveAssignmentRulesArgs.builder() * .expireAfter("P365D") * .build()) diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyActivationRulesArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyActivationRulesArgs.java index a57e90c68..0dae0f0f6 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyActivationRulesArgs.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyActivationRulesArgs.java @@ -33,14 +33,14 @@ public Optional maximumDuration; /** - * @return The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + * @return The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. * */ public Optional> maximumDuration() { @@ -108,14 +108,14 @@ public Optional> requireTicketInfo() { } /** - * The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + * The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `require_multifactor_authentication`. * */ @Import(name="requiredConditionalAccessAuthenticationContext") private @Nullable Output requiredConditionalAccessAuthenticationContext; /** - * @return The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + * @return The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `require_multifactor_authentication`. * */ public Optional> requiredConditionalAccessAuthenticationContext() { @@ -174,7 +174,7 @@ public Builder approvalStage(GroupRoleManagementPolicyActivationRulesApprovalSta } /** - * @param maximumDuration The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + * @param maximumDuration The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. * * @return builder * @@ -185,7 +185,7 @@ public Builder maximumDuration(@Nullable Output maximumDuration) { } /** - * @param maximumDuration The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + * @param maximumDuration The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. * * @return builder * @@ -279,7 +279,7 @@ public Builder requireTicketInfo(Boolean requireTicketInfo) { } /** - * @param requiredConditionalAccessAuthenticationContext The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + * @param requiredConditionalAccessAuthenticationContext The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `require_multifactor_authentication`. * * @return builder * @@ -290,7 +290,7 @@ public Builder requiredConditionalAccessAuthenticationContext(@Nullable Output approvalS return Optional.ofNullable(this.approvalStage); } /** - * @return The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + * @return The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. * */ public Optional maximumDuration() { @@ -93,7 +93,7 @@ public Optional requireTicketInfo() { return Optional.ofNullable(this.requireTicketInfo); } /** - * @return The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + * @return The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `require_multifactor_authentication`. * */ public Optional requiredConditionalAccessAuthenticationContext() { diff --git a/sdk/nodejs/groupRoleManagementPolicy.ts b/sdk/nodejs/groupRoleManagementPolicy.ts index 3bcbd684b..e720c5031 100644 --- a/sdk/nodejs/groupRoleManagementPolicy.ts +++ b/sdk/nodejs/groupRoleManagementPolicy.ts @@ -16,6 +16,50 @@ import * as utilities from "./utilities"; * When authenticated with a service principal, this resource requires the `RoleManagementPolicy.ReadWrite.AzureADGroup` Microsoft Graph API permissions. * * When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + * + * ## Example Usage + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as azuread from "@pulumi/azuread"; + * + * const example = new azuread.Group("example", { + * displayName: "group-name", + * securityEnabled: true, + * }); + * const member = new azuread.User("member", { + * userPrincipalName: "jdoe@example.com", + * displayName: "J. Doe", + * mailNickname: "jdoe", + * password: "SecretP@sswd99!", + * }); + * const exampleGroupRoleManagementPolicy = new azuread.GroupRoleManagementPolicy("example", { + * groupId: example.id, + * roleId: "member", + * activeAssignmentRules: { + * expireAfter: "P365D", + * }, + * eligibleAssignmentRules: { + * expirationRequired: false, + * }, + * notificationRules: { + * eligibleAssignments: { + * approverNotifications: { + * notificationLevel: "Critical", + * defaultRecipients: false, + * additionalRecipients: [ + * "someone@example.com", + * "someone.else@example.com", + * ], + * }, + * }, + * }, + * }); + * ``` + * + * ## Import + * + * Because these policies are created automatically by Entra ID, they will auto-import on first use. */ export class GroupRoleManagementPolicy extends pulumi.CustomResource { /** diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts index 8fe9e8542..b105a5b04 100644 --- a/sdk/nodejs/types/input.ts +++ b/sdk/nodejs/types/input.ts @@ -749,7 +749,7 @@ export interface GroupRoleManagementPolicyActivationRules { */ approvalStage?: pulumi.Input; /** - * The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + * The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. */ maximumDuration?: pulumi.Input; /** @@ -769,7 +769,7 @@ export interface GroupRoleManagementPolicyActivationRules { */ requireTicketInfo?: pulumi.Input; /** - * The Entra ID Conditional Access context that must be present for activation. Conflicts with `requireMultifactorAuthentication`. + * The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `requireMultifactorAuthentication`. */ requiredConditionalAccessAuthenticationContext?: pulumi.Input; } diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts index 440b2253b..e19c75f68 100644 --- a/sdk/nodejs/types/output.ts +++ b/sdk/nodejs/types/output.ts @@ -1288,7 +1288,7 @@ export interface GroupRoleManagementPolicyActivationRules { */ approvalStage?: outputs.GroupRoleManagementPolicyActivationRulesApprovalStage; /** - * The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + * The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. */ maximumDuration: string; /** @@ -1308,7 +1308,7 @@ export interface GroupRoleManagementPolicyActivationRules { */ requireTicketInfo: boolean; /** - * The Entra ID Conditional Access context that must be present for activation. Conflicts with `requireMultifactorAuthentication`. + * The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `requireMultifactorAuthentication`. */ requiredConditionalAccessAuthenticationContext: string; } diff --git a/sdk/python/pulumi_azuread/_inputs.py b/sdk/python/pulumi_azuread/_inputs.py index 9f5b3a10e..29da9e8c6 100644 --- a/sdk/python/pulumi_azuread/_inputs.py +++ b/sdk/python/pulumi_azuread/_inputs.py @@ -2789,12 +2789,12 @@ def __init__(__self__, *, required_conditional_access_authentication_context: Optional[pulumi.Input[str]] = None): """ :param pulumi.Input['GroupRoleManagementPolicyActivationRulesApprovalStageArgs'] approval_stage: An `approval_stage` block as defined below. - :param pulumi.Input[str] maximum_duration: The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + :param pulumi.Input[str] maximum_duration: The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. :param pulumi.Input[bool] require_approval: Is approval required for activation. If `true` an `approval_stage` block must be provided. :param pulumi.Input[bool] require_justification: Is a justification required during activation of the role. :param pulumi.Input[bool] require_multifactor_authentication: Is multi-factor authentication required to activate the role. Conflicts with `required_conditional_access_authentication_context`. :param pulumi.Input[bool] require_ticket_info: Is ticket information requrired during activation of the role. - :param pulumi.Input[str] required_conditional_access_authentication_context: The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + :param pulumi.Input[str] required_conditional_access_authentication_context: The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `require_multifactor_authentication`. """ if approval_stage is not None: pulumi.set(__self__, "approval_stage", approval_stage) @@ -2827,7 +2827,7 @@ def approval_stage(self, value: Optional[pulumi.Input['GroupRoleManagementPolicy @pulumi.getter(name="maximumDuration") def maximum_duration(self) -> Optional[pulumi.Input[str]]: """ - The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. """ return pulumi.get(self, "maximum_duration") @@ -2887,7 +2887,7 @@ def require_ticket_info(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="requiredConditionalAccessAuthenticationContext") def required_conditional_access_authentication_context(self) -> Optional[pulumi.Input[str]]: """ - The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `require_multifactor_authentication`. """ return pulumi.get(self, "required_conditional_access_authentication_context") diff --git a/sdk/python/pulumi_azuread/group_role_management_policy.py b/sdk/python/pulumi_azuread/group_role_management_policy.py index a28d94369..52b8aa6fe 100644 --- a/sdk/python/pulumi_azuread/group_role_management_policy.py +++ b/sdk/python/pulumi_azuread/group_role_management_policy.py @@ -274,6 +274,47 @@ def __init__(__self__, When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + ## Example Usage + + ```python + import pulumi + import pulumi_azuread as azuread + + example = azuread.Group("example", + display_name="group-name", + security_enabled=True) + member = azuread.User("member", + user_principal_name="jdoe@example.com", + display_name="J. Doe", + mail_nickname="jdoe", + password="SecretP@sswd99!") + example_group_role_management_policy = azuread.GroupRoleManagementPolicy("example", + group_id=example.id, + role_id="member", + active_assignment_rules=azuread.GroupRoleManagementPolicyActiveAssignmentRulesArgs( + expire_after="P365D", + ), + eligible_assignment_rules=azuread.GroupRoleManagementPolicyEligibleAssignmentRulesArgs( + expiration_required=False, + ), + notification_rules=azuread.GroupRoleManagementPolicyNotificationRulesArgs( + eligible_assignments=azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs( + approver_notifications=azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs( + notification_level="Critical", + default_recipients=False, + additional_recipients=[ + "someone@example.com", + "someone.else@example.com", + ], + ), + ), + )) + ``` + + ## Import + + Because these policies are created automatically by Entra ID, they will auto-import on first use. + :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyActivationRulesArgs']] activation_rules: An `activation_rules` block as defined below. @@ -300,6 +341,47 @@ def __init__(__self__, When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + ## Example Usage + + ```python + import pulumi + import pulumi_azuread as azuread + + example = azuread.Group("example", + display_name="group-name", + security_enabled=True) + member = azuread.User("member", + user_principal_name="jdoe@example.com", + display_name="J. Doe", + mail_nickname="jdoe", + password="SecretP@sswd99!") + example_group_role_management_policy = azuread.GroupRoleManagementPolicy("example", + group_id=example.id, + role_id="member", + active_assignment_rules=azuread.GroupRoleManagementPolicyActiveAssignmentRulesArgs( + expire_after="P365D", + ), + eligible_assignment_rules=azuread.GroupRoleManagementPolicyEligibleAssignmentRulesArgs( + expiration_required=False, + ), + notification_rules=azuread.GroupRoleManagementPolicyNotificationRulesArgs( + eligible_assignments=azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs( + approver_notifications=azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs( + notification_level="Critical", + default_recipients=False, + additional_recipients=[ + "someone@example.com", + "someone.else@example.com", + ], + ), + ), + )) + ``` + + ## Import + + Because these policies are created automatically by Entra ID, they will auto-import on first use. + :param str resource_name: The name of the resource. :param GroupRoleManagementPolicyArgs args: The arguments to use to populate this resource's properties. :param pulumi.ResourceOptions opts: Options for the resource. diff --git a/sdk/python/pulumi_azuread/outputs.py b/sdk/python/pulumi_azuread/outputs.py index 2b417063c..381397a16 100644 --- a/sdk/python/pulumi_azuread/outputs.py +++ b/sdk/python/pulumi_azuread/outputs.py @@ -3033,12 +3033,12 @@ def __init__(__self__, *, required_conditional_access_authentication_context: Optional[str] = None): """ :param 'GroupRoleManagementPolicyActivationRulesApprovalStageArgs' approval_stage: An `approval_stage` block as defined below. - :param str maximum_duration: The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + :param str maximum_duration: The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. :param bool require_approval: Is approval required for activation. If `true` an `approval_stage` block must be provided. :param bool require_justification: Is a justification required during activation of the role. :param bool require_multifactor_authentication: Is multi-factor authentication required to activate the role. Conflicts with `required_conditional_access_authentication_context`. :param bool require_ticket_info: Is ticket information requrired during activation of the role. - :param str required_conditional_access_authentication_context: The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + :param str required_conditional_access_authentication_context: The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `require_multifactor_authentication`. """ if approval_stage is not None: pulumi.set(__self__, "approval_stage", approval_stage) @@ -3067,7 +3067,7 @@ def approval_stage(self) -> Optional['outputs.GroupRoleManagementPolicyActivatio @pulumi.getter(name="maximumDuration") def maximum_duration(self) -> Optional[str]: """ - The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. """ return pulumi.get(self, "maximum_duration") @@ -3107,7 +3107,7 @@ def require_ticket_info(self) -> Optional[bool]: @pulumi.getter(name="requiredConditionalAccessAuthenticationContext") def required_conditional_access_authentication_context(self) -> Optional[str]: """ - The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + The Entra ID Conditional Access context that must be present for activation (e.g `c1`). Conflicts with `require_multifactor_authentication`. """ return pulumi.get(self, "required_conditional_access_authentication_context")