diff --git a/provider/cmd/pulumi-resource-azuread/bridge-metadata.json b/provider/cmd/pulumi-resource-azuread/bridge-metadata.json index b1d32e8ef..2758185d3 100644 --- a/provider/cmd/pulumi-resource-azuread/bridge-metadata.json +++ b/provider/cmd/pulumi-resource-azuread/bridge-metadata.json @@ -598,6 +598,152 @@ "azuread_group_member": { "current": "azuread:index/groupMember:GroupMember" }, + "azuread_group_role_management_policy": { + "current": "azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy", + "fields": { + "activation_rules": { + "maxItemsOne": true, + "elem": { + "fields": { + "approval_stage": { + "maxItemsOne": true, + "elem": { + "fields": { + "primary_approver": { + "maxItemsOne": false + } + } + } + } + } + } + }, + "active_assignment_rules": { + "maxItemsOne": true + }, + "eligible_assignment_rules": { + "maxItemsOne": true + }, + "notification_rules": { + "maxItemsOne": true, + "elem": { + "fields": { + "active_assignments": { + "maxItemsOne": true, + "elem": { + "fields": { + "admin_notifications": { + "maxItemsOne": true, + "elem": { + "fields": { + "additional_recipients": { + "maxItemsOne": false + } + } + } + }, + "approver_notifications": { + "maxItemsOne": true, + "elem": { + "fields": { + "additional_recipients": { + "maxItemsOne": false + } + } + } + }, + "assignee_notifications": { + "maxItemsOne": true, + "elem": { + "fields": { + "additional_recipients": { + "maxItemsOne": false + } + } + } + } + } + } + }, + "eligible_activations": { + "maxItemsOne": true, + "elem": { + "fields": { + "admin_notifications": { + "maxItemsOne": true, + "elem": { + "fields": { + "additional_recipients": { + "maxItemsOne": false + } + } + } + }, + "approver_notifications": { + "maxItemsOne": true, + "elem": { + "fields": { + "additional_recipients": { + "maxItemsOne": false + } + } + } + }, + "assignee_notifications": { + "maxItemsOne": true, + "elem": { + "fields": { + "additional_recipients": { + "maxItemsOne": false + } + } + } + } + } + } + }, + "eligible_assignments": { + "maxItemsOne": true, + "elem": { + "fields": { + "admin_notifications": { + "maxItemsOne": true, + "elem": { + "fields": { + "additional_recipients": { + "maxItemsOne": false + } + } + } + }, + "approver_notifications": { + "maxItemsOne": true, + "elem": { + "fields": { + "additional_recipients": { + "maxItemsOne": false + } + } + } + }, + "assignee_notifications": { + "maxItemsOne": true, + "elem": { + "fields": { + "additional_recipients": { + "maxItemsOne": false + } + } + } + } + } + } + } + } + } + } + } + }, "azuread_invitation": { "current": "azuread:index/invitation:Invitation", "fields": { @@ -638,6 +784,12 @@ } } }, + "azuread_privileged_access_group_assignment_schedule": { + "current": "azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule" + }, + "azuread_privileged_access_group_eligibility_schedule": { + "current": "azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule" + }, "azuread_service_principal": { "current": "azuread:index/servicePrincipal:ServicePrincipal", "fields": { @@ -711,6 +863,21 @@ } } }, + "azuread_synchronization_job_provision_on_demand": { + "current": "azuread:index/synchronizationJobProvisionOnDemand:SynchronizationJobProvisionOnDemand", + "fields": { + "parameter": { + "maxItemsOne": false, + "elem": { + "fields": { + "subject": { + "maxItemsOne": false + } + } + } + } + } + }, "azuread_synchronization_secret": { "current": "azuread:index/synchronizationSecret:SynchronizationSecret", "fields": { @@ -973,6 +1140,9 @@ } } }, + "azuread_group_role_management_policy": { + "current": "azuread:index/getGroupRoleManagementPolicy:getGroupRoleManagementPolicy" + }, "azuread_groups": { "current": "azuread:index/getGroups:getGroups", "fields": { diff --git a/provider/cmd/pulumi-resource-azuread/schema.json b/provider/cmd/pulumi-resource-azuread/schema.json index d1b52cf01..d7fbb5660 100644 --- a/provider/cmd/pulumi-resource-azuread/schema.json +++ b/provider/cmd/pulumi-resource-azuread/schema.json @@ -1236,6 +1236,540 @@ "rule" ] }, + "azuread:index/GroupRoleManagementPolicyActivationRules:GroupRoleManagementPolicyActivationRules": { + "properties": { + "approvalStage": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyActivationRulesApprovalStage:GroupRoleManagementPolicyActivationRulesApprovalStage", + "description": "An `approval_stage` block as defined below.\n" + }, + "maximumDuration": { + "type": "string", + "description": "The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`.\n" + }, + "requireApproval": { + "type": "boolean", + "description": "Is approval required for activation. If `true` an `approval_stage` block must be provided.\n" + }, + "requireJustification": { + "type": "boolean", + "description": "Is a justification required during activation of the role.\n" + }, + "requireMultifactorAuthentication": { + "type": "boolean", + "description": "Is multi-factor authentication required to activate the role. Conflicts with `required_conditional_access_authentication_context`.\n" + }, + "requireTicketInfo": { + "type": "boolean", + "description": "Is ticket information requrired during activation of the role.\n" + }, + "requiredConditionalAccessAuthenticationContext": { + "type": "string", + "description": "The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`.\n" + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "maximumDuration", + "requireApproval", + "requireJustification", + "requireMultifactorAuthentication", + "requireTicketInfo", + "requiredConditionalAccessAuthenticationContext" + ] + } + } + }, + "azuread:index/GroupRoleManagementPolicyActivationRulesApprovalStage:GroupRoleManagementPolicyActivationRulesApprovalStage": { + "properties": { + "primaryApprovers": { + "type": "array", + "items": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover:GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover" + }, + "description": "The IDs of the users or groups who can approve the activation\n" + } + }, + "type": "object", + "required": [ + "primaryApprovers" + ] + }, + "azuread:index/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover:GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover": { + "properties": { + "objectId": { + "type": "string", + "description": "The ID of the object which will act as an approver.\n" + }, + "type": { + "type": "string", + "description": "The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`.\n" + } + }, + "type": "object", + "required": [ + "objectId" + ] + }, + "azuread:index/GroupRoleManagementPolicyActiveAssignmentRules:GroupRoleManagementPolicyActiveAssignmentRules": { + "properties": { + "expirationRequired": { + "type": "boolean", + "description": "Must an assignment have an expiry date. `false` allows permanent assignment.\n" + }, + "expireAfter": { + "type": "string", + "description": "The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`.\n" + }, + "requireJustification": { + "type": "boolean", + "description": "Is a justification required to create new assignments.\n" + }, + "requireMultifactorAuthentication": { + "type": "boolean", + "description": "Is multi-factor authentication required to create new assignments.\n" + }, + "requireTicketInfo": { + "type": "boolean", + "description": "Is ticket information required to create new assignments.\n\nOne of `expiration_required` or `expire_after` must be provided.\n" + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "expirationRequired", + "expireAfter", + "requireJustification", + "requireMultifactorAuthentication", + "requireTicketInfo" + ] + } + } + }, + "azuread:index/GroupRoleManagementPolicyEligibleAssignmentRules:GroupRoleManagementPolicyEligibleAssignmentRules": { + "properties": { + "expirationRequired": { + "type": "boolean", + "description": "Must an assignment have an expiry date. `false` allows permanent assignment.\n" + }, + "expireAfter": { + "type": "string", + "description": "The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`.\n\nOne of `expiration_required` or `expire_after` must be provided.\n" + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "expirationRequired", + "expireAfter" + ] + } + } + }, + "azuread:index/GroupRoleManagementPolicyNotificationRules:GroupRoleManagementPolicyNotificationRules": { + "properties": { + "activeAssignments": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesActiveAssignments:GroupRoleManagementPolicyNotificationRulesActiveAssignments", + "description": "A `notification_target` block as defined below to configure notfications on active role assignments.\n" + }, + "eligibleActivations": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleActivations:GroupRoleManagementPolicyNotificationRulesEligibleActivations", + "description": "A `notification_target` block as defined below for configuring notifications on activation of eligible role.\n" + }, + "eligibleAssignments": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleAssignments:GroupRoleManagementPolicyNotificationRulesEligibleAssignments", + "description": "A `notification_target` block as defined below to configure notification on eligible role assignments.\n\nAt least one `notification_target` block must be provided.\n" + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "activeAssignments", + "eligibleActivations", + "eligibleAssignments" + ] + } + } + }, + "azuread:index/GroupRoleManagementPolicyNotificationRulesActiveAssignments:GroupRoleManagementPolicyNotificationRulesActiveAssignments": { + "properties": { + "adminNotifications": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications:GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications", + "description": "Admin notification settings\n" + }, + "approverNotifications": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications:GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications", + "description": "Approver notification settings\n" + }, + "assigneeNotifications": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications:GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications", + "description": "Assignee notification settings\n" + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "adminNotifications", + "approverNotifications", + "assigneeNotifications" + ] + } + } + }, + "azuread:index/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications:GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications": { + "properties": { + "additionalRecipients": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The additional recipients to notify\n" + }, + "defaultRecipients": { + "type": "boolean", + "description": "Whether the default recipients are notified\n" + }, + "notificationLevel": { + "type": "string", + "description": "What level of notifications are sent\n" + } + }, + "type": "object", + "required": [ + "defaultRecipients", + "notificationLevel" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "additionalRecipients", + "defaultRecipients", + "notificationLevel" + ] + } + } + }, + "azuread:index/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications:GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications": { + "properties": { + "additionalRecipients": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The additional recipients to notify\n" + }, + "defaultRecipients": { + "type": "boolean", + "description": "Whether the default recipients are notified\n" + }, + "notificationLevel": { + "type": "string", + "description": "What level of notifications are sent\n" + } + }, + "type": "object", + "required": [ + "defaultRecipients", + "notificationLevel" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "additionalRecipients", + "defaultRecipients", + "notificationLevel" + ] + } + } + }, + "azuread:index/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications:GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications": { + "properties": { + "additionalRecipients": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The additional recipients to notify\n" + }, + "defaultRecipients": { + "type": "boolean", + "description": "Whether the default recipients are notified\n" + }, + "notificationLevel": { + "type": "string", + "description": "What level of notifications are sent\n" + } + }, + "type": "object", + "required": [ + "defaultRecipients", + "notificationLevel" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "additionalRecipients", + "defaultRecipients", + "notificationLevel" + ] + } + } + }, + "azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleActivations:GroupRoleManagementPolicyNotificationRulesEligibleActivations": { + "properties": { + "adminNotifications": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications:GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications", + "description": "Admin notification settings\n" + }, + "approverNotifications": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications:GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications", + "description": "Approver notification settings\n" + }, + "assigneeNotifications": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications:GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications", + "description": "Assignee notification settings\n" + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "adminNotifications", + "approverNotifications", + "assigneeNotifications" + ] + } + } + }, + "azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications:GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications": { + "properties": { + "additionalRecipients": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The additional recipients to notify\n" + }, + "defaultRecipients": { + "type": "boolean", + "description": "Whether the default recipients are notified\n" + }, + "notificationLevel": { + "type": "string", + "description": "What level of notifications are sent\n" + } + }, + "type": "object", + "required": [ + "defaultRecipients", + "notificationLevel" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "additionalRecipients", + "defaultRecipients", + "notificationLevel" + ] + } + } + }, + "azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications:GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications": { + "properties": { + "additionalRecipients": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The additional recipients to notify\n" + }, + "defaultRecipients": { + "type": "boolean", + "description": "Whether the default recipients are notified\n" + }, + "notificationLevel": { + "type": "string", + "description": "What level of notifications are sent\n" + } + }, + "type": "object", + "required": [ + "defaultRecipients", + "notificationLevel" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "additionalRecipients", + "defaultRecipients", + "notificationLevel" + ] + } + } + }, + "azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications:GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications": { + "properties": { + "additionalRecipients": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The additional recipients to notify\n" + }, + "defaultRecipients": { + "type": "boolean", + "description": "Whether the default recipients are notified\n" + }, + "notificationLevel": { + "type": "string", + "description": "What level of notifications are sent\n" + } + }, + "type": "object", + "required": [ + "defaultRecipients", + "notificationLevel" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "additionalRecipients", + "defaultRecipients", + "notificationLevel" + ] + } + } + }, + "azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleAssignments:GroupRoleManagementPolicyNotificationRulesEligibleAssignments": { + "properties": { + "adminNotifications": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications:GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications", + "description": "Admin notification settings\n" + }, + "approverNotifications": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications:GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications", + "description": "Approver notification settings\n" + }, + "assigneeNotifications": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications:GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications", + "description": "Assignee notification settings\n" + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "adminNotifications", + "approverNotifications", + "assigneeNotifications" + ] + } + } + }, + "azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications:GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications": { + "properties": { + "additionalRecipients": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The additional recipients to notify\n" + }, + "defaultRecipients": { + "type": "boolean", + "description": "Whether the default recipients are notified\n" + }, + "notificationLevel": { + "type": "string", + "description": "What level of notifications are sent\n" + } + }, + "type": "object", + "required": [ + "defaultRecipients", + "notificationLevel" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "additionalRecipients", + "defaultRecipients", + "notificationLevel" + ] + } + } + }, + "azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications:GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications": { + "properties": { + "additionalRecipients": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The additional recipients to notify\n" + }, + "defaultRecipients": { + "type": "boolean", + "description": "Whether the default recipients are notified\n" + }, + "notificationLevel": { + "type": "string", + "description": "What level of notifications are sent\n" + } + }, + "type": "object", + "required": [ + "defaultRecipients", + "notificationLevel" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "additionalRecipients", + "defaultRecipients", + "notificationLevel" + ] + } + } + }, + "azuread:index/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications:GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications": { + "properties": { + "additionalRecipients": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The additional recipients to notify\n" + }, + "defaultRecipients": { + "type": "boolean", + "description": "Whether the default recipients are notified\n" + }, + "notificationLevel": { + "type": "string", + "description": "What level of notifications are sent\n" + } + }, + "type": "object", + "required": [ + "defaultRecipients", + "notificationLevel" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "additionalRecipients", + "defaultRecipients", + "notificationLevel" + ] + } + } + }, "azuread:index/InvitationMessage:InvitationMessage": { "properties": { "additionalRecipients": { @@ -1426,16 +1960,55 @@ "value" ] } - } + } + }, + "azuread:index/ServicePrincipalSamlSingleSignOn:ServicePrincipalSamlSingleSignOn": { + "properties": { + "relayState": { + "type": "string", + "description": "The relative URI the service provider would redirect to after completion of the single sign-on flow.\n" + } + }, + "type": "object" + }, + "azuread:index/SynchronizationJobProvisionOnDemandParameter:SynchronizationJobProvisionOnDemandParameter": { + "properties": { + "ruleId": { + "type": "string", + "description": "The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template.\n", + "willReplaceOnChanges": true + }, + "subjects": { + "type": "array", + "items": { + "$ref": "#/types/azuread:index/SynchronizationJobProvisionOnDemandParameterSubject:SynchronizationJobProvisionOnDemandParameterSubject" + }, + "description": "One or more `subject` blocks as documented below.\n", + "willReplaceOnChanges": true + } + }, + "type": "object", + "required": [ + "ruleId", + "subjects" + ] }, - "azuread:index/ServicePrincipalSamlSingleSignOn:ServicePrincipalSamlSingleSignOn": { + "azuread:index/SynchronizationJobProvisionOnDemandParameterSubject:SynchronizationJobProvisionOnDemandParameterSubject": { "properties": { - "relayState": { + "objectId": { "type": "string", - "description": "The relative URI the service provider would redirect to after completion of the single sign-on flow.\n" + "description": "The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD.\n" + }, + "objectTypeName": { + "type": "string", + "description": "The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application.\n" } }, - "type": "object" + "type": "object", + "required": [ + "objectId", + "objectTypeName" + ] }, "azuread:index/SynchronizationJobSchedule:SynchronizationJobSchedule": { "properties": { @@ -3460,7 +4033,7 @@ "items": { "type": "string" }, - "description": "Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.\n" + "description": "A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.\n" }, "identifierUris": { "type": "array", @@ -3624,7 +4197,7 @@ "items": { "type": "string" }, - "description": "Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.\n" + "description": "A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.\n" }, "identifierUris": { "type": "array", @@ -3781,7 +4354,7 @@ "items": { "type": "string" }, - "description": "Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.\n" + "description": "A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`.\n" }, "identifierUris": { "type": "array", @@ -6090,7 +6663,7 @@ } }, "azuread:index/group:Group": { - "description": "Manages a group within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Group.ReadWrite.All` or `Directory.ReadWrite.All`.\n\nAlternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`.\n\nIf using the `assignable_to_role` property, this resource additionally requires one of the following application roles: `RoleManagement.ReadWrite.Directory` or `Directory.ReadWrite.All`\n\nIf specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator`\n\nWhen creating this resource in administrative units exclusively, the role `Groups Administrator` is required to be scoped on any administrative unit used.\n\nThe `external_senders_allowed`, `auto_subscribe_new_members`, `hide_from_address_lists` and `hide_from_outlook_clients` properties can only be configured when authenticating as a user and cannot be configured when authenticating as a service principal. Additionally, the user being used for authentication must be a Member of the tenant where the group is being managed and _not_ a Guest. This is a known API issue; please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) official documentation.\n\n## Example Usage\n\n*Basic example*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Group(\"example\", {\n displayName: \"example\",\n owners: [current.then(current =\u003e current.objectId)],\n securityEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.Group(\"example\",\n display_name=\"example\",\n owners=[current.object_id],\n security_enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var example = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"example\",\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n SecurityEnabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new Group(\"example\", GroupArgs.builder() \n .displayName(\"example\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .securityEnabled(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Group\n properties:\n displayName: example\n owners:\n - ${current.objectId}\n securityEnabled: true\nvariables:\n current:\n fn::invoke:\n Function: azuread:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Microsoft 365 group*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst groupOwner = new azuread.User(\"group_owner\", {\n userPrincipalName: \"example-group-owner@example.com\",\n displayName: \"Group Owner\",\n mailNickname: \"example-group-owner\",\n password: \"SecretP@sswd99!\",\n});\nconst example = new azuread.Group(\"example\", {\n displayName: \"example\",\n mailEnabled: true,\n mailNickname: \"ExampleGroup\",\n securityEnabled: true,\n types: [\"Unified\"],\n owners: [\n current.then(current =\u003e current.objectId),\n groupOwner.objectId,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\ngroup_owner = azuread.User(\"group_owner\",\n user_principal_name=\"example-group-owner@example.com\",\n display_name=\"Group Owner\",\n mail_nickname=\"example-group-owner\",\n password=\"SecretP@sswd99!\")\nexample = azuread.Group(\"example\",\n display_name=\"example\",\n mail_enabled=True,\n mail_nickname=\"ExampleGroup\",\n security_enabled=True,\n types=[\"Unified\"],\n owners=[\n current.object_id,\n group_owner.object_id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var groupOwner = new AzureAD.User(\"group_owner\", new()\n {\n UserPrincipalName = \"example-group-owner@example.com\",\n DisplayName = \"Group Owner\",\n MailNickname = \"example-group-owner\",\n Password = \"SecretP@sswd99!\",\n });\n\n var example = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"example\",\n MailEnabled = true,\n MailNickname = \"ExampleGroup\",\n SecurityEnabled = true,\n Types = new[]\n {\n \"Unified\",\n },\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n groupOwner.ObjectId,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupOwner, err := azuread.NewUser(ctx, \"group_owner\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"example-group-owner@example.com\"),\n\t\t\tDisplayName: pulumi.String(\"Group Owner\"),\n\t\t\tMailNickname: pulumi.String(\"example-group-owner\"),\n\t\t\tPassword: pulumi.String(\"SecretP@sswd99!\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tMailEnabled: pulumi.Bool(true),\n\t\t\tMailNickname: pulumi.String(\"ExampleGroup\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t\tTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Unified\"),\n\t\t\t},\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t\tgroupOwner.ObjectId,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var groupOwner = new User(\"groupOwner\", UserArgs.builder() \n .userPrincipalName(\"example-group-owner@example.com\")\n .displayName(\"Group Owner\")\n .mailNickname(\"example-group-owner\")\n .password(\"SecretP@sswd99!\")\n .build());\n\n var example = new Group(\"example\", GroupArgs.builder() \n .displayName(\"example\")\n .mailEnabled(true)\n .mailNickname(\"ExampleGroup\")\n .securityEnabled(true)\n .types(\"Unified\")\n .owners( \n current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()),\n groupOwner.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n groupOwner:\n type: azuread:User\n name: group_owner\n properties:\n userPrincipalName: example-group-owner@example.com\n displayName: Group Owner\n mailNickname: example-group-owner\n password: SecretP@sswd99!\n example:\n type: azuread:Group\n properties:\n displayName: example\n mailEnabled: true\n mailNickname: ExampleGroup\n securityEnabled: true\n types:\n - Unified\n owners:\n - ${current.objectId}\n - ${groupOwner.objectId}\nvariables:\n current:\n fn::invoke:\n Function: azuread:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Group with members*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new User(\"example\", UserArgs.builder() \n .displayName(\"J Doe\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .password(\"notSecure123\")\n .userPrincipalName(\"jdoe@example.com\")\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .displayName(\"MyGroup\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .securityEnabled(true)\n .members(example.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:User\n properties:\n displayName: J Doe\n owners:\n - ${current.objectId}\n password: notSecure123\n userPrincipalName: jdoe@example.com\n exampleGroup:\n type: azuread:Group\n name: example\n properties:\n displayName: MyGroup\n owners:\n - ${current.objectId}\n securityEnabled: true\n members:\n - ${example.objectId}\nvariables:\n current:\n fn::invoke:\n Function: azuread:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Group with dynamic membership*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Group(\"example\", {\n displayName: \"MyGroup\",\n owners: [current.then(current =\u003e current.objectId)],\n securityEnabled: true,\n types: [\"DynamicMembership\"],\n dynamicMembership: {\n enabled: true,\n rule: \"user.department -eq \\\"Sales\\\"\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.Group(\"example\",\n display_name=\"MyGroup\",\n owners=[current.object_id],\n security_enabled=True,\n types=[\"DynamicMembership\"],\n dynamic_membership=azuread.GroupDynamicMembershipArgs(\n enabled=True,\n rule=\"user.department -eq \\\"Sales\\\"\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var example = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"MyGroup\",\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n SecurityEnabled = true,\n Types = new[]\n {\n \"DynamicMembership\",\n },\n DynamicMembership = new AzureAD.Inputs.GroupDynamicMembershipArgs\n {\n Enabled = true,\n Rule = \"user.department -eq \\\"Sales\\\"\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"MyGroup\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t\tTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"DynamicMembership\"),\n\t\t\t},\n\t\t\tDynamicMembership: \u0026azuread.GroupDynamicMembershipArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tRule: pulumi.String(\"user.department -eq \\\"Sales\\\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.inputs.GroupDynamicMembershipArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new Group(\"example\", GroupArgs.builder() \n .displayName(\"MyGroup\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .securityEnabled(true)\n .types(\"DynamicMembership\")\n .dynamicMembership(GroupDynamicMembershipArgs.builder()\n .enabled(true)\n .rule(\"user.department -eq \\\"Sales\\\"\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Group\n properties:\n displayName: MyGroup\n owners:\n - ${current.objectId}\n securityEnabled: true\n types:\n - DynamicMembership\n dynamicMembership:\n enabled: true\n rule: user.department -eq \"Sales\"\nvariables:\n current:\n fn::invoke:\n Function: azuread:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGroups can be imported using their object ID, e.g.\n\n```sh\n$ pulumi import azuread:index/group:Group my_group 00000000-0000-0000-0000-000000000000\n```\n\n", + "description": "Manages a group within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Group.ReadWrite.All` or `Directory.ReadWrite.All`.\n\nAlternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`.\n\nIf using the `assignable_to_role` property, this resource additionally requires the `RoleManagement.ReadWrite.Directory` application role.\n\nIf specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Groups Administrator`, `User Administrator` or `Global Administrator`\n\nWhen creating this resource in administrative units exclusively, the role `Groups Administrator` is required to be scoped on any administrative unit used.\n\nThe `external_senders_allowed`, `auto_subscribe_new_members`, `hide_from_address_lists` and `hide_from_outlook_clients` properties can only be configured when authenticating as a user and cannot be configured when authenticating as a service principal. Additionally, the user being used for authentication must be a Member of the tenant where the group is being managed and _not_ a Guest. This is a known API issue; please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) official documentation.\n\n## Example Usage\n\n*Basic example*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Group(\"example\", {\n displayName: \"example\",\n owners: [current.then(current =\u003e current.objectId)],\n securityEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.Group(\"example\",\n display_name=\"example\",\n owners=[current.object_id],\n security_enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var example = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"example\",\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n SecurityEnabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new Group(\"example\", GroupArgs.builder() \n .displayName(\"example\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .securityEnabled(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Group\n properties:\n displayName: example\n owners:\n - ${current.objectId}\n securityEnabled: true\nvariables:\n current:\n fn::invoke:\n Function: azuread:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Microsoft 365 group*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst groupOwner = new azuread.User(\"group_owner\", {\n userPrincipalName: \"example-group-owner@example.com\",\n displayName: \"Group Owner\",\n mailNickname: \"example-group-owner\",\n password: \"SecretP@sswd99!\",\n});\nconst example = new azuread.Group(\"example\", {\n displayName: \"example\",\n mailEnabled: true,\n mailNickname: \"ExampleGroup\",\n securityEnabled: true,\n types: [\"Unified\"],\n owners: [\n current.then(current =\u003e current.objectId),\n groupOwner.objectId,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\ngroup_owner = azuread.User(\"group_owner\",\n user_principal_name=\"example-group-owner@example.com\",\n display_name=\"Group Owner\",\n mail_nickname=\"example-group-owner\",\n password=\"SecretP@sswd99!\")\nexample = azuread.Group(\"example\",\n display_name=\"example\",\n mail_enabled=True,\n mail_nickname=\"ExampleGroup\",\n security_enabled=True,\n types=[\"Unified\"],\n owners=[\n current.object_id,\n group_owner.object_id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var groupOwner = new AzureAD.User(\"group_owner\", new()\n {\n UserPrincipalName = \"example-group-owner@example.com\",\n DisplayName = \"Group Owner\",\n MailNickname = \"example-group-owner\",\n Password = \"SecretP@sswd99!\",\n });\n\n var example = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"example\",\n MailEnabled = true,\n MailNickname = \"ExampleGroup\",\n SecurityEnabled = true,\n Types = new[]\n {\n \"Unified\",\n },\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n groupOwner.ObjectId,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupOwner, err := azuread.NewUser(ctx, \"group_owner\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"example-group-owner@example.com\"),\n\t\t\tDisplayName: pulumi.String(\"Group Owner\"),\n\t\t\tMailNickname: pulumi.String(\"example-group-owner\"),\n\t\t\tPassword: pulumi.String(\"SecretP@sswd99!\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tMailEnabled: pulumi.Bool(true),\n\t\t\tMailNickname: pulumi.String(\"ExampleGroup\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t\tTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Unified\"),\n\t\t\t},\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t\tgroupOwner.ObjectId,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var groupOwner = new User(\"groupOwner\", UserArgs.builder() \n .userPrincipalName(\"example-group-owner@example.com\")\n .displayName(\"Group Owner\")\n .mailNickname(\"example-group-owner\")\n .password(\"SecretP@sswd99!\")\n .build());\n\n var example = new Group(\"example\", GroupArgs.builder() \n .displayName(\"example\")\n .mailEnabled(true)\n .mailNickname(\"ExampleGroup\")\n .securityEnabled(true)\n .types(\"Unified\")\n .owners( \n current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()),\n groupOwner.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n groupOwner:\n type: azuread:User\n name: group_owner\n properties:\n userPrincipalName: example-group-owner@example.com\n displayName: Group Owner\n mailNickname: example-group-owner\n password: SecretP@sswd99!\n example:\n type: azuread:Group\n properties:\n displayName: example\n mailEnabled: true\n mailNickname: ExampleGroup\n securityEnabled: true\n types:\n - Unified\n owners:\n - ${current.objectId}\n - ${groupOwner.objectId}\nvariables:\n current:\n fn::invoke:\n Function: azuread:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Group with members*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new User(\"example\", UserArgs.builder() \n .displayName(\"J Doe\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .password(\"notSecure123\")\n .userPrincipalName(\"jdoe@example.com\")\n .build());\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .displayName(\"MyGroup\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .securityEnabled(true)\n .members(example.objectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:User\n properties:\n displayName: J Doe\n owners:\n - ${current.objectId}\n password: notSecure123\n userPrincipalName: jdoe@example.com\n exampleGroup:\n type: azuread:Group\n name: example\n properties:\n displayName: MyGroup\n owners:\n - ${current.objectId}\n securityEnabled: true\n members:\n - ${example.objectId}\nvariables:\n current:\n fn::invoke:\n Function: azuread:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Group with dynamic membership*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst example = new azuread.Group(\"example\", {\n displayName: \"MyGroup\",\n owners: [current.then(current =\u003e current.objectId)],\n securityEnabled: true,\n types: [\"DynamicMembership\"],\n dynamicMembership: {\n enabled: true,\n rule: \"user.department -eq \\\"Sales\\\"\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample = azuread.Group(\"example\",\n display_name=\"MyGroup\",\n owners=[current.object_id],\n security_enabled=True,\n types=[\"DynamicMembership\"],\n dynamic_membership=azuread.GroupDynamicMembershipArgs(\n enabled=True,\n rule=\"user.department -eq \\\"Sales\\\"\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var example = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"MyGroup\",\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n SecurityEnabled = true,\n Types = new[]\n {\n \"DynamicMembership\",\n },\n DynamicMembership = new AzureAD.Inputs.GroupDynamicMembershipArgs\n {\n Enabled = true,\n Rule = \"user.department -eq \\\"Sales\\\"\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"MyGroup\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t\tTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"DynamicMembership\"),\n\t\t\t},\n\t\t\tDynamicMembership: \u0026azuread.GroupDynamicMembershipArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tRule: pulumi.String(\"user.department -eq \\\"Sales\\\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.inputs.GroupDynamicMembershipArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var example = new Group(\"example\", GroupArgs.builder() \n .displayName(\"MyGroup\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .securityEnabled(true)\n .types(\"DynamicMembership\")\n .dynamicMembership(GroupDynamicMembershipArgs.builder()\n .enabled(true)\n .rule(\"user.department -eq \\\"Sales\\\"\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Group\n properties:\n displayName: MyGroup\n owners:\n - ${current.objectId}\n securityEnabled: true\n types:\n - DynamicMembership\n dynamicMembership:\n enabled: true\n rule: user.department -eq \"Sales\"\nvariables:\n current:\n fn::invoke:\n Function: azuread:getClientConfig\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGroups can be imported using their object ID, e.g.\n\n```sh\n$ pulumi import azuread:index/group:Group my_group 00000000-0000-0000-0000-000000000000\n```\n\n", "properties": { "administrativeUnitIds": { "type": "array", @@ -6112,7 +6685,7 @@ "items": { "type": "string" }, - "description": "A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.\n" + "description": "A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.\n" }, "description": { "type": "string", @@ -6281,7 +6854,7 @@ "items": { "type": "string" }, - "description": "A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.\n", + "description": "A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.\n", "willReplaceOnChanges": true }, "description": { @@ -6399,7 +6972,7 @@ "items": { "type": "string" }, - "description": "A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.\n", + "description": "A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.\n", "willReplaceOnChanges": true }, "description": { @@ -6581,6 +7154,125 @@ "type": "object" } }, + "azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy": { + "description": "Manage a role policy for an Azure AD group.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the `RoleManagementPolicy.ReadWrite.AzureADGroup` Microsoft Graph API permissions.\n\nWhen authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.GroupRoleManagementPolicy;\nimport com.pulumi.azuread.GroupRoleManagementPolicyArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyActiveAssignmentRulesArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyEligibleAssignmentRulesArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs;\nimport com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Group(\"example\", GroupArgs.builder() \n .displayName(\"group-name\")\n .securityEnabled(true)\n .build());\n\n var member = new User(\"member\", UserArgs.builder() \n .userPrincipalName(\"jdoe@example.com\")\n .displayName(\"J. Doe\")\n .mailNickname(\"jdoe\")\n .password(\"SecretP@sswd99!\")\n .build());\n\n var exampleGroupRoleManagementPolicy = new GroupRoleManagementPolicy(\"exampleGroupRoleManagementPolicy\", GroupRoleManagementPolicyArgs.builder() \n .groupId(example.id())\n .assignmentType(\"member\")\n .activeAssignmentRules(GroupRoleManagementPolicyActiveAssignmentRulesArgs.builder()\n .expireAfter(\"P365D\")\n .build())\n .eligibleAssignmentRules(GroupRoleManagementPolicyEligibleAssignmentRulesArgs.builder()\n .expirationRequired(false)\n .build())\n .notificationRules(GroupRoleManagementPolicyNotificationRulesArgs.builder()\n .eligibleAssignments(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs.builder()\n .approverNotifications(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs.builder()\n .notificationLevel(\"Critical\")\n .defaultRecipients(false)\n .additionalRecipients( \n \"someone@example.com\",\n \"someone.else@example.com\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Group\n properties:\n displayName: group-name\n securityEnabled: true\n member:\n type: azuread:User\n properties:\n userPrincipalName: jdoe@example.com\n displayName: J. Doe\n mailNickname: jdoe\n password: SecretP@sswd99!\n exampleGroupRoleManagementPolicy:\n type: azuread:GroupRoleManagementPolicy\n name: example\n properties:\n groupId: ${example.id}\n assignmentType: member\n activeAssignmentRules:\n expireAfter: P365D\n eligibleAssignmentRules:\n expirationRequired: false\n notificationRules:\n eligibleAssignments:\n approverNotifications:\n notificationLevel: Critical\n defaultRecipients: false\n additionalRecipients:\n - someone@example.com\n - someone.else@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nBecause these policies are created automatically by Entra ID, they will auto-import on first use.\n\n", + "properties": { + "activationRules": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyActivationRules:GroupRoleManagementPolicyActivationRules", + "description": "An `activation_rules` block as defined below.\n" + }, + "activeAssignmentRules": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyActiveAssignmentRules:GroupRoleManagementPolicyActiveAssignmentRules", + "description": "An `active_assignment_rules` block as defined below.\n" + }, + "description": { + "type": "string", + "description": "(String) The description of this policy.\n" + }, + "displayName": { + "type": "string", + "description": "(String) The display name of this policy.\n" + }, + "eligibleAssignmentRules": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyEligibleAssignmentRules:GroupRoleManagementPolicyEligibleAssignmentRules", + "description": "An `eligible_assignment_rules` block as defined below.\n" + }, + "groupId": { + "type": "string", + "description": "The ID of the Azure AD group for which the policy applies.\n" + }, + "notificationRules": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyNotificationRules:GroupRoleManagementPolicyNotificationRules", + "description": "A `notification_rules` block as defined below.\n" + }, + "roleId": { + "type": "string", + "description": "The type of assignment this policy coveres. Can be either `member` or `owner`.\n" + } + }, + "required": [ + "activationRules", + "activeAssignmentRules", + "description", + "displayName", + "eligibleAssignmentRules", + "groupId", + "notificationRules", + "roleId" + ], + "inputProperties": { + "activationRules": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyActivationRules:GroupRoleManagementPolicyActivationRules", + "description": "An `activation_rules` block as defined below.\n" + }, + "activeAssignmentRules": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyActiveAssignmentRules:GroupRoleManagementPolicyActiveAssignmentRules", + "description": "An `active_assignment_rules` block as defined below.\n" + }, + "eligibleAssignmentRules": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyEligibleAssignmentRules:GroupRoleManagementPolicyEligibleAssignmentRules", + "description": "An `eligible_assignment_rules` block as defined below.\n" + }, + "groupId": { + "type": "string", + "description": "The ID of the Azure AD group for which the policy applies.\n", + "willReplaceOnChanges": true + }, + "notificationRules": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyNotificationRules:GroupRoleManagementPolicyNotificationRules", + "description": "A `notification_rules` block as defined below.\n" + }, + "roleId": { + "type": "string", + "description": "The type of assignment this policy coveres. Can be either `member` or `owner`.\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "groupId", + "roleId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering GroupRoleManagementPolicy resources.\n", + "properties": { + "activationRules": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyActivationRules:GroupRoleManagementPolicyActivationRules", + "description": "An `activation_rules` block as defined below.\n" + }, + "activeAssignmentRules": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyActiveAssignmentRules:GroupRoleManagementPolicyActiveAssignmentRules", + "description": "An `active_assignment_rules` block as defined below.\n" + }, + "description": { + "type": "string", + "description": "(String) The description of this policy.\n" + }, + "displayName": { + "type": "string", + "description": "(String) The display name of this policy.\n" + }, + "eligibleAssignmentRules": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyEligibleAssignmentRules:GroupRoleManagementPolicyEligibleAssignmentRules", + "description": "An `eligible_assignment_rules` block as defined below.\n" + }, + "groupId": { + "type": "string", + "description": "The ID of the Azure AD group for which the policy applies.\n", + "willReplaceOnChanges": true + }, + "notificationRules": { + "$ref": "#/types/azuread:index/GroupRoleManagementPolicyNotificationRules:GroupRoleManagementPolicyNotificationRules", + "description": "A `notification_rules` block as defined below.\n" + }, + "roleId": { + "type": "string", + "description": "The type of assignment this policy coveres. Can be either `member` or `owner`.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, "azuread:index/invitation:Invitation": { "description": "Manages an invitation of a guest user within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `User.Invite.All`, `User.ReadWrite.All` or `Directory.ReadWrite.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Guest Inviter`, `User Administrator` or `Global Administrator`\n\n## Example Usage\n\n*Basic example*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Invitation(\"example\", {\n userEmailAddress: \"jdoe@example.com\",\n redirectUrl: \"https://portal.azure.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Invitation(\"example\",\n user_email_address=\"jdoe@example.com\",\n redirect_url=\"https://portal.azure.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.Invitation(\"example\", new()\n {\n UserEmailAddress = \"jdoe@example.com\",\n RedirectUrl = \"https://portal.azure.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewInvitation(ctx, \"example\", \u0026azuread.InvitationArgs{\n\t\t\tUserEmailAddress: pulumi.String(\"jdoe@example.com\"),\n\t\t\tRedirectUrl: pulumi.String(\"https://portal.azure.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Invitation;\nimport com.pulumi.azuread.InvitationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Invitation(\"example\", InvitationArgs.builder() \n .userEmailAddress(\"jdoe@example.com\")\n .redirectUrl(\"https://portal.azure.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Invitation\n properties:\n userEmailAddress: jdoe@example.com\n redirectUrl: https://portal.azure.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Invitation with standard message*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Invitation(\"example\", {\n userEmailAddress: \"jdoe@example.com\",\n redirectUrl: \"https://portal.azure.com\",\n message: {\n language: \"en-US\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Invitation(\"example\",\n user_email_address=\"jdoe@example.com\",\n redirect_url=\"https://portal.azure.com\",\n message=azuread.InvitationMessageArgs(\n language=\"en-US\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.Invitation(\"example\", new()\n {\n UserEmailAddress = \"jdoe@example.com\",\n RedirectUrl = \"https://portal.azure.com\",\n Message = new AzureAD.Inputs.InvitationMessageArgs\n {\n Language = \"en-US\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewInvitation(ctx, \"example\", \u0026azuread.InvitationArgs{\n\t\t\tUserEmailAddress: pulumi.String(\"jdoe@example.com\"),\n\t\t\tRedirectUrl: pulumi.String(\"https://portal.azure.com\"),\n\t\t\tMessage: \u0026azuread.InvitationMessageArgs{\n\t\t\t\tLanguage: pulumi.String(\"en-US\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Invitation;\nimport com.pulumi.azuread.InvitationArgs;\nimport com.pulumi.azuread.inputs.InvitationMessageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Invitation(\"example\", InvitationArgs.builder() \n .userEmailAddress(\"jdoe@example.com\")\n .redirectUrl(\"https://portal.azure.com\")\n .message(InvitationMessageArgs.builder()\n .language(\"en-US\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Invitation\n properties:\n userEmailAddress: jdoe@example.com\n redirectUrl: https://portal.azure.com\n message:\n language: en-US\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Invitation with custom message body and an additional recipient*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Invitation(\"example\", {\n userDisplayName: \"Bob Bobson\",\n userEmailAddress: \"bbobson@example.com\",\n redirectUrl: \"https://portal.azure.com\",\n message: {\n additionalRecipients: \"aaliceberg@example.com\",\n body: \"Hello there! You are invited to join my Azure tenant!\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Invitation(\"example\",\n user_display_name=\"Bob Bobson\",\n user_email_address=\"bbobson@example.com\",\n redirect_url=\"https://portal.azure.com\",\n message=azuread.InvitationMessageArgs(\n additional_recipients=\"aaliceberg@example.com\",\n body=\"Hello there! You are invited to join my Azure tenant!\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.Invitation(\"example\", new()\n {\n UserDisplayName = \"Bob Bobson\",\n UserEmailAddress = \"bbobson@example.com\",\n RedirectUrl = \"https://portal.azure.com\",\n Message = new AzureAD.Inputs.InvitationMessageArgs\n {\n AdditionalRecipients = \"aaliceberg@example.com\",\n Body = \"Hello there! You are invited to join my Azure tenant!\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewInvitation(ctx, \"example\", \u0026azuread.InvitationArgs{\n\t\t\tUserDisplayName: pulumi.String(\"Bob Bobson\"),\n\t\t\tUserEmailAddress: pulumi.String(\"bbobson@example.com\"),\n\t\t\tRedirectUrl: pulumi.String(\"https://portal.azure.com\"),\n\t\t\tMessage: \u0026azuread.InvitationMessageArgs{\n\t\t\t\tAdditionalRecipients: pulumi.String(\"aaliceberg@example.com\"),\n\t\t\t\tBody: pulumi.String(\"Hello there! You are invited to join my Azure tenant!\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Invitation;\nimport com.pulumi.azuread.InvitationArgs;\nimport com.pulumi.azuread.inputs.InvitationMessageArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Invitation(\"example\", InvitationArgs.builder() \n .userDisplayName(\"Bob Bobson\")\n .userEmailAddress(\"bbobson@example.com\")\n .redirectUrl(\"https://portal.azure.com\")\n .message(InvitationMessageArgs.builder()\n .additionalRecipients(\"aaliceberg@example.com\")\n .body(\"Hello there! You are invited to join my Azure tenant!\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Invitation\n properties:\n userDisplayName: Bob Bobson\n userEmailAddress: bbobson@example.com\n redirectUrl: https://portal.azure.com\n message:\n additionalRecipients: aaliceberg@example.com\n body: Hello there! You are invited to join my Azure tenant!\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support importing.\n\n", "properties": { @@ -6625,125 +7317,447 @@ "description": "A `message` block as documented below, which configures the message being sent to the invited user. If this block is omitted, no message will be sent.\n", "willReplaceOnChanges": true }, - "redirectUrl": { + "redirectUrl": { + "type": "string", + "description": "The URL that the user should be redirected to once the invitation is redeemed.\n", + "willReplaceOnChanges": true + }, + "userDisplayName": { + "type": "string", + "description": "The display name of the user being invited.\n", + "willReplaceOnChanges": true + }, + "userEmailAddress": { + "type": "string", + "description": "The email address of the user being invited.\n", + "willReplaceOnChanges": true + }, + "userType": { + "type": "string", + "description": "The user type of the user being invited. Must be one of `Guest` or `Member`. Only Global Administrators can invite users as members. Defaults to `Guest`.\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "redirectUrl", + "userEmailAddress" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Invitation resources.\n", + "properties": { + "message": { + "$ref": "#/types/azuread:index/InvitationMessage:InvitationMessage", + "description": "A `message` block as documented below, which configures the message being sent to the invited user. If this block is omitted, no message will be sent.\n", + "willReplaceOnChanges": true + }, + "redeemUrl": { + "type": "string", + "description": "The URL the user can use to redeem their invitation.\n" + }, + "redirectUrl": { + "type": "string", + "description": "The URL that the user should be redirected to once the invitation is redeemed.\n", + "willReplaceOnChanges": true + }, + "userDisplayName": { + "type": "string", + "description": "The display name of the user being invited.\n", + "willReplaceOnChanges": true + }, + "userEmailAddress": { + "type": "string", + "description": "The email address of the user being invited.\n", + "willReplaceOnChanges": true + }, + "userId": { + "type": "string", + "description": "Object ID of the invited user.\n" + }, + "userType": { + "type": "string", + "description": "The user type of the user being invited. Must be one of `Guest` or `Member`. Only Global Administrators can invite users as members. Defaults to `Guest`.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, + "azuread:index/namedLocation:NamedLocation": { + "description": "Manages a Named Location within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the following application roles: `Policy.ReadWrite.ConditionalAccess` and `Policy.Read.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Conditional Access Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example_ip = new azuread.NamedLocation(\"example-ip\", {\n displayName: \"IP Named Location\",\n ip: {\n ipRanges: [\n \"1.1.1.1/32\",\n \"2.2.2.2/32\",\n ],\n trusted: true,\n },\n});\nconst example_country = new azuread.NamedLocation(\"example-country\", {\n displayName: \"Country Named Location\",\n country: {\n countriesAndRegions: [\n \"GB\",\n \"US\",\n ],\n includeUnknownCountriesAndRegions: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample_ip = azuread.NamedLocation(\"example-ip\",\n display_name=\"IP Named Location\",\n ip=azuread.NamedLocationIpArgs(\n ip_ranges=[\n \"1.1.1.1/32\",\n \"2.2.2.2/32\",\n ],\n trusted=True,\n ))\nexample_country = azuread.NamedLocation(\"example-country\",\n display_name=\"Country Named Location\",\n country=azuread.NamedLocationCountryArgs(\n countries_and_regions=[\n \"GB\",\n \"US\",\n ],\n include_unknown_countries_and_regions=False,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example_ip = new AzureAD.NamedLocation(\"example-ip\", new()\n {\n DisplayName = \"IP Named Location\",\n Ip = new AzureAD.Inputs.NamedLocationIpArgs\n {\n IpRanges = new[]\n {\n \"1.1.1.1/32\",\n \"2.2.2.2/32\",\n },\n Trusted = true,\n },\n });\n\n var example_country = new AzureAD.NamedLocation(\"example-country\", new()\n {\n DisplayName = \"Country Named Location\",\n Country = new AzureAD.Inputs.NamedLocationCountryArgs\n {\n CountriesAndRegions = new[]\n {\n \"GB\",\n \"US\",\n },\n IncludeUnknownCountriesAndRegions = false,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewNamedLocation(ctx, \"example-ip\", \u0026azuread.NamedLocationArgs{\n\t\t\tDisplayName: pulumi.String(\"IP Named Location\"),\n\t\t\tIp: \u0026azuread.NamedLocationIpArgs{\n\t\t\t\tIpRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"1.1.1.1/32\"),\n\t\t\t\t\tpulumi.String(\"2.2.2.2/32\"),\n\t\t\t\t},\n\t\t\t\tTrusted: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewNamedLocation(ctx, \"example-country\", \u0026azuread.NamedLocationArgs{\n\t\t\tDisplayName: pulumi.String(\"Country Named Location\"),\n\t\t\tCountry: \u0026azuread.NamedLocationCountryArgs{\n\t\t\t\tCountriesAndRegions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"GB\"),\n\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t},\n\t\t\t\tIncludeUnknownCountriesAndRegions: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.NamedLocation;\nimport com.pulumi.azuread.NamedLocationArgs;\nimport com.pulumi.azuread.inputs.NamedLocationIpArgs;\nimport com.pulumi.azuread.inputs.NamedLocationCountryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example_ip = new NamedLocation(\"example-ip\", NamedLocationArgs.builder() \n .displayName(\"IP Named Location\")\n .ip(NamedLocationIpArgs.builder()\n .ipRanges( \n \"1.1.1.1/32\",\n \"2.2.2.2/32\")\n .trusted(true)\n .build())\n .build());\n\n var example_country = new NamedLocation(\"example-country\", NamedLocationArgs.builder() \n .displayName(\"Country Named Location\")\n .country(NamedLocationCountryArgs.builder()\n .countriesAndRegions( \n \"GB\",\n \"US\")\n .includeUnknownCountriesAndRegions(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-ip:\n type: azuread:NamedLocation\n properties:\n displayName: IP Named Location\n ip:\n ipRanges:\n - 1.1.1.1/32\n - 2.2.2.2/32\n trusted: true\n example-country:\n type: azuread:NamedLocation\n properties:\n displayName: Country Named Location\n country:\n countriesAndRegions:\n - GB\n - US\n includeUnknownCountriesAndRegions: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNamed Locations can be imported using the `id`, e.g.\n\n```sh\n$ pulumi import azuread:index/namedLocation:NamedLocation my_location 00000000-0000-0000-0000-000000000000\n```\n\n", + "properties": { + "country": { + "$ref": "#/types/azuread:index/NamedLocationCountry:NamedLocationCountry", + "description": "A `country` block as documented below, which configures a country-based named location.\n" + }, + "displayName": { + "type": "string", + "description": "The friendly name for this named location.\n" + }, + "ip": { + "$ref": "#/types/azuread:index/NamedLocationIp:NamedLocationIp", + "description": "An `ip` block as documented below, which configures an IP-based named location.\n\n\u003e Exactly one of `ip` or `country` must be specified. Changing between these forces a new resource to be created.\n" + } + }, + "required": [ + "displayName" + ], + "inputProperties": { + "country": { + "$ref": "#/types/azuread:index/NamedLocationCountry:NamedLocationCountry", + "description": "A `country` block as documented below, which configures a country-based named location.\n", + "willReplaceOnChanges": true + }, + "displayName": { + "type": "string", + "description": "The friendly name for this named location.\n" + }, + "ip": { + "$ref": "#/types/azuread:index/NamedLocationIp:NamedLocationIp", + "description": "An `ip` block as documented below, which configures an IP-based named location.\n\n\u003e Exactly one of `ip` or `country` must be specified. Changing between these forces a new resource to be created.\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "displayName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering NamedLocation resources.\n", + "properties": { + "country": { + "$ref": "#/types/azuread:index/NamedLocationCountry:NamedLocationCountry", + "description": "A `country` block as documented below, which configures a country-based named location.\n", + "willReplaceOnChanges": true + }, + "displayName": { + "type": "string", + "description": "The friendly name for this named location.\n" + }, + "ip": { + "$ref": "#/types/azuread:index/NamedLocationIp:NamedLocationIp", + "description": "An `ip` block as documented below, which configures an IP-based named location.\n\n\u003e Exactly one of `ip` or `country` must be specified. Changing between these forces a new resource to be created.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, + "azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule": { + "description": "Manages an active assignment to a privileged access group.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the `PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup` Microsoft Graph API permissions.\n\nWhen authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Group(\"example\", {\n displayName: \"group-name\",\n securityEnabled: true,\n});\nconst member = new azuread.User(\"member\", {\n userPrincipalName: \"jdoe@example.com\",\n displayName: \"J. Doe\",\n mailNickname: \"jdoe\",\n password: \"SecretP@sswd99!\",\n});\nconst examplePrivilegedAccessGroupAssignmentSchedule = new azuread.PrivilegedAccessGroupAssignmentSchedule(\"example\", {\n groupId: pim.id,\n principalId: member.id,\n assignmentType: \"member\",\n duration: \"P30D\",\n justification: \"as requested\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Group(\"example\",\n display_name=\"group-name\",\n security_enabled=True)\nmember = azuread.User(\"member\",\n user_principal_name=\"jdoe@example.com\",\n display_name=\"J. Doe\",\n mail_nickname=\"jdoe\",\n password=\"SecretP@sswd99!\")\nexample_privileged_access_group_assignment_schedule = azuread.PrivilegedAccessGroupAssignmentSchedule(\"example\",\n group_id=pim[\"id\"],\n principal_id=member.id,\n assignment_type=\"member\",\n duration=\"P30D\",\n justification=\"as requested\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"group-name\",\n SecurityEnabled = true,\n });\n\n var member = new AzureAD.User(\"member\", new()\n {\n UserPrincipalName = \"jdoe@example.com\",\n DisplayName = \"J. Doe\",\n MailNickname = \"jdoe\",\n Password = \"SecretP@sswd99!\",\n });\n\n var examplePrivilegedAccessGroupAssignmentSchedule = new AzureAD.PrivilegedAccessGroupAssignmentSchedule(\"example\", new()\n {\n GroupId = pim.Id,\n PrincipalId = member.Id,\n AssignmentType = \"member\",\n Duration = \"P30D\",\n Justification = \"as requested\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"group-name\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmember, err := azuread.NewUser(ctx, \"member\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"jdoe@example.com\"),\n\t\t\tDisplayName: pulumi.String(\"J. Doe\"),\n\t\t\tMailNickname: pulumi.String(\"jdoe\"),\n\t\t\tPassword: pulumi.String(\"SecretP@sswd99!\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewPrivilegedAccessGroupAssignmentSchedule(ctx, \"example\", \u0026azuread.PrivilegedAccessGroupAssignmentScheduleArgs{\n\t\t\tGroupId: pulumi.Any(pim.Id),\n\t\t\tPrincipalId: member.ID(),\n\t\t\tAssignmentType: pulumi.String(\"member\"),\n\t\t\tDuration: pulumi.String(\"P30D\"),\n\t\t\tJustification: pulumi.String(\"as requested\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.PrivilegedAccessGroupAssignmentSchedule;\nimport com.pulumi.azuread.PrivilegedAccessGroupAssignmentScheduleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Group(\"example\", GroupArgs.builder() \n .displayName(\"group-name\")\n .securityEnabled(true)\n .build());\n\n var member = new User(\"member\", UserArgs.builder() \n .userPrincipalName(\"jdoe@example.com\")\n .displayName(\"J. Doe\")\n .mailNickname(\"jdoe\")\n .password(\"SecretP@sswd99!\")\n .build());\n\n var examplePrivilegedAccessGroupAssignmentSchedule = new PrivilegedAccessGroupAssignmentSchedule(\"examplePrivilegedAccessGroupAssignmentSchedule\", PrivilegedAccessGroupAssignmentScheduleArgs.builder() \n .groupId(pim.id())\n .principalId(member.id())\n .assignmentType(\"member\")\n .duration(\"P30D\")\n .justification(\"as requested\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Group\n properties:\n displayName: group-name\n securityEnabled: true\n member:\n type: azuread:User\n properties:\n userPrincipalName: jdoe@example.com\n displayName: J. Doe\n mailNickname: jdoe\n password: SecretP@sswd99!\n examplePrivilegedAccessGroupAssignmentSchedule:\n type: azuread:PrivilegedAccessGroupAssignmentSchedule\n name: example\n properties:\n groupId: ${pim.id}\n principalId: ${member.id}\n assignmentType: member\n duration: P30D\n justification: as requested\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAn assignment schedule can be imported using the schedule ID, e.g.\n\n```sh\n$ pulumi import azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000\n```\n\n", + "properties": { + "assignmentType": { + "type": "string", + "description": "The type of assignment to the group. Can be either `member` or `owner`.\n" + }, + "duration": { + "type": "string", + "description": "The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).\n" + }, + "expirationDate": { + "type": "string", + "description": "The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).\n" + }, + "groupId": { + "type": "string", + "description": "The Object ID of the Azure AD group to which the principal will be assigned.\n" + }, + "justification": { + "type": "string", + "description": "The justification for this assignment. May be required by the role policy.\n" + }, + "permanentAssignment": { + "type": "boolean", + "description": "Is this assigment permanently valid.\n\nAt least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied.\n" + }, + "principalId": { + "type": "string", + "description": "The Object ID of the principal to be assigned to the above group. Can be either a user or a group.\n" + }, + "startDate": { + "type": "string", + "description": "The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.\n" + }, + "status": { + "type": "string", + "description": "(String) The provisioning status of this request.\n" + }, + "ticketNumber": { + "type": "string", + "description": "The ticket number in the ticket system approving this assignment. May be required by the role policy.\n" + }, + "ticketSystem": { + "type": "string", + "description": "The ticket system containing the ticket number approving this assignment. May be required by the role policy.\n" + } + }, + "required": [ + "assignmentType", + "expirationDate", + "groupId", + "permanentAssignment", + "principalId", + "startDate", + "status" + ], + "inputProperties": { + "assignmentType": { + "type": "string", + "description": "The type of assignment to the group. Can be either `member` or `owner`.\n", + "willReplaceOnChanges": true + }, + "duration": { + "type": "string", + "description": "The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).\n" + }, + "expirationDate": { + "type": "string", + "description": "The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).\n" + }, + "groupId": { + "type": "string", + "description": "The Object ID of the Azure AD group to which the principal will be assigned.\n", + "willReplaceOnChanges": true + }, + "justification": { + "type": "string", + "description": "The justification for this assignment. May be required by the role policy.\n" + }, + "permanentAssignment": { + "type": "boolean", + "description": "Is this assigment permanently valid.\n\nAt least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied.\n" + }, + "principalId": { "type": "string", - "description": "The URL that the user should be redirected to once the invitation is redeemed.\n", + "description": "The Object ID of the principal to be assigned to the above group. Can be either a user or a group.\n", "willReplaceOnChanges": true }, - "userDisplayName": { + "startDate": { "type": "string", - "description": "The display name of the user being invited.\n", - "willReplaceOnChanges": true + "description": "The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.\n" }, - "userEmailAddress": { + "ticketNumber": { "type": "string", - "description": "The email address of the user being invited.\n", - "willReplaceOnChanges": true + "description": "The ticket number in the ticket system approving this assignment. May be required by the role policy.\n" }, - "userType": { + "ticketSystem": { "type": "string", - "description": "The user type of the user being invited. Must be one of `Guest` or `Member`. Only Global Administrators can invite users as members. Defaults to `Guest`.\n", - "willReplaceOnChanges": true + "description": "The ticket system containing the ticket number approving this assignment. May be required by the role policy.\n" } }, "requiredInputs": [ - "redirectUrl", - "userEmailAddress" + "assignmentType", + "groupId", + "principalId" ], "stateInputs": { - "description": "Input properties used for looking up and filtering Invitation resources.\n", + "description": "Input properties used for looking up and filtering PrivilegedAccessGroupAssignmentSchedule resources.\n", "properties": { - "message": { - "$ref": "#/types/azuread:index/InvitationMessage:InvitationMessage", - "description": "A `message` block as documented below, which configures the message being sent to the invited user. If this block is omitted, no message will be sent.\n", + "assignmentType": { + "type": "string", + "description": "The type of assignment to the group. Can be either `member` or `owner`.\n", "willReplaceOnChanges": true }, - "redeemUrl": { + "duration": { "type": "string", - "description": "The URL the user can use to redeem their invitation.\n" + "description": "The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).\n" }, - "redirectUrl": { + "expirationDate": { "type": "string", - "description": "The URL that the user should be redirected to once the invitation is redeemed.\n", - "willReplaceOnChanges": true + "description": "The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).\n" }, - "userDisplayName": { + "groupId": { "type": "string", - "description": "The display name of the user being invited.\n", + "description": "The Object ID of the Azure AD group to which the principal will be assigned.\n", "willReplaceOnChanges": true }, - "userEmailAddress": { + "justification": { "type": "string", - "description": "The email address of the user being invited.\n", + "description": "The justification for this assignment. May be required by the role policy.\n" + }, + "permanentAssignment": { + "type": "boolean", + "description": "Is this assigment permanently valid.\n\nAt least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied.\n" + }, + "principalId": { + "type": "string", + "description": "The Object ID of the principal to be assigned to the above group. Can be either a user or a group.\n", "willReplaceOnChanges": true }, - "userId": { + "startDate": { "type": "string", - "description": "Object ID of the invited user.\n" + "description": "The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.\n" }, - "userType": { + "status": { "type": "string", - "description": "The user type of the user being invited. Must be one of `Guest` or `Member`. Only Global Administrators can invite users as members. Defaults to `Guest`.\n", - "willReplaceOnChanges": true + "description": "(String) The provisioning status of this request.\n" + }, + "ticketNumber": { + "type": "string", + "description": "The ticket number in the ticket system approving this assignment. May be required by the role policy.\n" + }, + "ticketSystem": { + "type": "string", + "description": "The ticket system containing the ticket number approving this assignment. May be required by the role policy.\n" } }, "type": "object" } }, - "azuread:index/namedLocation:NamedLocation": { - "description": "Manages a Named Location within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the following application roles: `Policy.ReadWrite.ConditionalAccess` and `Policy.Read.All`\n\nWhen authenticated with a user principal, this resource requires one of the following directory roles: `Conditional Access Administrator` or `Global Administrator`\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example_ip = new azuread.NamedLocation(\"example-ip\", {\n displayName: \"IP Named Location\",\n ip: {\n ipRanges: [\n \"1.1.1.1/32\",\n \"2.2.2.2/32\",\n ],\n trusted: true,\n },\n});\nconst example_country = new azuread.NamedLocation(\"example-country\", {\n displayName: \"Country Named Location\",\n country: {\n countriesAndRegions: [\n \"GB\",\n \"US\",\n ],\n includeUnknownCountriesAndRegions: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample_ip = azuread.NamedLocation(\"example-ip\",\n display_name=\"IP Named Location\",\n ip=azuread.NamedLocationIpArgs(\n ip_ranges=[\n \"1.1.1.1/32\",\n \"2.2.2.2/32\",\n ],\n trusted=True,\n ))\nexample_country = azuread.NamedLocation(\"example-country\",\n display_name=\"Country Named Location\",\n country=azuread.NamedLocationCountryArgs(\n countries_and_regions=[\n \"GB\",\n \"US\",\n ],\n include_unknown_countries_and_regions=False,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example_ip = new AzureAD.NamedLocation(\"example-ip\", new()\n {\n DisplayName = \"IP Named Location\",\n Ip = new AzureAD.Inputs.NamedLocationIpArgs\n {\n IpRanges = new[]\n {\n \"1.1.1.1/32\",\n \"2.2.2.2/32\",\n },\n Trusted = true,\n },\n });\n\n var example_country = new AzureAD.NamedLocation(\"example-country\", new()\n {\n DisplayName = \"Country Named Location\",\n Country = new AzureAD.Inputs.NamedLocationCountryArgs\n {\n CountriesAndRegions = new[]\n {\n \"GB\",\n \"US\",\n },\n IncludeUnknownCountriesAndRegions = false,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewNamedLocation(ctx, \"example-ip\", \u0026azuread.NamedLocationArgs{\n\t\t\tDisplayName: pulumi.String(\"IP Named Location\"),\n\t\t\tIp: \u0026azuread.NamedLocationIpArgs{\n\t\t\t\tIpRanges: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"1.1.1.1/32\"),\n\t\t\t\t\tpulumi.String(\"2.2.2.2/32\"),\n\t\t\t\t},\n\t\t\t\tTrusted: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewNamedLocation(ctx, \"example-country\", \u0026azuread.NamedLocationArgs{\n\t\t\tDisplayName: pulumi.String(\"Country Named Location\"),\n\t\t\tCountry: \u0026azuread.NamedLocationCountryArgs{\n\t\t\t\tCountriesAndRegions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"GB\"),\n\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t},\n\t\t\t\tIncludeUnknownCountriesAndRegions: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.NamedLocation;\nimport com.pulumi.azuread.NamedLocationArgs;\nimport com.pulumi.azuread.inputs.NamedLocationIpArgs;\nimport com.pulumi.azuread.inputs.NamedLocationCountryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example_ip = new NamedLocation(\"example-ip\", NamedLocationArgs.builder() \n .displayName(\"IP Named Location\")\n .ip(NamedLocationIpArgs.builder()\n .ipRanges( \n \"1.1.1.1/32\",\n \"2.2.2.2/32\")\n .trusted(true)\n .build())\n .build());\n\n var example_country = new NamedLocation(\"example-country\", NamedLocationArgs.builder() \n .displayName(\"Country Named Location\")\n .country(NamedLocationCountryArgs.builder()\n .countriesAndRegions( \n \"GB\",\n \"US\")\n .includeUnknownCountriesAndRegions(false)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-ip:\n type: azuread:NamedLocation\n properties:\n displayName: IP Named Location\n ip:\n ipRanges:\n - 1.1.1.1/32\n - 2.2.2.2/32\n trusted: true\n example-country:\n type: azuread:NamedLocation\n properties:\n displayName: Country Named Location\n country:\n countriesAndRegions:\n - GB\n - US\n includeUnknownCountriesAndRegions: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nNamed Locations can be imported using the `id`, e.g.\n\n```sh\n$ pulumi import azuread:index/namedLocation:NamedLocation my_location 00000000-0000-0000-0000-000000000000\n```\n\n", + "azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule": { + "description": "Manages an eligible assignment to a privileged access group.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the `PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup` Microsoft Graph API permissions.\n\nWhen authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Group(\"example\", {\n displayName: \"group-name\",\n securityEnabled: true,\n});\nconst member = new azuread.User(\"member\", {\n userPrincipalName: \"jdoe@example.com\",\n displayName: \"J. Doe\",\n mailNickname: \"jdoe\",\n password: \"SecretP@sswd99!\",\n});\nconst examplePrivilegedAccessGroupEligibilitySchedule = new azuread.PrivilegedAccessGroupEligibilitySchedule(\"example\", {\n groupId: pim.id,\n principalId: member.id,\n assignmentType: \"member\",\n duration: \"P30D\",\n justification: \"as requested\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Group(\"example\",\n display_name=\"group-name\",\n security_enabled=True)\nmember = azuread.User(\"member\",\n user_principal_name=\"jdoe@example.com\",\n display_name=\"J. Doe\",\n mail_nickname=\"jdoe\",\n password=\"SecretP@sswd99!\")\nexample_privileged_access_group_eligibility_schedule = azuread.PrivilegedAccessGroupEligibilitySchedule(\"example\",\n group_id=pim[\"id\"],\n principal_id=member.id,\n assignment_type=\"member\",\n duration=\"P30D\",\n justification=\"as requested\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"group-name\",\n SecurityEnabled = true,\n });\n\n var member = new AzureAD.User(\"member\", new()\n {\n UserPrincipalName = \"jdoe@example.com\",\n DisplayName = \"J. Doe\",\n MailNickname = \"jdoe\",\n Password = \"SecretP@sswd99!\",\n });\n\n var examplePrivilegedAccessGroupEligibilitySchedule = new AzureAD.PrivilegedAccessGroupEligibilitySchedule(\"example\", new()\n {\n GroupId = pim.Id,\n PrincipalId = member.Id,\n AssignmentType = \"member\",\n Duration = \"P30D\",\n Justification = \"as requested\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"group-name\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmember, err := azuread.NewUser(ctx, \"member\", \u0026azuread.UserArgs{\n\t\t\tUserPrincipalName: pulumi.String(\"jdoe@example.com\"),\n\t\t\tDisplayName: pulumi.String(\"J. Doe\"),\n\t\t\tMailNickname: pulumi.String(\"jdoe\"),\n\t\t\tPassword: pulumi.String(\"SecretP@sswd99!\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewPrivilegedAccessGroupEligibilitySchedule(ctx, \"example\", \u0026azuread.PrivilegedAccessGroupEligibilityScheduleArgs{\n\t\t\tGroupId: pulumi.Any(pim.Id),\n\t\t\tPrincipalId: member.ID(),\n\t\t\tAssignmentType: pulumi.String(\"member\"),\n\t\t\tDuration: pulumi.String(\"P30D\"),\n\t\t\tJustification: pulumi.String(\"as requested\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.User;\nimport com.pulumi.azuread.UserArgs;\nimport com.pulumi.azuread.PrivilegedAccessGroupEligibilitySchedule;\nimport com.pulumi.azuread.PrivilegedAccessGroupEligibilityScheduleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Group(\"example\", GroupArgs.builder() \n .displayName(\"group-name\")\n .securityEnabled(true)\n .build());\n\n var member = new User(\"member\", UserArgs.builder() \n .userPrincipalName(\"jdoe@example.com\")\n .displayName(\"J. Doe\")\n .mailNickname(\"jdoe\")\n .password(\"SecretP@sswd99!\")\n .build());\n\n var examplePrivilegedAccessGroupEligibilitySchedule = new PrivilegedAccessGroupEligibilitySchedule(\"examplePrivilegedAccessGroupEligibilitySchedule\", PrivilegedAccessGroupEligibilityScheduleArgs.builder() \n .groupId(pim.id())\n .principalId(member.id())\n .assignmentType(\"member\")\n .duration(\"P30D\")\n .justification(\"as requested\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Group\n properties:\n displayName: group-name\n securityEnabled: true\n member:\n type: azuread:User\n properties:\n userPrincipalName: jdoe@example.com\n displayName: J. Doe\n mailNickname: jdoe\n password: SecretP@sswd99!\n examplePrivilegedAccessGroupEligibilitySchedule:\n type: azuread:PrivilegedAccessGroupEligibilitySchedule\n name: example\n properties:\n groupId: ${pim.id}\n principalId: ${member.id}\n assignmentType: member\n duration: P30D\n justification: as requested\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAn assignment schedule can be imported using the schedule ID, e.g.\n\n```sh\n$ pulumi import azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000\n```\n\n", "properties": { - "country": { - "$ref": "#/types/azuread:index/NamedLocationCountry:NamedLocationCountry", - "description": "A `country` block as documented below, which configures a country-based named location.\n" + "assignmentType": { + "type": "string", + "description": "The type of assignment to the group. Can be either `member` or `owner`.\n" }, - "displayName": { + "duration": { "type": "string", - "description": "The friendly name for this named location.\n" + "description": "The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).\n" }, - "ip": { - "$ref": "#/types/azuread:index/NamedLocationIp:NamedLocationIp", - "description": "An `ip` block as documented below, which configures an IP-based named location.\n\n\u003e Exactly one of `ip` or `country` must be specified. Changing between these forces a new resource to be created.\n" + "expirationDate": { + "type": "string", + "description": "The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).\n" + }, + "groupId": { + "type": "string", + "description": "The Object ID of the Azure AD group to which the principal will be assigned.\n" + }, + "justification": { + "type": "string", + "description": "The justification for this assignment. May be required by the role policy.\n" + }, + "permanentAssignment": { + "type": "boolean", + "description": "Is this assigment permanently valid.\n\nAt least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied.\n" + }, + "principalId": { + "type": "string", + "description": "The Object ID of the principal to be assigned to the above group. Can be either a user or a group.\n" + }, + "startDate": { + "type": "string", + "description": "The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.\n" + }, + "status": { + "type": "string", + "description": "(String) The provisioning status of this request.\n" + }, + "ticketNumber": { + "type": "string", + "description": "The ticket number in the ticket system approving this assignment. May be required by the role policy.\n" + }, + "ticketSystem": { + "type": "string", + "description": "The ticket system containing the ticket number approving this assignment. May be required by the role policy.\n" } }, "required": [ - "displayName" + "assignmentType", + "expirationDate", + "groupId", + "permanentAssignment", + "principalId", + "startDate", + "status" ], "inputProperties": { - "country": { - "$ref": "#/types/azuread:index/NamedLocationCountry:NamedLocationCountry", - "description": "A `country` block as documented below, which configures a country-based named location.\n", + "assignmentType": { + "type": "string", + "description": "The type of assignment to the group. Can be either `member` or `owner`.\n", "willReplaceOnChanges": true }, - "displayName": { + "duration": { "type": "string", - "description": "The friendly name for this named location.\n" + "description": "The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).\n" }, - "ip": { - "$ref": "#/types/azuread:index/NamedLocationIp:NamedLocationIp", - "description": "An `ip` block as documented below, which configures an IP-based named location.\n\n\u003e Exactly one of `ip` or `country` must be specified. Changing between these forces a new resource to be created.\n", + "expirationDate": { + "type": "string", + "description": "The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).\n" + }, + "groupId": { + "type": "string", + "description": "The Object ID of the Azure AD group to which the principal will be assigned.\n", + "willReplaceOnChanges": true + }, + "justification": { + "type": "string", + "description": "The justification for this assignment. May be required by the role policy.\n" + }, + "permanentAssignment": { + "type": "boolean", + "description": "Is this assigment permanently valid.\n\nAt least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied.\n" + }, + "principalId": { + "type": "string", + "description": "The Object ID of the principal to be assigned to the above group. Can be either a user or a group.\n", "willReplaceOnChanges": true + }, + "startDate": { + "type": "string", + "description": "The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.\n" + }, + "ticketNumber": { + "type": "string", + "description": "The ticket number in the ticket system approving this assignment. May be required by the role policy.\n" + }, + "ticketSystem": { + "type": "string", + "description": "The ticket system containing the ticket number approving this assignment. May be required by the role policy.\n" } }, "requiredInputs": [ - "displayName" + "assignmentType", + "groupId", + "principalId" ], "stateInputs": { - "description": "Input properties used for looking up and filtering NamedLocation resources.\n", + "description": "Input properties used for looking up and filtering PrivilegedAccessGroupEligibilitySchedule resources.\n", "properties": { - "country": { - "$ref": "#/types/azuread:index/NamedLocationCountry:NamedLocationCountry", - "description": "A `country` block as documented below, which configures a country-based named location.\n", + "assignmentType": { + "type": "string", + "description": "The type of assignment to the group. Can be either `member` or `owner`.\n", "willReplaceOnChanges": true }, - "displayName": { + "duration": { "type": "string", - "description": "The friendly name for this named location.\n" + "description": "The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).\n" }, - "ip": { - "$ref": "#/types/azuread:index/NamedLocationIp:NamedLocationIp", - "description": "An `ip` block as documented below, which configures an IP-based named location.\n\n\u003e Exactly one of `ip` or `country` must be specified. Changing between these forces a new resource to be created.\n", + "expirationDate": { + "type": "string", + "description": "The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).\n" + }, + "groupId": { + "type": "string", + "description": "The Object ID of the Azure AD group to which the principal will be assigned.\n", + "willReplaceOnChanges": true + }, + "justification": { + "type": "string", + "description": "The justification for this assignment. May be required by the role policy.\n" + }, + "permanentAssignment": { + "type": "boolean", + "description": "Is this assigment permanently valid.\n\nAt least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied.\n" + }, + "principalId": { + "type": "string", + "description": "The Object ID of the principal to be assigned to the above group. Can be either a user or a group.\n", "willReplaceOnChanges": true + }, + "startDate": { + "type": "string", + "description": "The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.\n" + }, + "status": { + "type": "string", + "description": "(String) The provisioning status of this request.\n" + }, + "ticketNumber": { + "type": "string", + "description": "The ticket number in the ticket system approving this assignment. May be required by the role policy.\n" + }, + "ticketSystem": { + "type": "string", + "description": "The ticket system containing the ticket number approving this assignment. May be required by the role policy.\n" } }, "type": "object" @@ -7773,6 +8787,100 @@ "type": "object" } }, + "azuread:index/synchronizationJobProvisionOnDemand:SynchronizationJobProvisionOnDemand": { + "description": "Manages synchronization job on demand provisioning associated with a service principal (enterprise application) within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Synchronization.ReadWrite.All`\n\n## Example Usage\n\n*Basic example*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst current = azuread.getClientConfig({});\nconst exampleGroup = new azuread.Group(\"example\", {\n displayName: \"example\",\n owners: [current.then(current =\u003e current.objectId)],\n securityEnabled: true,\n});\nconst example = azuread.getApplicationTemplate({\n displayName: \"Azure Databricks SCIM Provisioning Connector\",\n});\nconst exampleApplication = new azuread.Application(\"example\", {\n displayName: \"example\",\n templateId: example.then(example =\u003e example.templateId),\n featureTags: [{\n enterprise: true,\n gallery: true,\n }],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {\n clientId: exampleApplication.clientId,\n useExisting: true,\n});\nconst exampleSynchronizationSecret = new azuread.SynchronizationSecret(\"example\", {\n servicePrincipalId: exampleServicePrincipal.id,\n credentials: [\n {\n key: \"BaseAddress\",\n value: \"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\",\n },\n {\n key: \"SecretToken\",\n value: \"some-token\",\n },\n ],\n});\nconst exampleSynchronizationJob = new azuread.SynchronizationJob(\"example\", {\n servicePrincipalId: exampleServicePrincipal.id,\n templateId: \"dataBricks\",\n enabled: true,\n});\nconst exampleSynchronizationJobProvisionOnDemand = new azuread.SynchronizationJobProvisionOnDemand(\"example\", {\n servicePrincipalId: exampleServicePrincipal.id,\n synchronizationJobId: exampleSynchronizationJob.id,\n parameters: [{\n ruleId: \"\",\n subjects: [{\n objectId: exampleGroup.objectId,\n objectTypeName: \"Group\",\n }],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\ncurrent = azuread.get_client_config()\nexample_group = azuread.Group(\"example\",\n display_name=\"example\",\n owners=[current.object_id],\n security_enabled=True)\nexample = azuread.get_application_template(display_name=\"Azure Databricks SCIM Provisioning Connector\")\nexample_application = azuread.Application(\"example\",\n display_name=\"example\",\n template_id=example.template_id,\n feature_tags=[azuread.ApplicationFeatureTagArgs(\n enterprise=True,\n gallery=True,\n )])\nexample_service_principal = azuread.ServicePrincipal(\"example\",\n client_id=example_application.client_id,\n use_existing=True)\nexample_synchronization_secret = azuread.SynchronizationSecret(\"example\",\n service_principal_id=example_service_principal.id,\n credentials=[\n azuread.SynchronizationSecretCredentialArgs(\n key=\"BaseAddress\",\n value=\"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\",\n ),\n azuread.SynchronizationSecretCredentialArgs(\n key=\"SecretToken\",\n value=\"some-token\",\n ),\n ])\nexample_synchronization_job = azuread.SynchronizationJob(\"example\",\n service_principal_id=example_service_principal.id,\n template_id=\"dataBricks\",\n enabled=True)\nexample_synchronization_job_provision_on_demand = azuread.SynchronizationJobProvisionOnDemand(\"example\",\n service_principal_id=example_service_principal.id,\n synchronization_job_id=example_synchronization_job.id,\n parameters=[azuread.SynchronizationJobProvisionOnDemandParameterArgs(\n rule_id=\"\",\n subjects=[azuread.SynchronizationJobProvisionOnDemandParameterSubjectArgs(\n object_id=example_group.object_id,\n object_type_name=\"Group\",\n )],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = AzureAD.GetClientConfig.Invoke();\n\n var exampleGroup = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"example\",\n Owners = new[]\n {\n current.Apply(getClientConfigResult =\u003e getClientConfigResult.ObjectId),\n },\n SecurityEnabled = true,\n });\n\n var example = AzureAD.GetApplicationTemplate.Invoke(new()\n {\n DisplayName = \"Azure Databricks SCIM Provisioning Connector\",\n });\n\n var exampleApplication = new AzureAD.Application(\"example\", new()\n {\n DisplayName = \"example\",\n TemplateId = example.Apply(getApplicationTemplateResult =\u003e getApplicationTemplateResult.TemplateId),\n FeatureTags = new[]\n {\n new AzureAD.Inputs.ApplicationFeatureTagArgs\n {\n Enterprise = true,\n Gallery = true,\n },\n },\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"example\", new()\n {\n ClientId = exampleApplication.ClientId,\n UseExisting = true,\n });\n\n var exampleSynchronizationSecret = new AzureAD.SynchronizationSecret(\"example\", new()\n {\n ServicePrincipalId = exampleServicePrincipal.Id,\n Credentials = new[]\n {\n new AzureAD.Inputs.SynchronizationSecretCredentialArgs\n {\n Key = \"BaseAddress\",\n Value = \"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\",\n },\n new AzureAD.Inputs.SynchronizationSecretCredentialArgs\n {\n Key = \"SecretToken\",\n Value = \"some-token\",\n },\n },\n });\n\n var exampleSynchronizationJob = new AzureAD.SynchronizationJob(\"example\", new()\n {\n ServicePrincipalId = exampleServicePrincipal.Id,\n TemplateId = \"dataBricks\",\n Enabled = true,\n });\n\n var exampleSynchronizationJobProvisionOnDemand = new AzureAD.SynchronizationJobProvisionOnDemand(\"example\", new()\n {\n ServicePrincipalId = exampleServicePrincipal.Id,\n SynchronizationJobId = exampleSynchronizationJob.Id,\n Parameters = new[]\n {\n new AzureAD.Inputs.SynchronizationJobProvisionOnDemandParameterArgs\n {\n RuleId = \"\",\n Subjects = new[]\n {\n new AzureAD.Inputs.SynchronizationJobProvisionOnDemandParameterSubjectArgs\n {\n ObjectId = exampleGroup.ObjectId,\n ObjectTypeName = \"Group\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := azuread.GetClientConfig(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGroup, err := azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tOwners: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.ObjectId),\n\t\t\t},\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := azuread.GetApplicationTemplate(ctx, \u0026azuread.GetApplicationTemplateArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Azure Databricks SCIM Provisioning Connector\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplication, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tTemplateId: pulumi.String(example.TemplateId),\n\t\t\tFeatureTags: azuread.ApplicationFeatureTagArray{\n\t\t\t\t\u0026azuread.ApplicationFeatureTagArgs{\n\t\t\t\t\tEnterprise: pulumi.Bool(true),\n\t\t\t\t\tGallery: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tClientId: exampleApplication.ClientId,\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewSynchronizationSecret(ctx, \"example\", \u0026azuread.SynchronizationSecretArgs{\n\t\t\tServicePrincipalId: exampleServicePrincipal.ID(),\n\t\t\tCredentials: azuread.SynchronizationSecretCredentialArray{\n\t\t\t\t\u0026azuread.SynchronizationSecretCredentialArgs{\n\t\t\t\t\tKey: pulumi.String(\"BaseAddress\"),\n\t\t\t\t\tValue: pulumi.String(\"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\"),\n\t\t\t\t},\n\t\t\t\t\u0026azuread.SynchronizationSecretCredentialArgs{\n\t\t\t\t\tKey: pulumi.String(\"SecretToken\"),\n\t\t\t\t\tValue: pulumi.String(\"some-token\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSynchronizationJob, err := azuread.NewSynchronizationJob(ctx, \"example\", \u0026azuread.SynchronizationJobArgs{\n\t\t\tServicePrincipalId: exampleServicePrincipal.ID(),\n\t\t\tTemplateId: pulumi.String(\"dataBricks\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewSynchronizationJobProvisionOnDemand(ctx, \"example\", \u0026azuread.SynchronizationJobProvisionOnDemandArgs{\n\t\t\tServicePrincipalId: exampleServicePrincipal.ID(),\n\t\t\tSynchronizationJobId: exampleSynchronizationJob.ID(),\n\t\t\tParameters: azuread.SynchronizationJobProvisionOnDemandParameterArray{\n\t\t\t\t\u0026azuread.SynchronizationJobProvisionOnDemandParameterArgs{\n\t\t\t\t\tRuleId: pulumi.String(\"\"),\n\t\t\t\t\tSubjects: azuread.SynchronizationJobProvisionOnDemandParameterSubjectArray{\n\t\t\t\t\t\t\u0026azuread.SynchronizationJobProvisionOnDemandParameterSubjectArgs{\n\t\t\t\t\t\t\tObjectId: exampleGroup.ObjectId,\n\t\t\t\t\t\t\tObjectTypeName: pulumi.String(\"Group\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.inputs.GetApplicationTemplateArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationFeatureTagArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.SynchronizationSecret;\nimport com.pulumi.azuread.SynchronizationSecretArgs;\nimport com.pulumi.azuread.inputs.SynchronizationSecretCredentialArgs;\nimport com.pulumi.azuread.SynchronizationJob;\nimport com.pulumi.azuread.SynchronizationJobArgs;\nimport com.pulumi.azuread.SynchronizationJobProvisionOnDemand;\nimport com.pulumi.azuread.SynchronizationJobProvisionOnDemandArgs;\nimport com.pulumi.azuread.inputs.SynchronizationJobProvisionOnDemandParameterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AzureadFunctions.getClientConfig();\n\n var exampleGroup = new Group(\"exampleGroup\", GroupArgs.builder() \n .displayName(\"example\")\n .owners(current.applyValue(getClientConfigResult -\u003e getClientConfigResult.objectId()))\n .securityEnabled(true)\n .build());\n\n final var example = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder()\n .displayName(\"Azure Databricks SCIM Provisioning Connector\")\n .build());\n\n var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder() \n .displayName(\"example\")\n .templateId(example.applyValue(getApplicationTemplateResult -\u003e getApplicationTemplateResult.templateId()))\n .featureTags(ApplicationFeatureTagArgs.builder()\n .enterprise(true)\n .gallery(true)\n .build())\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder() \n .clientId(exampleApplication.clientId())\n .useExisting(true)\n .build());\n\n var exampleSynchronizationSecret = new SynchronizationSecret(\"exampleSynchronizationSecret\", SynchronizationSecretArgs.builder() \n .servicePrincipalId(exampleServicePrincipal.id())\n .credentials( \n SynchronizationSecretCredentialArgs.builder()\n .key(\"BaseAddress\")\n .value(\"https://adb-example.azuredatabricks.net/api/2.0/preview/scim\")\n .build(),\n SynchronizationSecretCredentialArgs.builder()\n .key(\"SecretToken\")\n .value(\"some-token\")\n .build())\n .build());\n\n var exampleSynchronizationJob = new SynchronizationJob(\"exampleSynchronizationJob\", SynchronizationJobArgs.builder() \n .servicePrincipalId(exampleServicePrincipal.id())\n .templateId(\"dataBricks\")\n .enabled(true)\n .build());\n\n var exampleSynchronizationJobProvisionOnDemand = new SynchronizationJobProvisionOnDemand(\"exampleSynchronizationJobProvisionOnDemand\", SynchronizationJobProvisionOnDemandArgs.builder() \n .servicePrincipalId(exampleServicePrincipal.id())\n .synchronizationJobId(exampleSynchronizationJob.id())\n .parameters(SynchronizationJobProvisionOnDemandParameterArgs.builder()\n .ruleId(\"\")\n .subjects(SynchronizationJobProvisionOnDemandParameterSubjectArgs.builder()\n .objectId(exampleGroup.objectId())\n .objectTypeName(\"Group\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleGroup:\n type: azuread:Group\n name: example\n properties:\n displayName: example\n owners:\n - ${current.objectId}\n securityEnabled: true\n exampleApplication:\n type: azuread:Application\n name: example\n properties:\n displayName: example\n templateId: ${example.templateId}\n featureTags:\n - enterprise: true\n gallery: true\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n name: example\n properties:\n clientId: ${exampleApplication.clientId}\n useExisting: true\n exampleSynchronizationSecret:\n type: azuread:SynchronizationSecret\n name: example\n properties:\n servicePrincipalId: ${exampleServicePrincipal.id}\n credentials:\n - key: BaseAddress\n value: https://adb-example.azuredatabricks.net/api/2.0/preview/scim\n - key: SecretToken\n value: some-token\n exampleSynchronizationJob:\n type: azuread:SynchronizationJob\n name: example\n properties:\n servicePrincipalId: ${exampleServicePrincipal.id}\n templateId: dataBricks\n enabled: true\n exampleSynchronizationJobProvisionOnDemand:\n type: azuread:SynchronizationJobProvisionOnDemand\n name: example\n properties:\n servicePrincipalId: ${exampleServicePrincipal.id}\n synchronizationJobId: ${exampleSynchronizationJob.id}\n parameters:\n - ruleId:\n subjects:\n - objectId: ${exampleGroup.objectId}\n objectTypeName: Group\nvariables:\n current:\n fn::invoke:\n Function: azuread:getClientConfig\n Arguments: {}\n example:\n fn::invoke:\n Function: azuread:getApplicationTemplate\n Arguments:\n displayName: Azure Databricks SCIM Provisioning Connector\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support importing.\n\n", + "properties": { + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/azuread:index/SynchronizationJobProvisionOnDemandParameter:SynchronizationJobProvisionOnDemandParameter" + }, + "description": "One or more `parameter` blocks as documented below.\n" + }, + "servicePrincipalId": { + "type": "string", + "description": "The object ID of the service principal for the synchronization job.\n" + }, + "synchronizationJobId": { + "type": "string", + "description": "Identifier of the synchronization template this job is based on.\n" + }, + "triggers": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "parameters", + "servicePrincipalId", + "synchronizationJobId" + ], + "inputProperties": { + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/azuread:index/SynchronizationJobProvisionOnDemandParameter:SynchronizationJobProvisionOnDemandParameter" + }, + "description": "One or more `parameter` blocks as documented below.\n", + "willReplaceOnChanges": true + }, + "servicePrincipalId": { + "type": "string", + "description": "The object ID of the service principal for the synchronization job.\n", + "willReplaceOnChanges": true + }, + "synchronizationJobId": { + "type": "string", + "description": "Identifier of the synchronization template this job is based on.\n", + "willReplaceOnChanges": true + }, + "triggers": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "parameters", + "servicePrincipalId", + "synchronizationJobId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SynchronizationJobProvisionOnDemand resources.\n", + "properties": { + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/azuread:index/SynchronizationJobProvisionOnDemandParameter:SynchronizationJobProvisionOnDemandParameter" + }, + "description": "One or more `parameter` blocks as documented below.\n", + "willReplaceOnChanges": true + }, + "servicePrincipalId": { + "type": "string", + "description": "The object ID of the service principal for the synchronization job.\n", + "willReplaceOnChanges": true + }, + "synchronizationJobId": { + "type": "string", + "description": "Identifier of the synchronization template this job is based on.\n", + "willReplaceOnChanges": true + }, + "triggers": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, "azuread:index/synchronizationSecret:SynchronizationSecret": { "description": "Manages synchronization secrets associated with a service principal (enterprise application) within Azure Active Directory.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires one of the following application roles: `Application.ReadWrite.All` or `Directory.ReadWrite.All`\n\n## Example Usage\n\n*Basic example*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getApplicationTemplate({\n displayName: \"Azure Databricks SCIM Provisioning Connector\",\n});\nconst exampleApplication = new azuread.Application(\"example\", {\n displayName: \"example\",\n templateId: example.then(example =\u003e example.templateId),\n featureTags: [{\n enterprise: true,\n gallery: true,\n }],\n});\nconst exampleServicePrincipal = new azuread.ServicePrincipal(\"example\", {\n applicationId: exampleApplication.applicationId,\n useExisting: true,\n});\nconst exampleSynchronizationSecret = new azuread.SynchronizationSecret(\"example\", {\n servicePrincipalId: exampleServicePrincipal.id,\n credentials: [\n {\n key: \"BaseAddress\",\n value: \"abc\",\n },\n {\n key: \"SecretToken\",\n value: \"some-token\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_application_template(display_name=\"Azure Databricks SCIM Provisioning Connector\")\nexample_application = azuread.Application(\"example\",\n display_name=\"example\",\n template_id=example.template_id,\n feature_tags=[azuread.ApplicationFeatureTagArgs(\n enterprise=True,\n gallery=True,\n )])\nexample_service_principal = azuread.ServicePrincipal(\"example\",\n application_id=example_application.application_id,\n use_existing=True)\nexample_synchronization_secret = azuread.SynchronizationSecret(\"example\",\n service_principal_id=example_service_principal.id,\n credentials=[\n azuread.SynchronizationSecretCredentialArgs(\n key=\"BaseAddress\",\n value=\"abc\",\n ),\n azuread.SynchronizationSecretCredentialArgs(\n key=\"SecretToken\",\n value=\"some-token\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetApplicationTemplate.Invoke(new()\n {\n DisplayName = \"Azure Databricks SCIM Provisioning Connector\",\n });\n\n var exampleApplication = new AzureAD.Application(\"example\", new()\n {\n DisplayName = \"example\",\n TemplateId = example.Apply(getApplicationTemplateResult =\u003e getApplicationTemplateResult.TemplateId),\n FeatureTags = new[]\n {\n new AzureAD.Inputs.ApplicationFeatureTagArgs\n {\n Enterprise = true,\n Gallery = true,\n },\n },\n });\n\n var exampleServicePrincipal = new AzureAD.ServicePrincipal(\"example\", new()\n {\n ApplicationId = exampleApplication.ApplicationId,\n UseExisting = true,\n });\n\n var exampleSynchronizationSecret = new AzureAD.SynchronizationSecret(\"example\", new()\n {\n ServicePrincipalId = exampleServicePrincipal.Id,\n Credentials = new[]\n {\n new AzureAD.Inputs.SynchronizationSecretCredentialArgs\n {\n Key = \"BaseAddress\",\n Value = \"abc\",\n },\n new AzureAD.Inputs.SynchronizationSecretCredentialArgs\n {\n Key = \"SecretToken\",\n Value = \"some-token\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.GetApplicationTemplate(ctx, \u0026azuread.GetApplicationTemplateArgs{\n\t\t\tDisplayName: pulumi.StringRef(\"Azure Databricks SCIM Provisioning Connector\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplication, err := azuread.NewApplication(ctx, \"example\", \u0026azuread.ApplicationArgs{\n\t\t\tDisplayName: pulumi.String(\"example\"),\n\t\t\tTemplateId: pulumi.String(example.TemplateId),\n\t\t\tFeatureTags: azuread.ApplicationFeatureTagArray{\n\t\t\t\t\u0026azuread.ApplicationFeatureTagArgs{\n\t\t\t\t\tEnterprise: pulumi.Bool(true),\n\t\t\t\t\tGallery: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, \"example\", \u0026azuread.ServicePrincipalArgs{\n\t\t\tApplicationId: exampleApplication.ApplicationId,\n\t\t\tUseExisting: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = azuread.NewSynchronizationSecret(ctx, \"example\", \u0026azuread.SynchronizationSecretArgs{\n\t\t\tServicePrincipalId: exampleServicePrincipal.ID(),\n\t\t\tCredentials: azuread.SynchronizationSecretCredentialArray{\n\t\t\t\t\u0026azuread.SynchronizationSecretCredentialArgs{\n\t\t\t\t\tKey: pulumi.String(\"BaseAddress\"),\n\t\t\t\t\tValue: pulumi.String(\"abc\"),\n\t\t\t\t},\n\t\t\t\t\u0026azuread.SynchronizationSecretCredentialArgs{\n\t\t\t\t\tKey: pulumi.String(\"SecretToken\"),\n\t\t\t\t\tValue: pulumi.String(\"some-token\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetApplicationTemplateArgs;\nimport com.pulumi.azuread.Application;\nimport com.pulumi.azuread.ApplicationArgs;\nimport com.pulumi.azuread.inputs.ApplicationFeatureTagArgs;\nimport com.pulumi.azuread.ServicePrincipal;\nimport com.pulumi.azuread.ServicePrincipalArgs;\nimport com.pulumi.azuread.SynchronizationSecret;\nimport com.pulumi.azuread.SynchronizationSecretArgs;\nimport com.pulumi.azuread.inputs.SynchronizationSecretCredentialArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder()\n .displayName(\"Azure Databricks SCIM Provisioning Connector\")\n .build());\n\n var exampleApplication = new Application(\"exampleApplication\", ApplicationArgs.builder() \n .displayName(\"example\")\n .templateId(example.applyValue(getApplicationTemplateResult -\u003e getApplicationTemplateResult.templateId()))\n .featureTags(ApplicationFeatureTagArgs.builder()\n .enterprise(true)\n .gallery(true)\n .build())\n .build());\n\n var exampleServicePrincipal = new ServicePrincipal(\"exampleServicePrincipal\", ServicePrincipalArgs.builder() \n .applicationId(exampleApplication.applicationId())\n .useExisting(true)\n .build());\n\n var exampleSynchronizationSecret = new SynchronizationSecret(\"exampleSynchronizationSecret\", SynchronizationSecretArgs.builder() \n .servicePrincipalId(exampleServicePrincipal.id())\n .credentials( \n SynchronizationSecretCredentialArgs.builder()\n .key(\"BaseAddress\")\n .value(\"abc\")\n .build(),\n SynchronizationSecretCredentialArgs.builder()\n .key(\"SecretToken\")\n .value(\"some-token\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleApplication:\n type: azuread:Application\n name: example\n properties:\n displayName: example\n templateId: ${example.templateId}\n featureTags:\n - enterprise: true\n gallery: true\n exampleServicePrincipal:\n type: azuread:ServicePrincipal\n name: example\n properties:\n applicationId: ${exampleApplication.applicationId}\n useExisting: true\n exampleSynchronizationSecret:\n type: azuread:SynchronizationSecret\n name: example\n properties:\n servicePrincipalId: ${exampleServicePrincipal.id}\n credentials:\n - key: BaseAddress\n value: abc\n - key: SecretToken\n value: some-token\nvariables:\n example:\n fn::invoke:\n Function: azuread:getApplicationTemplate\n Arguments:\n displayName: Azure Databricks SCIM Provisioning Connector\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support importing.\n\n", "properties": { @@ -9284,6 +10392,10 @@ "type": "string", "description": "The display name for the group.\n" }, + "includeTransitiveMembers": { + "type": "boolean", + "description": "Whether to include transitive members (a flat list of all nested members). Defaults to `false`.\n" + }, "mailEnabled": { "type": "boolean", "description": "Whether the group is mail-enabled.\n" @@ -9352,6 +10464,9 @@ "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, + "includeTransitiveMembers": { + "type": "boolean" + }, "mail": { "description": "The SMTP address for the group.\n", "type": "string" @@ -9365,7 +10480,7 @@ "type": "string" }, "members": { - "description": "List of object IDs of the group members.\n", + "description": "List of object IDs of the group members. When `include_transitive_members` is `true`, contains a list of object IDs of all transitive group members.\n", "items": { "type": "string" }, @@ -9483,6 +10598,60 @@ "type": "object" } }, + "azuread:index/getGroupRoleManagementPolicy:getGroupRoleManagementPolicy": { + "description": "Use this data source to retrieve a role policy for an Azure AD group.\n\n## API Permissions\n\nThe following API permissions are required in order to use this resource.\n\nWhen authenticated with a service principal, this resource requires the `RoleManagementPolicy.Read.AzureADGroup` Microsoft Graph API permissions.\n\nWhen authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = new azuread.Group(\"example\", {\n displayName: \"group-name\",\n securityEnabled: true,\n});\nconst ownersPolicy = azuread.getGroupRoleManagementPolicyOutput({\n groupId: example.id,\n roleId: \"owner\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.Group(\"example\",\n display_name=\"group-name\",\n security_enabled=True)\nowners_policy = azuread.get_group_role_management_policy_output(group_id=example.id,\n role_id=\"owner\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new AzureAD.Group(\"example\", new()\n {\n DisplayName = \"group-name\",\n SecurityEnabled = true,\n });\n\n var ownersPolicy = AzureAD.GetGroupRoleManagementPolicy.Invoke(new()\n {\n GroupId = example.Id,\n RoleId = \"owner\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := azuread.NewGroup(ctx, \"example\", \u0026azuread.GroupArgs{\n\t\t\tDisplayName: pulumi.String(\"group-name\"),\n\t\t\tSecurityEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_ = azuread.LookupGroupRoleManagementPolicyOutput(ctx, azuread.GetGroupRoleManagementPolicyOutputArgs{\n\t\t\tGroupId: example.ID(),\n\t\t\tRoleId: pulumi.String(\"owner\"),\n\t\t}, nil)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.Group;\nimport com.pulumi.azuread.GroupArgs;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetGroupRoleManagementPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Group(\"example\", GroupArgs.builder() \n .displayName(\"group-name\")\n .securityEnabled(true)\n .build());\n\n final var ownersPolicy = AzureadFunctions.getGroupRoleManagementPolicy(GetGroupRoleManagementPolicyArgs.builder()\n .groupId(example.id())\n .roleId(\"owner\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: azuread:Group\n properties:\n displayName: group-name\n securityEnabled: true\nvariables:\n ownersPolicy:\n fn::invoke:\n Function: azuread:getGroupRoleManagementPolicy\n Arguments:\n groupId: ${example.id}\n roleId: owner\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "inputs": { + "description": "A collection of arguments for invoking getGroupRoleManagementPolicy.\n", + "properties": { + "groupId": { + "type": "string", + "description": "The ID of the Azure AD group for which the policy applies.\n", + "willReplaceOnChanges": true + }, + "roleId": { + "type": "string", + "description": "The type of assignment this policy coveres. Can be either `member` or `owner`.\n", + "willReplaceOnChanges": true + } + }, + "type": "object", + "required": [ + "groupId", + "roleId" + ] + }, + "outputs": { + "description": "A collection of values returned by getGroupRoleManagementPolicy.\n", + "properties": { + "description": { + "description": "(String) The description of this policy.\n", + "type": "string" + }, + "displayName": { + "description": "(String) The display name of this policy.\n", + "type": "string" + }, + "groupId": { + "type": "string" + }, + "id": { + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" + }, + "roleId": { + "type": "string" + } + }, + "required": [ + "description", + "displayName", + "groupId", + "roleId", + "id" + ], + "type": "object" + } + }, "azuread:index/getGroups:getGroups": { "description": "Gets Object IDs or Display Names for multiple Azure Active Directory groups.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires one of the following application roles: `Group.Read.All` or `Directory.Read.All`\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n*Look up by group name*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getGroups({\n displayNames: [\n \"group-a\",\n \"group-b\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_groups(display_names=[\n \"group-a\",\n \"group-b\",\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetGroups.Invoke(new()\n {\n DisplayNames = new[]\n {\n \"group-a\",\n \"group-b\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetGroups(ctx, \u0026azuread.GetGroupsArgs{\n\t\t\tDisplayNames: []string{\n\t\t\t\t\"group-a\",\n\t\t\t\t\"group-b\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getGroups(GetGroupsArgs.builder()\n .displayNames( \n \"group-a\",\n \"group-b\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: azuread:getGroups\n Arguments:\n displayNames:\n - group-a\n - group-b\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up by display name prefix*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst sales = azuread.getGroups({\n displayNamePrefix: \"sales-\",\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nsales = azuread.get_groups(display_name_prefix=\"sales-\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sales = AzureAD.GetGroups.Invoke(new()\n {\n DisplayNamePrefix = \"sales-\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetGroups(ctx, \u0026azuread.GetGroupsArgs{\n\t\t\tDisplayNamePrefix: pulumi.StringRef(\"sales-\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var sales = AzureadFunctions.getGroups(GetGroupsArgs.builder()\n .displayNamePrefix(\"sales-\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n sales:\n fn::invoke:\n Function: azuread:getGroups\n Arguments:\n displayNamePrefix: sales-\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up all groups*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst all = azuread.getGroups({\n returnAll: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nall = azuread.get_groups(return_all=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var all = AzureAD.GetGroups.Invoke(new()\n {\n ReturnAll = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetGroups(ctx, \u0026azuread.GetGroupsArgs{\n\t\t\tReturnAll: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var all = AzureadFunctions.getGroups(GetGroupsArgs.builder()\n .returnAll(true)\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n all:\n fn::invoke:\n Function: azuread:getGroups\n Arguments:\n returnAll: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up all mail-enabled groups*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst mailEnabled = azuread.getGroups({\n mailEnabled: true,\n returnAll: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nmail_enabled = azuread.get_groups(mail_enabled=True,\n return_all=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mailEnabled = AzureAD.GetGroups.Invoke(new()\n {\n MailEnabled = true,\n ReturnAll = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetGroups(ctx, \u0026azuread.GetGroupsArgs{\n\t\t\tMailEnabled: pulumi.BoolRef(true),\n\t\t\tReturnAll: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var mailEnabled = AzureadFunctions.getGroups(GetGroupsArgs.builder()\n .mailEnabled(true)\n .returnAll(true)\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n mailEnabled:\n fn::invoke:\n Function: azuread:getGroups\n Arguments:\n mailEnabled: true\n returnAll: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up all security-enabled groups that are not mail-enabled*\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst securityOnly = azuread.getGroups({\n mailEnabled: false,\n returnAll: true,\n securityEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nsecurity_only = azuread.get_groups(mail_enabled=False,\n return_all=True,\n security_enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var securityOnly = AzureAD.GetGroups.Invoke(new()\n {\n MailEnabled = false,\n ReturnAll = true,\n SecurityEnabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetGroups(ctx, \u0026azuread.GetGroupsArgs{\n\t\t\tMailEnabled: pulumi.BoolRef(false),\n\t\t\tReturnAll: pulumi.BoolRef(true),\n\t\t\tSecurityEnabled: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var securityOnly = AzureadFunctions.getGroups(GetGroupsArgs.builder()\n .mailEnabled(false)\n .returnAll(true)\n .securityEnabled(true)\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n securityOnly:\n fn::invoke:\n Function: azuread:getGroups\n Arguments:\n mailEnabled: false\n returnAll: true\n securityEnabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { @@ -9835,7 +11004,7 @@ } }, "azuread:index/getServicePrincipals:getServicePrincipals": { - "description": "Gets basic information for multiple Azure Active Directory service principals.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires one of the following application roles: `Application.Read.All` or `Directory.Read.All`\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n*Look up by application display names*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getServicePrincipals({\n displayNames: [\n \"example-app\",\n \"another-app\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_service_principals(display_names=[\n \"example-app\",\n \"another-app\",\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetServicePrincipals.Invoke(new()\n {\n DisplayNames = new[]\n {\n \"example-app\",\n \"another-app\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetServicePrincipals(ctx, \u0026azuread.GetServicePrincipalsArgs{\n\t\t\tDisplayNames: []string{\n\t\t\t\t\"example-app\",\n\t\t\t\t\"another-app\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetServicePrincipalsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getServicePrincipals(GetServicePrincipalsArgs.builder()\n .displayNames( \n \"example-app\",\n \"another-app\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: azuread:getServicePrincipals\n Arguments:\n displayNames:\n - example-app\n - another-app\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up by application IDs (client IDs*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getServicePrincipals({\n clientIds: [\n \"11111111-0000-0000-0000-000000000000\",\n \"22222222-0000-0000-0000-000000000000\",\n \"33333333-0000-0000-0000-000000000000\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_service_principals(client_ids=[\n \"11111111-0000-0000-0000-000000000000\",\n \"22222222-0000-0000-0000-000000000000\",\n \"33333333-0000-0000-0000-000000000000\",\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetServicePrincipals.Invoke(new()\n {\n ClientIds = new[]\n {\n \"11111111-0000-0000-0000-000000000000\",\n \"22222222-0000-0000-0000-000000000000\",\n \"33333333-0000-0000-0000-000000000000\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetServicePrincipals(ctx, \u0026azuread.GetServicePrincipalsArgs{\n\t\t\tClientIds: []string{\n\t\t\t\t\"11111111-0000-0000-0000-000000000000\",\n\t\t\t\t\"22222222-0000-0000-0000-000000000000\",\n\t\t\t\t\"33333333-0000-0000-0000-000000000000\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetServicePrincipalsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getServicePrincipals(GetServicePrincipalsArgs.builder()\n .clientIds( \n \"11111111-0000-0000-0000-000000000000\",\n \"22222222-0000-0000-0000-000000000000\",\n \"33333333-0000-0000-0000-000000000000\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: azuread:getServicePrincipals\n Arguments:\n clientIds:\n - 11111111-0000-0000-0000-000000000000\n - 22222222-0000-0000-0000-000000000000\n - 33333333-0000-0000-0000-000000000000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up by service principal object IDs*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getServicePrincipals({\n objectIds: [\n \"00000000-0000-0000-0000-000000000000\",\n \"00000000-0000-0000-0000-111111111111\",\n \"00000000-0000-0000-0000-222222222222\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_service_principals(object_ids=[\n \"00000000-0000-0000-0000-000000000000\",\n \"00000000-0000-0000-0000-111111111111\",\n \"00000000-0000-0000-0000-222222222222\",\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetServicePrincipals.Invoke(new()\n {\n ObjectIds = new[]\n {\n \"00000000-0000-0000-0000-000000000000\",\n \"00000000-0000-0000-0000-111111111111\",\n \"00000000-0000-0000-0000-222222222222\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetServicePrincipals(ctx, \u0026azuread.GetServicePrincipalsArgs{\n\t\t\tObjectIds: []string{\n\t\t\t\t\"00000000-0000-0000-0000-000000000000\",\n\t\t\t\t\"00000000-0000-0000-0000-111111111111\",\n\t\t\t\t\"00000000-0000-0000-0000-222222222222\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetServicePrincipalsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getServicePrincipals(GetServicePrincipalsArgs.builder()\n .objectIds( \n \"00000000-0000-0000-0000-000000000000\",\n \"00000000-0000-0000-0000-111111111111\",\n \"00000000-0000-0000-0000-222222222222\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: azuread:getServicePrincipals\n Arguments:\n objectIds:\n - 00000000-0000-0000-0000-000000000000\n - 00000000-0000-0000-0000-111111111111\n - 00000000-0000-0000-0000-222222222222\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Gets basic information for multiple Azure Active Directory service principals.\n\n## API Permissions\n\nThe following API permissions are required in order to use this data source.\n\nWhen authenticated with a service principal, this data source requires one of the following application roles: `Application.Read.All` or `Directory.Read.All`\n\nWhen authenticated with a user principal, this data source does not require any additional roles.\n\n## Example Usage\n\n*Look up by application display names*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getServicePrincipals({\n displayNames: [\n \"example-app\",\n \"another-app\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_service_principals(display_names=[\n \"example-app\",\n \"another-app\",\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetServicePrincipals.Invoke(new()\n {\n DisplayNames = new[]\n {\n \"example-app\",\n \"another-app\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetServicePrincipals(ctx, \u0026azuread.GetServicePrincipalsArgs{\n\t\t\tDisplayNames: []string{\n\t\t\t\t\"example-app\",\n\t\t\t\t\"another-app\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetServicePrincipalsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getServicePrincipals(GetServicePrincipalsArgs.builder()\n .displayNames( \n \"example-app\",\n \"another-app\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: azuread:getServicePrincipals\n Arguments:\n displayNames:\n - example-app\n - another-app\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up by application IDs (client IDs)*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getServicePrincipals({\n clientIds: [\n \"11111111-0000-0000-0000-000000000000\",\n \"22222222-0000-0000-0000-000000000000\",\n \"33333333-0000-0000-0000-000000000000\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_service_principals(client_ids=[\n \"11111111-0000-0000-0000-000000000000\",\n \"22222222-0000-0000-0000-000000000000\",\n \"33333333-0000-0000-0000-000000000000\",\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetServicePrincipals.Invoke(new()\n {\n ClientIds = new[]\n {\n \"11111111-0000-0000-0000-000000000000\",\n \"22222222-0000-0000-0000-000000000000\",\n \"33333333-0000-0000-0000-000000000000\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetServicePrincipals(ctx, \u0026azuread.GetServicePrincipalsArgs{\n\t\t\tClientIds: []string{\n\t\t\t\t\"11111111-0000-0000-0000-000000000000\",\n\t\t\t\t\"22222222-0000-0000-0000-000000000000\",\n\t\t\t\t\"33333333-0000-0000-0000-000000000000\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetServicePrincipalsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getServicePrincipals(GetServicePrincipalsArgs.builder()\n .clientIds( \n \"11111111-0000-0000-0000-000000000000\",\n \"22222222-0000-0000-0000-000000000000\",\n \"33333333-0000-0000-0000-000000000000\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: azuread:getServicePrincipals\n Arguments:\n clientIds:\n - 11111111-0000-0000-0000-000000000000\n - 22222222-0000-0000-0000-000000000000\n - 33333333-0000-0000-0000-000000000000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n*Look up by service principal object IDs*\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azuread from \"@pulumi/azuread\";\n\nconst example = azuread.getServicePrincipals({\n objectIds: [\n \"00000000-0000-0000-0000-000000000000\",\n \"00000000-0000-0000-0000-111111111111\",\n \"00000000-0000-0000-0000-222222222222\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_azuread as azuread\n\nexample = azuread.get_service_principals(object_ids=[\n \"00000000-0000-0000-0000-000000000000\",\n \"00000000-0000-0000-0000-111111111111\",\n \"00000000-0000-0000-0000-222222222222\",\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureAD = Pulumi.AzureAD;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = AzureAD.GetServicePrincipals.Invoke(new()\n {\n ObjectIds = new[]\n {\n \"00000000-0000-0000-0000-000000000000\",\n \"00000000-0000-0000-0000-111111111111\",\n \"00000000-0000-0000-0000-222222222222\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := azuread.GetServicePrincipals(ctx, \u0026azuread.GetServicePrincipalsArgs{\n\t\t\tObjectIds: []string{\n\t\t\t\t\"00000000-0000-0000-0000-000000000000\",\n\t\t\t\t\"00000000-0000-0000-0000-111111111111\",\n\t\t\t\t\"00000000-0000-0000-0000-222222222222\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azuread.AzureadFunctions;\nimport com.pulumi.azuread.inputs.GetServicePrincipalsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AzureadFunctions.getServicePrincipals(GetServicePrincipalsArgs.builder()\n .objectIds( \n \"00000000-0000-0000-0000-000000000000\",\n \"00000000-0000-0000-0000-111111111111\",\n \"00000000-0000-0000-0000-222222222222\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n Function: azuread:getServicePrincipals\n Arguments:\n objectIds:\n - 00000000-0000-0000-0000-000000000000\n - 00000000-0000-0000-0000-111111111111\n - 00000000-0000-0000-0000-222222222222\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getServicePrincipals.\n", "properties": { diff --git a/provider/go.mod b/provider/go.mod index 7aa344a2a..16f3211e0 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -134,7 +134,7 @@ require ( github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 // indirect github.com/hashicorp/terraform-plugin-testing v1.5.1 // indirect - github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240411223630-0d6e12c0f7b7 // indirect + github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240509203949-3503c4ecac1d // indirect github.com/hashicorp/terraform-registry-address v0.2.3 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect github.com/hashicorp/vault/api v1.8.2 // indirect @@ -151,7 +151,7 @@ require ( github.com/klauspost/compress v1.15.11 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect - github.com/manicminer/hamilton v0.66.0 // indirect + github.com/manicminer/hamilton v0.67.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-localereader v0.0.1 // indirect diff --git a/provider/go.sum b/provider/go.sum index 5b3540e4e..156f21900 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -2264,8 +2264,8 @@ github.com/hashicorp/terraform-plugin-sdk v1.7.0/go.mod h1:OjgQmey5VxnPej/buEhe+ github.com/hashicorp/terraform-plugin-test v1.2.0/go.mod h1:QIJHYz8j+xJtdtLrFTlzQVC0ocr3rf/OjIpgZLK56Hs= github.com/hashicorp/terraform-plugin-testing v1.5.1 h1:T4aQh9JAhmWo4+t1A7x+rnxAJHCDIYW9kXyo4sVO92c= github.com/hashicorp/terraform-plugin-testing v1.5.1/go.mod h1:dg8clO6K59rZ8w9EshBmDp1CxTIPu3yA4iaDpX1h5u0= -github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240411223630-0d6e12c0f7b7 h1:0heRRWRFSJl9U6B2xmviW2yxTNHnjmbqoN94cX5QgUA= -github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240411223630-0d6e12c0f7b7/go.mod h1:KQgbKPX+y+lY4bAQV1lxb+5/0GCiDgybGUTPAy7uGEQ= +github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240509203949-3503c4ecac1d h1:Hrtiw5ksSBVl9eVcjbSSrZ7sWUPMQdjIxYe1UphTa6I= +github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240509203949-3503c4ecac1d/go.mod h1:U3wupRNisNU5eP+kqfCWLFApydrSw0U0v1b/yZZpwsk= github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI= github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg= @@ -2463,8 +2463,8 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/manicminer/hamilton v0.66.0 h1:pJPlaf32wMZBCArX1U5QC0YqR3vnJoc4crTuigLy0og= -github.com/manicminer/hamilton v0.66.0/go.mod h1:u80g9rPtJpCG7EC0iayttt8UfeAp6jknClixgZGE950= +github.com/manicminer/hamilton v0.67.0 h1:hG3tPunQCGcgP2Nx0+lwW+Swu9MXOs4JGospakK79pY= +github.com/manicminer/hamilton v0.67.0/go.mod h1:u80g9rPtJpCG7EC0iayttt8UfeAp6jknClixgZGE950= github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho= diff --git a/provider/shim/go.mod b/provider/shim/go.mod index e4f6aee04..dca116c0e 100644 --- a/provider/shim/go.mod +++ b/provider/shim/go.mod @@ -4,7 +4,7 @@ go 1.21.3 require ( github.com/hashicorp/terraform-plugin-sdk/v2 v2.29.0 - github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240411223630-0d6e12c0f7b7 + github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240509203949-3503c4ecac1d ) require ( @@ -38,7 +38,7 @@ require ( github.com/hashicorp/terraform-registry-address v0.2.2 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect github.com/hashicorp/yamux v0.1.1 // indirect - github.com/manicminer/hamilton v0.66.0 // indirect + github.com/manicminer/hamilton v0.67.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.19 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect diff --git a/provider/shim/go.sum b/provider/shim/go.sum index 13c8b26f5..04f651acf 100644 --- a/provider/shim/go.sum +++ b/provider/shim/go.sum @@ -90,8 +90,8 @@ github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9T github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= github.com/hashicorp/terraform-plugin-testing v1.5.1 h1:T4aQh9JAhmWo4+t1A7x+rnxAJHCDIYW9kXyo4sVO92c= github.com/hashicorp/terraform-plugin-testing v1.5.1/go.mod h1:dg8clO6K59rZ8w9EshBmDp1CxTIPu3yA4iaDpX1h5u0= -github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240411223630-0d6e12c0f7b7 h1:0heRRWRFSJl9U6B2xmviW2yxTNHnjmbqoN94cX5QgUA= -github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240411223630-0d6e12c0f7b7/go.mod h1:KQgbKPX+y+lY4bAQV1lxb+5/0GCiDgybGUTPAy7uGEQ= +github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240509203949-3503c4ecac1d h1:Hrtiw5ksSBVl9eVcjbSSrZ7sWUPMQdjIxYe1UphTa6I= +github.com/hashicorp/terraform-provider-azuread v1.6.1-0.20240509203949-3503c4ecac1d/go.mod h1:U3wupRNisNU5eP+kqfCWLFApydrSw0U0v1b/yZZpwsk= github.com/hashicorp/terraform-registry-address v0.2.2 h1:lPQBg403El8PPicg/qONZJDC6YlgCVbWDtNmmZKtBno= github.com/hashicorp/terraform-registry-address v0.2.2/go.mod h1:LtwNbCihUoUZ3RYriyS2wF/lGPB6gF9ICLRtuDk7hSo= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= @@ -111,8 +111,8 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/manicminer/hamilton v0.66.0 h1:pJPlaf32wMZBCArX1U5QC0YqR3vnJoc4crTuigLy0og= -github.com/manicminer/hamilton v0.66.0/go.mod h1:u80g9rPtJpCG7EC0iayttt8UfeAp6jknClixgZGE950= +github.com/manicminer/hamilton v0.67.0 h1:hG3tPunQCGcgP2Nx0+lwW+Swu9MXOs4JGospakK79pY= +github.com/manicminer/hamilton v0.67.0/go.mod h1:u80g9rPtJpCG7EC0iayttt8UfeAp6jknClixgZGE950= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= diff --git a/sdk/dotnet/Application.cs b/sdk/dotnet/Application.cs index 629bae435..b3aa4b307 100644 --- a/sdk/dotnet/Application.cs +++ b/sdk/dotnet/Application.cs @@ -305,7 +305,7 @@ public partial class Application : global::Pulumi.CustomResource public Output> FeatureTags { get; private set; } = null!; /// - /// Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + /// A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. /// [Output("groupMembershipClaims")] public Output> GroupMembershipClaims { get; private set; } = null!; @@ -562,7 +562,7 @@ public InputList FeatureTags private InputList? _groupMembershipClaims; /// - /// Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + /// A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. /// public InputList GroupMembershipClaims { @@ -814,7 +814,7 @@ public InputList FeatureTags private InputList? _groupMembershipClaims; /// - /// Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + /// A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. /// public InputList GroupMembershipClaims { diff --git a/sdk/dotnet/GetGroup.cs b/sdk/dotnet/GetGroup.cs index 96e92e395..5af9ce4d7 100644 --- a/sdk/dotnet/GetGroup.cs +++ b/sdk/dotnet/GetGroup.cs @@ -91,6 +91,12 @@ public sealed class GetGroupArgs : global::Pulumi.InvokeArgs [Input("displayName")] public string? DisplayName { get; set; } + /// + /// Whether to include transitive members (a flat list of all nested members). Defaults to `false`. + /// + [Input("includeTransitiveMembers")] + public bool? IncludeTransitiveMembers { get; set; } + /// /// Whether the group is mail-enabled. /// @@ -131,6 +137,12 @@ public sealed class GetGroupInvokeArgs : global::Pulumi.InvokeArgs [Input("displayName")] public Input? DisplayName { get; set; } + /// + /// Whether to include transitive members (a flat list of all nested members). Defaults to `false`. + /// + [Input("includeTransitiveMembers")] + public Input? IncludeTransitiveMembers { get; set; } + /// /// Whether the group is mail-enabled. /// @@ -207,6 +219,7 @@ public sealed class GetGroupResult /// The provider-assigned unique ID for this managed resource. /// public readonly string Id; + public readonly bool? IncludeTransitiveMembers; /// /// The SMTP address for the group. /// @@ -220,7 +233,7 @@ public sealed class GetGroupResult /// public readonly string MailNickname; /// - /// List of object IDs of the group members. + /// List of object IDs of the group members. When `include_transitive_members` is `true`, contains a list of object IDs of all transitive group members. /// public readonly ImmutableArray Members; /// @@ -310,6 +323,8 @@ private GetGroupResult( string id, + bool? includeTransitiveMembers, + string mail, bool mailEnabled, @@ -360,6 +375,7 @@ private GetGroupResult( HideFromAddressLists = hideFromAddressLists; HideFromOutlookClients = hideFromOutlookClients; Id = id; + IncludeTransitiveMembers = includeTransitiveMembers; Mail = mail; MailEnabled = mailEnabled; MailNickname = mailNickname; diff --git a/sdk/dotnet/GetGroupRoleManagementPolicy.cs b/sdk/dotnet/GetGroupRoleManagementPolicy.cs new file mode 100644 index 000000000..94f0f3773 --- /dev/null +++ b/sdk/dotnet/GetGroupRoleManagementPolicy.cs @@ -0,0 +1,172 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD +{ + public static class GetGroupRoleManagementPolicy + { + /// + /// Use this data source to retrieve a role policy for an Azure AD group. + /// + /// ## API Permissions + /// + /// The following API permissions are required in order to use this resource. + /// + /// When authenticated with a service principal, this resource requires the `RoleManagementPolicy.Read.AzureADGroup` Microsoft Graph API permissions. + /// + /// When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using AzureAD = Pulumi.AzureAD; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var example = new AzureAD.Group("example", new() + /// { + /// DisplayName = "group-name", + /// SecurityEnabled = true, + /// }); + /// + /// var ownersPolicy = AzureAD.GetGroupRoleManagementPolicy.Invoke(new() + /// { + /// GroupId = example.Id, + /// RoleId = "owner", + /// }); + /// + /// }); + /// ``` + /// + public static Task InvokeAsync(GetGroupRoleManagementPolicyArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.InvokeAsync("azuread:index/getGroupRoleManagementPolicy:getGroupRoleManagementPolicy", args ?? new GetGroupRoleManagementPolicyArgs(), options.WithDefaults()); + + /// + /// Use this data source to retrieve a role policy for an Azure AD group. + /// + /// ## API Permissions + /// + /// The following API permissions are required in order to use this resource. + /// + /// When authenticated with a service principal, this resource requires the `RoleManagementPolicy.Read.AzureADGroup` Microsoft Graph API permissions. + /// + /// When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using AzureAD = Pulumi.AzureAD; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var example = new AzureAD.Group("example", new() + /// { + /// DisplayName = "group-name", + /// SecurityEnabled = true, + /// }); + /// + /// var ownersPolicy = AzureAD.GetGroupRoleManagementPolicy.Invoke(new() + /// { + /// GroupId = example.Id, + /// RoleId = "owner", + /// }); + /// + /// }); + /// ``` + /// + public static Output Invoke(GetGroupRoleManagementPolicyInvokeArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.Invoke("azuread:index/getGroupRoleManagementPolicy:getGroupRoleManagementPolicy", args ?? new GetGroupRoleManagementPolicyInvokeArgs(), options.WithDefaults()); + } + + + public sealed class GetGroupRoleManagementPolicyArgs : global::Pulumi.InvokeArgs + { + /// + /// The ID of the Azure AD group for which the policy applies. + /// + [Input("groupId", required: true)] + public string GroupId { get; set; } = null!; + + /// + /// The type of assignment this policy coveres. Can be either `member` or `owner`. + /// + [Input("roleId", required: true)] + public string RoleId { get; set; } = null!; + + public GetGroupRoleManagementPolicyArgs() + { + } + public static new GetGroupRoleManagementPolicyArgs Empty => new GetGroupRoleManagementPolicyArgs(); + } + + public sealed class GetGroupRoleManagementPolicyInvokeArgs : global::Pulumi.InvokeArgs + { + /// + /// The ID of the Azure AD group for which the policy applies. + /// + [Input("groupId", required: true)] + public Input GroupId { get; set; } = null!; + + /// + /// The type of assignment this policy coveres. Can be either `member` or `owner`. + /// + [Input("roleId", required: true)] + public Input RoleId { get; set; } = null!; + + public GetGroupRoleManagementPolicyInvokeArgs() + { + } + public static new GetGroupRoleManagementPolicyInvokeArgs Empty => new GetGroupRoleManagementPolicyInvokeArgs(); + } + + + [OutputType] + public sealed class GetGroupRoleManagementPolicyResult + { + /// + /// (String) The description of this policy. + /// + public readonly string Description; + /// + /// (String) The display name of this policy. + /// + public readonly string DisplayName; + public readonly string GroupId; + /// + /// The provider-assigned unique ID for this managed resource. + /// + public readonly string Id; + public readonly string RoleId; + + [OutputConstructor] + private GetGroupRoleManagementPolicyResult( + string description, + + string displayName, + + string groupId, + + string id, + + string roleId) + { + Description = description; + DisplayName = displayName; + GroupId = groupId; + Id = id; + RoleId = roleId; + } + } +} diff --git a/sdk/dotnet/GetServicePrincipals.cs b/sdk/dotnet/GetServicePrincipals.cs index 8344b756b..8a9ad6c8b 100644 --- a/sdk/dotnet/GetServicePrincipals.cs +++ b/sdk/dotnet/GetServicePrincipals.cs @@ -46,7 +46,7 @@ public static class GetServicePrincipals /// }); /// ``` /// - /// *Look up by application IDs (client IDs* + /// *Look up by application IDs (client IDs)* /// /// ```csharp /// using System.Collections.Generic; @@ -130,7 +130,7 @@ public static Task InvokeAsync(GetServicePrincipalsA /// }); /// ``` /// - /// *Look up by application IDs (client IDs* + /// *Look up by application IDs (client IDs)* /// /// ```csharp /// using System.Collections.Generic; diff --git a/sdk/dotnet/Group.cs b/sdk/dotnet/Group.cs index fbde59db1..a54223c7b 100644 --- a/sdk/dotnet/Group.cs +++ b/sdk/dotnet/Group.cs @@ -20,7 +20,7 @@ namespace Pulumi.AzureAD /// /// Alternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`. /// - /// If using the `assignable_to_role` property, this resource additionally requires one of the following application roles: `RoleManagement.ReadWrite.Directory` or `Directory.ReadWrite.All` + /// If using the `assignable_to_role` property, this resource additionally requires the `RoleManagement.ReadWrite.Directory` application role. /// /// If specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All` /// @@ -133,7 +133,7 @@ public partial class Group : global::Pulumi.CustomResource public Output AutoSubscribeNewMembers { get; private set; } = null!; /// - /// A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + /// A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. /// [Output("behaviors")] public Output> Behaviors { get; private set; } = null!; @@ -390,7 +390,7 @@ public InputList AdministrativeUnitIds private InputList? _behaviors; /// - /// A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + /// A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. /// public InputList Behaviors { @@ -582,7 +582,7 @@ public InputList AdministrativeUnitIds private InputList? _behaviors; /// - /// A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + /// A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. /// public InputList Behaviors { diff --git a/sdk/dotnet/GroupRoleManagementPolicy.cs b/sdk/dotnet/GroupRoleManagementPolicy.cs new file mode 100644 index 000000000..67880cb14 --- /dev/null +++ b/sdk/dotnet/GroupRoleManagementPolicy.cs @@ -0,0 +1,217 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD +{ + /// + /// Manage a role policy for an Azure AD group. + /// + /// ## API Permissions + /// + /// The following API permissions are required in order to use this resource. + /// + /// When authenticated with a service principal, this resource requires the `RoleManagementPolicy.ReadWrite.AzureADGroup` Microsoft Graph API permissions. + /// + /// When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + /// + [AzureADResourceType("azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy")] + public partial class GroupRoleManagementPolicy : global::Pulumi.CustomResource + { + /// + /// An `activation_rules` block as defined below. + /// + [Output("activationRules")] + public Output ActivationRules { get; private set; } = null!; + + /// + /// An `active_assignment_rules` block as defined below. + /// + [Output("activeAssignmentRules")] + public Output ActiveAssignmentRules { get; private set; } = null!; + + /// + /// (String) The description of this policy. + /// + [Output("description")] + public Output Description { get; private set; } = null!; + + /// + /// (String) The display name of this policy. + /// + [Output("displayName")] + public Output DisplayName { get; private set; } = null!; + + /// + /// An `eligible_assignment_rules` block as defined below. + /// + [Output("eligibleAssignmentRules")] + public Output EligibleAssignmentRules { get; private set; } = null!; + + /// + /// The ID of the Azure AD group for which the policy applies. + /// + [Output("groupId")] + public Output GroupId { get; private set; } = null!; + + /// + /// A `notification_rules` block as defined below. + /// + [Output("notificationRules")] + public Output NotificationRules { get; private set; } = null!; + + /// + /// The type of assignment this policy coveres. Can be either `member` or `owner`. + /// + [Output("roleId")] + public Output RoleId { get; private set; } = null!; + + + /// + /// Create a GroupRoleManagementPolicy resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public GroupRoleManagementPolicy(string name, GroupRoleManagementPolicyArgs args, CustomResourceOptions? options = null) + : base("azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy", name, args ?? new GroupRoleManagementPolicyArgs(), MakeResourceOptions(options, "")) + { + } + + private GroupRoleManagementPolicy(string name, Input id, GroupRoleManagementPolicyState? state = null, CustomResourceOptions? options = null) + : base("azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing GroupRoleManagementPolicy resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static GroupRoleManagementPolicy Get(string name, Input id, GroupRoleManagementPolicyState? state = null, CustomResourceOptions? options = null) + { + return new GroupRoleManagementPolicy(name, id, state, options); + } + } + + public sealed class GroupRoleManagementPolicyArgs : global::Pulumi.ResourceArgs + { + /// + /// An `activation_rules` block as defined below. + /// + [Input("activationRules")] + public Input? ActivationRules { get; set; } + + /// + /// An `active_assignment_rules` block as defined below. + /// + [Input("activeAssignmentRules")] + public Input? ActiveAssignmentRules { get; set; } + + /// + /// An `eligible_assignment_rules` block as defined below. + /// + [Input("eligibleAssignmentRules")] + public Input? EligibleAssignmentRules { get; set; } + + /// + /// The ID of the Azure AD group for which the policy applies. + /// + [Input("groupId", required: true)] + public Input GroupId { get; set; } = null!; + + /// + /// A `notification_rules` block as defined below. + /// + [Input("notificationRules")] + public Input? NotificationRules { get; set; } + + /// + /// The type of assignment this policy coveres. Can be either `member` or `owner`. + /// + [Input("roleId", required: true)] + public Input RoleId { get; set; } = null!; + + public GroupRoleManagementPolicyArgs() + { + } + public static new GroupRoleManagementPolicyArgs Empty => new GroupRoleManagementPolicyArgs(); + } + + public sealed class GroupRoleManagementPolicyState : global::Pulumi.ResourceArgs + { + /// + /// An `activation_rules` block as defined below. + /// + [Input("activationRules")] + public Input? ActivationRules { get; set; } + + /// + /// An `active_assignment_rules` block as defined below. + /// + [Input("activeAssignmentRules")] + public Input? ActiveAssignmentRules { get; set; } + + /// + /// (String) The description of this policy. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// (String) The display name of this policy. + /// + [Input("displayName")] + public Input? DisplayName { get; set; } + + /// + /// An `eligible_assignment_rules` block as defined below. + /// + [Input("eligibleAssignmentRules")] + public Input? EligibleAssignmentRules { get; set; } + + /// + /// The ID of the Azure AD group for which the policy applies. + /// + [Input("groupId")] + public Input? GroupId { get; set; } + + /// + /// A `notification_rules` block as defined below. + /// + [Input("notificationRules")] + public Input? NotificationRules { get; set; } + + /// + /// The type of assignment this policy coveres. Can be either `member` or `owner`. + /// + [Input("roleId")] + public Input? RoleId { get; set; } + + public GroupRoleManagementPolicyState() + { + } + public static new GroupRoleManagementPolicyState Empty => new GroupRoleManagementPolicyState(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesApprovalStageArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesApprovalStageArgs.cs new file mode 100644 index 000000000..8a0bb0108 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesApprovalStageArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyActivationRulesApprovalStageArgs : global::Pulumi.ResourceArgs + { + [Input("primaryApprovers", required: true)] + private InputList? _primaryApprovers; + + /// + /// The IDs of the users or groups who can approve the activation + /// + public InputList PrimaryApprovers + { + get => _primaryApprovers ?? (_primaryApprovers = new InputList()); + set => _primaryApprovers = value; + } + + public GroupRoleManagementPolicyActivationRulesApprovalStageArgs() + { + } + public static new GroupRoleManagementPolicyActivationRulesApprovalStageArgs Empty => new GroupRoleManagementPolicyActivationRulesApprovalStageArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesApprovalStageGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesApprovalStageGetArgs.cs new file mode 100644 index 000000000..99f5d57f4 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesApprovalStageGetArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyActivationRulesApprovalStageGetArgs : global::Pulumi.ResourceArgs + { + [Input("primaryApprovers", required: true)] + private InputList? _primaryApprovers; + + /// + /// The IDs of the users or groups who can approve the activation + /// + public InputList PrimaryApprovers + { + get => _primaryApprovers ?? (_primaryApprovers = new InputList()); + set => _primaryApprovers = value; + } + + public GroupRoleManagementPolicyActivationRulesApprovalStageGetArgs() + { + } + public static new GroupRoleManagementPolicyActivationRulesApprovalStageGetArgs Empty => new GroupRoleManagementPolicyActivationRulesApprovalStageGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs.cs new file mode 100644 index 000000000..bd4413123 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs : global::Pulumi.ResourceArgs + { + /// + /// The ID of the object which will act as an approver. + /// + [Input("objectId", required: true)] + public Input ObjectId { get; set; } = null!; + + /// + /// The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + /// + [Input("type")] + public Input? Type { get; set; } + + public GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs() + { + } + public static new GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs Empty => new GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverGetArgs.cs new file mode 100644 index 000000000..4ca760ddb --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverGetArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverGetArgs : global::Pulumi.ResourceArgs + { + /// + /// The ID of the object which will act as an approver. + /// + [Input("objectId", required: true)] + public Input ObjectId { get; set; } = null!; + + /// + /// The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + /// + [Input("type")] + public Input? Type { get; set; } + + public GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverGetArgs() + { + } + public static new GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverGetArgs Empty => new GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesArgs.cs new file mode 100644 index 000000000..b966c2785 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesArgs.cs @@ -0,0 +1,62 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyActivationRulesArgs : global::Pulumi.ResourceArgs + { + /// + /// An `approval_stage` block as defined below. + /// + [Input("approvalStage")] + public Input? ApprovalStage { get; set; } + + /// + /// The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + /// + [Input("maximumDuration")] + public Input? MaximumDuration { get; set; } + + /// + /// Is approval required for activation. If `true` an `approval_stage` block must be provided. + /// + [Input("requireApproval")] + public Input? RequireApproval { get; set; } + + /// + /// Is a justification required during activation of the role. + /// + [Input("requireJustification")] + public Input? RequireJustification { get; set; } + + /// + /// Is multi-factor authentication required to activate the role. Conflicts with `required_conditional_access_authentication_context`. + /// + [Input("requireMultifactorAuthentication")] + public Input? RequireMultifactorAuthentication { get; set; } + + /// + /// Is ticket information requrired during activation of the role. + /// + [Input("requireTicketInfo")] + public Input? RequireTicketInfo { get; set; } + + /// + /// The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + /// + [Input("requiredConditionalAccessAuthenticationContext")] + public Input? RequiredConditionalAccessAuthenticationContext { get; set; } + + public GroupRoleManagementPolicyActivationRulesArgs() + { + } + public static new GroupRoleManagementPolicyActivationRulesArgs Empty => new GroupRoleManagementPolicyActivationRulesArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesGetArgs.cs new file mode 100644 index 000000000..baabbe97c --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActivationRulesGetArgs.cs @@ -0,0 +1,62 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyActivationRulesGetArgs : global::Pulumi.ResourceArgs + { + /// + /// An `approval_stage` block as defined below. + /// + [Input("approvalStage")] + public Input? ApprovalStage { get; set; } + + /// + /// The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + /// + [Input("maximumDuration")] + public Input? MaximumDuration { get; set; } + + /// + /// Is approval required for activation. If `true` an `approval_stage` block must be provided. + /// + [Input("requireApproval")] + public Input? RequireApproval { get; set; } + + /// + /// Is a justification required during activation of the role. + /// + [Input("requireJustification")] + public Input? RequireJustification { get; set; } + + /// + /// Is multi-factor authentication required to activate the role. Conflicts with `required_conditional_access_authentication_context`. + /// + [Input("requireMultifactorAuthentication")] + public Input? RequireMultifactorAuthentication { get; set; } + + /// + /// Is ticket information requrired during activation of the role. + /// + [Input("requireTicketInfo")] + public Input? RequireTicketInfo { get; set; } + + /// + /// The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + /// + [Input("requiredConditionalAccessAuthenticationContext")] + public Input? RequiredConditionalAccessAuthenticationContext { get; set; } + + public GroupRoleManagementPolicyActivationRulesGetArgs() + { + } + public static new GroupRoleManagementPolicyActivationRulesGetArgs Empty => new GroupRoleManagementPolicyActivationRulesGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyActiveAssignmentRulesArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActiveAssignmentRulesArgs.cs new file mode 100644 index 000000000..5f8ab8fae --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActiveAssignmentRulesArgs.cs @@ -0,0 +1,52 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyActiveAssignmentRulesArgs : global::Pulumi.ResourceArgs + { + /// + /// Must an assignment have an expiry date. `false` allows permanent assignment. + /// + [Input("expirationRequired")] + public Input? ExpirationRequired { get; set; } + + /// + /// The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + /// + [Input("expireAfter")] + public Input? ExpireAfter { get; set; } + + /// + /// Is a justification required to create new assignments. + /// + [Input("requireJustification")] + public Input? RequireJustification { get; set; } + + /// + /// Is multi-factor authentication required to create new assignments. + /// + [Input("requireMultifactorAuthentication")] + public Input? RequireMultifactorAuthentication { get; set; } + + /// + /// Is ticket information required to create new assignments. + /// + /// One of `expiration_required` or `expire_after` must be provided. + /// + [Input("requireTicketInfo")] + public Input? RequireTicketInfo { get; set; } + + public GroupRoleManagementPolicyActiveAssignmentRulesArgs() + { + } + public static new GroupRoleManagementPolicyActiveAssignmentRulesArgs Empty => new GroupRoleManagementPolicyActiveAssignmentRulesArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyActiveAssignmentRulesGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActiveAssignmentRulesGetArgs.cs new file mode 100644 index 000000000..cd94b43ee --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyActiveAssignmentRulesGetArgs.cs @@ -0,0 +1,52 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyActiveAssignmentRulesGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Must an assignment have an expiry date. `false` allows permanent assignment. + /// + [Input("expirationRequired")] + public Input? ExpirationRequired { get; set; } + + /// + /// The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + /// + [Input("expireAfter")] + public Input? ExpireAfter { get; set; } + + /// + /// Is a justification required to create new assignments. + /// + [Input("requireJustification")] + public Input? RequireJustification { get; set; } + + /// + /// Is multi-factor authentication required to create new assignments. + /// + [Input("requireMultifactorAuthentication")] + public Input? RequireMultifactorAuthentication { get; set; } + + /// + /// Is ticket information required to create new assignments. + /// + /// One of `expiration_required` or `expire_after` must be provided. + /// + [Input("requireTicketInfo")] + public Input? RequireTicketInfo { get; set; } + + public GroupRoleManagementPolicyActiveAssignmentRulesGetArgs() + { + } + public static new GroupRoleManagementPolicyActiveAssignmentRulesGetArgs Empty => new GroupRoleManagementPolicyActiveAssignmentRulesGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyEligibleAssignmentRulesArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyEligibleAssignmentRulesArgs.cs new file mode 100644 index 000000000..13c1cd284 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyEligibleAssignmentRulesArgs.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyEligibleAssignmentRulesArgs : global::Pulumi.ResourceArgs + { + /// + /// Must an assignment have an expiry date. `false` allows permanent assignment. + /// + [Input("expirationRequired")] + public Input? ExpirationRequired { get; set; } + + /// + /// The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + /// + /// One of `expiration_required` or `expire_after` must be provided. + /// + [Input("expireAfter")] + public Input? ExpireAfter { get; set; } + + public GroupRoleManagementPolicyEligibleAssignmentRulesArgs() + { + } + public static new GroupRoleManagementPolicyEligibleAssignmentRulesArgs Empty => new GroupRoleManagementPolicyEligibleAssignmentRulesArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyEligibleAssignmentRulesGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyEligibleAssignmentRulesGetArgs.cs new file mode 100644 index 000000000..de84ce0d8 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyEligibleAssignmentRulesGetArgs.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyEligibleAssignmentRulesGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Must an assignment have an expiry date. `false` allows permanent assignment. + /// + [Input("expirationRequired")] + public Input? ExpirationRequired { get; set; } + + /// + /// The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + /// + /// One of `expiration_required` or `expire_after` must be provided. + /// + [Input("expireAfter")] + public Input? ExpireAfter { get; set; } + + public GroupRoleManagementPolicyEligibleAssignmentRulesGetArgs() + { + } + public static new GroupRoleManagementPolicyEligibleAssignmentRulesGetArgs Empty => new GroupRoleManagementPolicyEligibleAssignmentRulesGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs.cs new file mode 100644 index 000000000..ddd7efeeb --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs Empty => new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsGetArgs.cs new file mode 100644 index 000000000..bbdad748e --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsGetArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsGetArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsGetArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsGetArgs Empty => new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs.cs new file mode 100644 index 000000000..cc9440f0a --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs Empty => new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsGetArgs.cs new file mode 100644 index 000000000..ad1c7bce4 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsGetArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsGetArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsGetArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsGetArgs Empty => new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs.cs new file mode 100644 index 000000000..90f3c75b0 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs : global::Pulumi.ResourceArgs + { + /// + /// Admin notification settings + /// + [Input("adminNotifications")] + public Input? AdminNotifications { get; set; } + + /// + /// Approver notification settings + /// + [Input("approverNotifications")] + public Input? ApproverNotifications { get; set; } + + /// + /// Assignee notification settings + /// + [Input("assigneeNotifications")] + public Input? AssigneeNotifications { get; set; } + + public GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs Empty => new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs.cs new file mode 100644 index 000000000..8b1599bb1 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs Empty => new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsGetArgs.cs new file mode 100644 index 000000000..f92c4be17 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsGetArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsGetArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsGetArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsGetArgs Empty => new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsGetArgs.cs new file mode 100644 index 000000000..1ef397d5e --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsGetArgs.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Admin notification settings + /// + [Input("adminNotifications")] + public Input? AdminNotifications { get; set; } + + /// + /// Approver notification settings + /// + [Input("approverNotifications")] + public Input? ApproverNotifications { get; set; } + + /// + /// Assignee notification settings + /// + [Input("assigneeNotifications")] + public Input? AssigneeNotifications { get; set; } + + public GroupRoleManagementPolicyNotificationRulesActiveAssignmentsGetArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsGetArgs Empty => new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesArgs.cs new file mode 100644 index 000000000..c655abdeb --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesArgs : global::Pulumi.ResourceArgs + { + /// + /// A `notification_target` block as defined below to configure notfications on active role assignments. + /// + [Input("activeAssignments")] + public Input? ActiveAssignments { get; set; } + + /// + /// A `notification_target` block as defined below for configuring notifications on activation of eligible role. + /// + [Input("eligibleActivations")] + public Input? EligibleActivations { get; set; } + + /// + /// A `notification_target` block as defined below to configure notification on eligible role assignments. + /// + /// At least one `notification_target` block must be provided. + /// + [Input("eligibleAssignments")] + public Input? EligibleAssignments { get; set; } + + public GroupRoleManagementPolicyNotificationRulesArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesArgs Empty => new GroupRoleManagementPolicyNotificationRulesArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs.cs new file mode 100644 index 000000000..0336b9c64 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs Empty => new GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsGetArgs.cs new file mode 100644 index 000000000..5903c09c7 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsGetArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsGetArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsGetArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsGetArgs Empty => new GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs.cs new file mode 100644 index 000000000..8f680a0f2 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs Empty => new GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsGetArgs.cs new file mode 100644 index 000000000..8fec562f5 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsGetArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsGetArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsGetArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsGetArgs Empty => new GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs.cs new file mode 100644 index 000000000..6d8ca9944 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs : global::Pulumi.ResourceArgs + { + /// + /// Admin notification settings + /// + [Input("adminNotifications")] + public Input? AdminNotifications { get; set; } + + /// + /// Approver notification settings + /// + [Input("approverNotifications")] + public Input? ApproverNotifications { get; set; } + + /// + /// Assignee notification settings + /// + [Input("assigneeNotifications")] + public Input? AssigneeNotifications { get; set; } + + public GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs Empty => new GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs.cs new file mode 100644 index 000000000..41ef14c85 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs Empty => new GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsGetArgs.cs new file mode 100644 index 000000000..23d1fc30f --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsGetArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsGetArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsGetArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsGetArgs Empty => new GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsGetArgs.cs new file mode 100644 index 000000000..972c9481f --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsGetArgs.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleActivationsGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Admin notification settings + /// + [Input("adminNotifications")] + public Input? AdminNotifications { get; set; } + + /// + /// Approver notification settings + /// + [Input("approverNotifications")] + public Input? ApproverNotifications { get; set; } + + /// + /// Assignee notification settings + /// + [Input("assigneeNotifications")] + public Input? AssigneeNotifications { get; set; } + + public GroupRoleManagementPolicyNotificationRulesEligibleActivationsGetArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesEligibleActivationsGetArgs Empty => new GroupRoleManagementPolicyNotificationRulesEligibleActivationsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs.cs new file mode 100644 index 000000000..010b90a06 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs Empty => new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsGetArgs.cs new file mode 100644 index 000000000..1ef43eaa4 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsGetArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsGetArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsGetArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsGetArgs Empty => new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs.cs new file mode 100644 index 000000000..cfc11be18 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs Empty => new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsGetArgs.cs new file mode 100644 index 000000000..60c71af56 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsGetArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsGetArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsGetArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsGetArgs Empty => new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs.cs new file mode 100644 index 000000000..394cc71df --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs : global::Pulumi.ResourceArgs + { + /// + /// Admin notification settings + /// + [Input("adminNotifications")] + public Input? AdminNotifications { get; set; } + + /// + /// Approver notification settings + /// + [Input("approverNotifications")] + public Input? ApproverNotifications { get; set; } + + /// + /// Assignee notification settings + /// + [Input("assigneeNotifications")] + public Input? AssigneeNotifications { get; set; } + + public GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs Empty => new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs.cs new file mode 100644 index 000000000..90dc241b2 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs Empty => new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsGetArgs.cs new file mode 100644 index 000000000..2063bf933 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsGetArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsGetArgs : global::Pulumi.ResourceArgs + { + [Input("additionalRecipients")] + private InputList? _additionalRecipients; + + /// + /// The additional recipients to notify + /// + public InputList AdditionalRecipients + { + get => _additionalRecipients ?? (_additionalRecipients = new InputList()); + set => _additionalRecipients = value; + } + + /// + /// Whether the default recipients are notified + /// + [Input("defaultRecipients", required: true)] + public Input DefaultRecipients { get; set; } = null!; + + /// + /// What level of notifications are sent + /// + [Input("notificationLevel", required: true)] + public Input NotificationLevel { get; set; } = null!; + + public GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsGetArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsGetArgs Empty => new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsGetArgs.cs new file mode 100644 index 000000000..b3a1dfadb --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsGetArgs.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Admin notification settings + /// + [Input("adminNotifications")] + public Input? AdminNotifications { get; set; } + + /// + /// Approver notification settings + /// + [Input("approverNotifications")] + public Input? ApproverNotifications { get; set; } + + /// + /// Assignee notification settings + /// + [Input("assigneeNotifications")] + public Input? AssigneeNotifications { get; set; } + + public GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsGetArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsGetArgs Empty => new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesGetArgs.cs b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesGetArgs.cs new file mode 100644 index 000000000..98c329a65 --- /dev/null +++ b/sdk/dotnet/Inputs/GroupRoleManagementPolicyNotificationRulesGetArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class GroupRoleManagementPolicyNotificationRulesGetArgs : global::Pulumi.ResourceArgs + { + /// + /// A `notification_target` block as defined below to configure notfications on active role assignments. + /// + [Input("activeAssignments")] + public Input? ActiveAssignments { get; set; } + + /// + /// A `notification_target` block as defined below for configuring notifications on activation of eligible role. + /// + [Input("eligibleActivations")] + public Input? EligibleActivations { get; set; } + + /// + /// A `notification_target` block as defined below to configure notification on eligible role assignments. + /// + /// At least one `notification_target` block must be provided. + /// + [Input("eligibleAssignments")] + public Input? EligibleAssignments { get; set; } + + public GroupRoleManagementPolicyNotificationRulesGetArgs() + { + } + public static new GroupRoleManagementPolicyNotificationRulesGetArgs Empty => new GroupRoleManagementPolicyNotificationRulesGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/SynchronizationJobProvisionOnDemandParameterArgs.cs b/sdk/dotnet/Inputs/SynchronizationJobProvisionOnDemandParameterArgs.cs new file mode 100644 index 000000000..8312f7c49 --- /dev/null +++ b/sdk/dotnet/Inputs/SynchronizationJobProvisionOnDemandParameterArgs.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class SynchronizationJobProvisionOnDemandParameterArgs : global::Pulumi.ResourceArgs + { + /// + /// The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + /// + [Input("ruleId", required: true)] + public Input RuleId { get; set; } = null!; + + [Input("subjects", required: true)] + private InputList? _subjects; + + /// + /// One or more `subject` blocks as documented below. + /// + public InputList Subjects + { + get => _subjects ?? (_subjects = new InputList()); + set => _subjects = value; + } + + public SynchronizationJobProvisionOnDemandParameterArgs() + { + } + public static new SynchronizationJobProvisionOnDemandParameterArgs Empty => new SynchronizationJobProvisionOnDemandParameterArgs(); + } +} diff --git a/sdk/dotnet/Inputs/SynchronizationJobProvisionOnDemandParameterGetArgs.cs b/sdk/dotnet/Inputs/SynchronizationJobProvisionOnDemandParameterGetArgs.cs new file mode 100644 index 000000000..77c6fa7d4 --- /dev/null +++ b/sdk/dotnet/Inputs/SynchronizationJobProvisionOnDemandParameterGetArgs.cs @@ -0,0 +1,38 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class SynchronizationJobProvisionOnDemandParameterGetArgs : global::Pulumi.ResourceArgs + { + /// + /// The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + /// + [Input("ruleId", required: true)] + public Input RuleId { get; set; } = null!; + + [Input("subjects", required: true)] + private InputList? _subjects; + + /// + /// One or more `subject` blocks as documented below. + /// + public InputList Subjects + { + get => _subjects ?? (_subjects = new InputList()); + set => _subjects = value; + } + + public SynchronizationJobProvisionOnDemandParameterGetArgs() + { + } + public static new SynchronizationJobProvisionOnDemandParameterGetArgs Empty => new SynchronizationJobProvisionOnDemandParameterGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/SynchronizationJobProvisionOnDemandParameterSubjectArgs.cs b/sdk/dotnet/Inputs/SynchronizationJobProvisionOnDemandParameterSubjectArgs.cs new file mode 100644 index 000000000..d3a2e2413 --- /dev/null +++ b/sdk/dotnet/Inputs/SynchronizationJobProvisionOnDemandParameterSubjectArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class SynchronizationJobProvisionOnDemandParameterSubjectArgs : global::Pulumi.ResourceArgs + { + /// + /// The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + /// + [Input("objectId", required: true)] + public Input ObjectId { get; set; } = null!; + + /// + /// The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + /// + [Input("objectTypeName", required: true)] + public Input ObjectTypeName { get; set; } = null!; + + public SynchronizationJobProvisionOnDemandParameterSubjectArgs() + { + } + public static new SynchronizationJobProvisionOnDemandParameterSubjectArgs Empty => new SynchronizationJobProvisionOnDemandParameterSubjectArgs(); + } +} diff --git a/sdk/dotnet/Inputs/SynchronizationJobProvisionOnDemandParameterSubjectGetArgs.cs b/sdk/dotnet/Inputs/SynchronizationJobProvisionOnDemandParameterSubjectGetArgs.cs new file mode 100644 index 000000000..0b51e006e --- /dev/null +++ b/sdk/dotnet/Inputs/SynchronizationJobProvisionOnDemandParameterSubjectGetArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Inputs +{ + + public sealed class SynchronizationJobProvisionOnDemandParameterSubjectGetArgs : global::Pulumi.ResourceArgs + { + /// + /// The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + /// + [Input("objectId", required: true)] + public Input ObjectId { get; set; } = null!; + + /// + /// The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + /// + [Input("objectTypeName", required: true)] + public Input ObjectTypeName { get; set; } = null!; + + public SynchronizationJobProvisionOnDemandParameterSubjectGetArgs() + { + } + public static new SynchronizationJobProvisionOnDemandParameterSubjectGetArgs Empty => new SynchronizationJobProvisionOnDemandParameterSubjectGetArgs(); + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyActivationRules.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyActivationRules.cs new file mode 100644 index 000000000..a5a3a21d3 --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyActivationRules.cs @@ -0,0 +1,70 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyActivationRules + { + /// + /// An `approval_stage` block as defined below. + /// + public readonly Outputs.GroupRoleManagementPolicyActivationRulesApprovalStage? ApprovalStage; + /// + /// The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + /// + public readonly string? MaximumDuration; + /// + /// Is approval required for activation. If `true` an `approval_stage` block must be provided. + /// + public readonly bool? RequireApproval; + /// + /// Is a justification required during activation of the role. + /// + public readonly bool? RequireJustification; + /// + /// Is multi-factor authentication required to activate the role. Conflicts with `required_conditional_access_authentication_context`. + /// + public readonly bool? RequireMultifactorAuthentication; + /// + /// Is ticket information requrired during activation of the role. + /// + public readonly bool? RequireTicketInfo; + /// + /// The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + /// + public readonly string? RequiredConditionalAccessAuthenticationContext; + + [OutputConstructor] + private GroupRoleManagementPolicyActivationRules( + Outputs.GroupRoleManagementPolicyActivationRulesApprovalStage? approvalStage, + + string? maximumDuration, + + bool? requireApproval, + + bool? requireJustification, + + bool? requireMultifactorAuthentication, + + bool? requireTicketInfo, + + string? requiredConditionalAccessAuthenticationContext) + { + ApprovalStage = approvalStage; + MaximumDuration = maximumDuration; + RequireApproval = requireApproval; + RequireJustification = requireJustification; + RequireMultifactorAuthentication = requireMultifactorAuthentication; + RequireTicketInfo = requireTicketInfo; + RequiredConditionalAccessAuthenticationContext = requiredConditionalAccessAuthenticationContext; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyActivationRulesApprovalStage.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyActivationRulesApprovalStage.cs new file mode 100644 index 000000000..19e391ad4 --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyActivationRulesApprovalStage.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyActivationRulesApprovalStage + { + /// + /// The IDs of the users or groups who can approve the activation + /// + public readonly ImmutableArray PrimaryApprovers; + + [OutputConstructor] + private GroupRoleManagementPolicyActivationRulesApprovalStage(ImmutableArray primaryApprovers) + { + PrimaryApprovers = primaryApprovers; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover.cs new file mode 100644 index 000000000..44546b4c0 --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover.cs @@ -0,0 +1,35 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover + { + /// + /// The ID of the object which will act as an approver. + /// + public readonly string ObjectId; + /// + /// The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + /// + public readonly string? Type; + + [OutputConstructor] + private GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover( + string objectId, + + string? type) + { + ObjectId = objectId; + Type = type; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyActiveAssignmentRules.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyActiveAssignmentRules.cs new file mode 100644 index 000000000..a45aee0b1 --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyActiveAssignmentRules.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyActiveAssignmentRules + { + /// + /// Must an assignment have an expiry date. `false` allows permanent assignment. + /// + public readonly bool? ExpirationRequired; + /// + /// The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + /// + public readonly string? ExpireAfter; + /// + /// Is a justification required to create new assignments. + /// + public readonly bool? RequireJustification; + /// + /// Is multi-factor authentication required to create new assignments. + /// + public readonly bool? RequireMultifactorAuthentication; + /// + /// Is ticket information required to create new assignments. + /// + /// One of `expiration_required` or `expire_after` must be provided. + /// + public readonly bool? RequireTicketInfo; + + [OutputConstructor] + private GroupRoleManagementPolicyActiveAssignmentRules( + bool? expirationRequired, + + string? expireAfter, + + bool? requireJustification, + + bool? requireMultifactorAuthentication, + + bool? requireTicketInfo) + { + ExpirationRequired = expirationRequired; + ExpireAfter = expireAfter; + RequireJustification = requireJustification; + RequireMultifactorAuthentication = requireMultifactorAuthentication; + RequireTicketInfo = requireTicketInfo; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyEligibleAssignmentRules.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyEligibleAssignmentRules.cs new file mode 100644 index 000000000..3d7df5349 --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyEligibleAssignmentRules.cs @@ -0,0 +1,37 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyEligibleAssignmentRules + { + /// + /// Must an assignment have an expiry date. `false` allows permanent assignment. + /// + public readonly bool? ExpirationRequired; + /// + /// The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + /// + /// One of `expiration_required` or `expire_after` must be provided. + /// + public readonly string? ExpireAfter; + + [OutputConstructor] + private GroupRoleManagementPolicyEligibleAssignmentRules( + bool? expirationRequired, + + string? expireAfter) + { + ExpirationRequired = expirationRequired; + ExpireAfter = expireAfter; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRules.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRules.cs new file mode 100644 index 000000000..65df751d0 --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRules.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyNotificationRules + { + /// + /// A `notification_target` block as defined below to configure notfications on active role assignments. + /// + public readonly Outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignments? ActiveAssignments; + /// + /// A `notification_target` block as defined below for configuring notifications on activation of eligible role. + /// + public readonly Outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivations? EligibleActivations; + /// + /// A `notification_target` block as defined below to configure notification on eligible role assignments. + /// + /// At least one `notification_target` block must be provided. + /// + public readonly Outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignments? EligibleAssignments; + + [OutputConstructor] + private GroupRoleManagementPolicyNotificationRules( + Outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignments? activeAssignments, + + Outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivations? eligibleActivations, + + Outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignments? eligibleAssignments) + { + ActiveAssignments = activeAssignments; + EligibleActivations = eligibleActivations; + EligibleAssignments = eligibleAssignments; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignments.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignments.cs new file mode 100644 index 000000000..d298318bf --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignments.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyNotificationRulesActiveAssignments + { + /// + /// Admin notification settings + /// + public readonly Outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications? AdminNotifications; + /// + /// Approver notification settings + /// + public readonly Outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications? ApproverNotifications; + /// + /// Assignee notification settings + /// + public readonly Outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications? AssigneeNotifications; + + [OutputConstructor] + private GroupRoleManagementPolicyNotificationRulesActiveAssignments( + Outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications? adminNotifications, + + Outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications? approverNotifications, + + Outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications? assigneeNotifications) + { + AdminNotifications = adminNotifications; + ApproverNotifications = approverNotifications; + AssigneeNotifications = assigneeNotifications; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications.cs new file mode 100644 index 000000000..d296e596f --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications + { + /// + /// The additional recipients to notify + /// + public readonly ImmutableArray AdditionalRecipients; + /// + /// Whether the default recipients are notified + /// + public readonly bool DefaultRecipients; + /// + /// What level of notifications are sent + /// + public readonly string NotificationLevel; + + [OutputConstructor] + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications( + ImmutableArray additionalRecipients, + + bool defaultRecipients, + + string notificationLevel) + { + AdditionalRecipients = additionalRecipients; + DefaultRecipients = defaultRecipients; + NotificationLevel = notificationLevel; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications.cs new file mode 100644 index 000000000..72a4bb846 --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications + { + /// + /// The additional recipients to notify + /// + public readonly ImmutableArray AdditionalRecipients; + /// + /// Whether the default recipients are notified + /// + public readonly bool DefaultRecipients; + /// + /// What level of notifications are sent + /// + public readonly string NotificationLevel; + + [OutputConstructor] + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications( + ImmutableArray additionalRecipients, + + bool defaultRecipients, + + string notificationLevel) + { + AdditionalRecipients = additionalRecipients; + DefaultRecipients = defaultRecipients; + NotificationLevel = notificationLevel; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications.cs new file mode 100644 index 000000000..d3b47f379 --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications + { + /// + /// The additional recipients to notify + /// + public readonly ImmutableArray AdditionalRecipients; + /// + /// Whether the default recipients are notified + /// + public readonly bool DefaultRecipients; + /// + /// What level of notifications are sent + /// + public readonly string NotificationLevel; + + [OutputConstructor] + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications( + ImmutableArray additionalRecipients, + + bool defaultRecipients, + + string notificationLevel) + { + AdditionalRecipients = additionalRecipients; + DefaultRecipients = defaultRecipients; + NotificationLevel = notificationLevel; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivations.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivations.cs new file mode 100644 index 000000000..cffbeb09f --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivations.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleActivations + { + /// + /// Admin notification settings + /// + public readonly Outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications? AdminNotifications; + /// + /// Approver notification settings + /// + public readonly Outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications? ApproverNotifications; + /// + /// Assignee notification settings + /// + public readonly Outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications? AssigneeNotifications; + + [OutputConstructor] + private GroupRoleManagementPolicyNotificationRulesEligibleActivations( + Outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications? adminNotifications, + + Outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications? approverNotifications, + + Outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications? assigneeNotifications) + { + AdminNotifications = adminNotifications; + ApproverNotifications = approverNotifications; + AssigneeNotifications = assigneeNotifications; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications.cs new file mode 100644 index 000000000..d7c534414 --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications + { + /// + /// The additional recipients to notify + /// + public readonly ImmutableArray AdditionalRecipients; + /// + /// Whether the default recipients are notified + /// + public readonly bool DefaultRecipients; + /// + /// What level of notifications are sent + /// + public readonly string NotificationLevel; + + [OutputConstructor] + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications( + ImmutableArray additionalRecipients, + + bool defaultRecipients, + + string notificationLevel) + { + AdditionalRecipients = additionalRecipients; + DefaultRecipients = defaultRecipients; + NotificationLevel = notificationLevel; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications.cs new file mode 100644 index 000000000..56c02c52a --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications + { + /// + /// The additional recipients to notify + /// + public readonly ImmutableArray AdditionalRecipients; + /// + /// Whether the default recipients are notified + /// + public readonly bool DefaultRecipients; + /// + /// What level of notifications are sent + /// + public readonly string NotificationLevel; + + [OutputConstructor] + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications( + ImmutableArray additionalRecipients, + + bool defaultRecipients, + + string notificationLevel) + { + AdditionalRecipients = additionalRecipients; + DefaultRecipients = defaultRecipients; + NotificationLevel = notificationLevel; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications.cs new file mode 100644 index 000000000..43ae67e3c --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications + { + /// + /// The additional recipients to notify + /// + public readonly ImmutableArray AdditionalRecipients; + /// + /// Whether the default recipients are notified + /// + public readonly bool DefaultRecipients; + /// + /// What level of notifications are sent + /// + public readonly string NotificationLevel; + + [OutputConstructor] + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications( + ImmutableArray additionalRecipients, + + bool defaultRecipients, + + string notificationLevel) + { + AdditionalRecipients = additionalRecipients; + DefaultRecipients = defaultRecipients; + NotificationLevel = notificationLevel; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignments.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignments.cs new file mode 100644 index 000000000..95487a914 --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignments.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleAssignments + { + /// + /// Admin notification settings + /// + public readonly Outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications? AdminNotifications; + /// + /// Approver notification settings + /// + public readonly Outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications? ApproverNotifications; + /// + /// Assignee notification settings + /// + public readonly Outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications? AssigneeNotifications; + + [OutputConstructor] + private GroupRoleManagementPolicyNotificationRulesEligibleAssignments( + Outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications? adminNotifications, + + Outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications? approverNotifications, + + Outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications? assigneeNotifications) + { + AdminNotifications = adminNotifications; + ApproverNotifications = approverNotifications; + AssigneeNotifications = assigneeNotifications; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications.cs new file mode 100644 index 000000000..6f4d1e304 --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications + { + /// + /// The additional recipients to notify + /// + public readonly ImmutableArray AdditionalRecipients; + /// + /// Whether the default recipients are notified + /// + public readonly bool DefaultRecipients; + /// + /// What level of notifications are sent + /// + public readonly string NotificationLevel; + + [OutputConstructor] + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications( + ImmutableArray additionalRecipients, + + bool defaultRecipients, + + string notificationLevel) + { + AdditionalRecipients = additionalRecipients; + DefaultRecipients = defaultRecipients; + NotificationLevel = notificationLevel; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications.cs new file mode 100644 index 000000000..953993a88 --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications + { + /// + /// The additional recipients to notify + /// + public readonly ImmutableArray AdditionalRecipients; + /// + /// Whether the default recipients are notified + /// + public readonly bool DefaultRecipients; + /// + /// What level of notifications are sent + /// + public readonly string NotificationLevel; + + [OutputConstructor] + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications( + ImmutableArray additionalRecipients, + + bool defaultRecipients, + + string notificationLevel) + { + AdditionalRecipients = additionalRecipients; + DefaultRecipients = defaultRecipients; + NotificationLevel = notificationLevel; + } + } +} diff --git a/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications.cs b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications.cs new file mode 100644 index 000000000..1f4315d87 --- /dev/null +++ b/sdk/dotnet/Outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications + { + /// + /// The additional recipients to notify + /// + public readonly ImmutableArray AdditionalRecipients; + /// + /// Whether the default recipients are notified + /// + public readonly bool DefaultRecipients; + /// + /// What level of notifications are sent + /// + public readonly string NotificationLevel; + + [OutputConstructor] + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications( + ImmutableArray additionalRecipients, + + bool defaultRecipients, + + string notificationLevel) + { + AdditionalRecipients = additionalRecipients; + DefaultRecipients = defaultRecipients; + NotificationLevel = notificationLevel; + } + } +} diff --git a/sdk/dotnet/Outputs/SynchronizationJobProvisionOnDemandParameter.cs b/sdk/dotnet/Outputs/SynchronizationJobProvisionOnDemandParameter.cs new file mode 100644 index 000000000..e56c03097 --- /dev/null +++ b/sdk/dotnet/Outputs/SynchronizationJobProvisionOnDemandParameter.cs @@ -0,0 +1,35 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class SynchronizationJobProvisionOnDemandParameter + { + /// + /// The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + /// + public readonly string RuleId; + /// + /// One or more `subject` blocks as documented below. + /// + public readonly ImmutableArray Subjects; + + [OutputConstructor] + private SynchronizationJobProvisionOnDemandParameter( + string ruleId, + + ImmutableArray subjects) + { + RuleId = ruleId; + Subjects = subjects; + } + } +} diff --git a/sdk/dotnet/Outputs/SynchronizationJobProvisionOnDemandParameterSubject.cs b/sdk/dotnet/Outputs/SynchronizationJobProvisionOnDemandParameterSubject.cs new file mode 100644 index 000000000..d2491aa19 --- /dev/null +++ b/sdk/dotnet/Outputs/SynchronizationJobProvisionOnDemandParameterSubject.cs @@ -0,0 +1,35 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD.Outputs +{ + + [OutputType] + public sealed class SynchronizationJobProvisionOnDemandParameterSubject + { + /// + /// The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + /// + public readonly string ObjectId; + /// + /// The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + /// + public readonly string ObjectTypeName; + + [OutputConstructor] + private SynchronizationJobProvisionOnDemandParameterSubject( + string objectId, + + string objectTypeName) + { + ObjectId = objectId; + ObjectTypeName = objectTypeName; + } + } +} diff --git a/sdk/dotnet/PrivilegedAccessGroupAssignmentSchedule.cs b/sdk/dotnet/PrivilegedAccessGroupAssignmentSchedule.cs new file mode 100644 index 000000000..bd0b1cbac --- /dev/null +++ b/sdk/dotnet/PrivilegedAccessGroupAssignmentSchedule.cs @@ -0,0 +1,327 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD +{ + /// + /// Manages an active assignment to a privileged access group. + /// + /// ## API Permissions + /// + /// The following API permissions are required in order to use this resource. + /// + /// When authenticated with a service principal, this resource requires the `PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup` Microsoft Graph API permissions. + /// + /// When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using AzureAD = Pulumi.AzureAD; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var example = new AzureAD.Group("example", new() + /// { + /// DisplayName = "group-name", + /// SecurityEnabled = true, + /// }); + /// + /// var member = new AzureAD.User("member", new() + /// { + /// UserPrincipalName = "jdoe@example.com", + /// DisplayName = "J. Doe", + /// MailNickname = "jdoe", + /// Password = "SecretP@sswd99!", + /// }); + /// + /// var examplePrivilegedAccessGroupAssignmentSchedule = new AzureAD.PrivilegedAccessGroupAssignmentSchedule("example", new() + /// { + /// GroupId = pim.Id, + /// PrincipalId = member.Id, + /// AssignmentType = "member", + /// Duration = "P30D", + /// Justification = "as requested", + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// An assignment schedule can be imported using the schedule ID, e.g. + /// + /// ```sh + /// $ pulumi import azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000 + /// ``` + /// + [AzureADResourceType("azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule")] + public partial class PrivilegedAccessGroupAssignmentSchedule : global::Pulumi.CustomResource + { + /// + /// The type of assignment to the group. Can be either `member` or `owner`. + /// + [Output("assignmentType")] + public Output AssignmentType { get; private set; } = null!; + + /// + /// The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + /// + [Output("duration")] + public Output Duration { get; private set; } = null!; + + /// + /// The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + /// + [Output("expirationDate")] + public Output ExpirationDate { get; private set; } = null!; + + /// + /// The Object ID of the Azure AD group to which the principal will be assigned. + /// + [Output("groupId")] + public Output GroupId { get; private set; } = null!; + + /// + /// The justification for this assignment. May be required by the role policy. + /// + [Output("justification")] + public Output Justification { get; private set; } = null!; + + /// + /// Is this assigment permanently valid. + /// + /// At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + /// + [Output("permanentAssignment")] + public Output PermanentAssignment { get; private set; } = null!; + + /// + /// The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + /// + [Output("principalId")] + public Output PrincipalId { get; private set; } = null!; + + /// + /// The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + /// + [Output("startDate")] + public Output StartDate { get; private set; } = null!; + + /// + /// (String) The provisioning status of this request. + /// + [Output("status")] + public Output Status { get; private set; } = null!; + + /// + /// The ticket number in the ticket system approving this assignment. May be required by the role policy. + /// + [Output("ticketNumber")] + public Output TicketNumber { get; private set; } = null!; + + /// + /// The ticket system containing the ticket number approving this assignment. May be required by the role policy. + /// + [Output("ticketSystem")] + public Output TicketSystem { get; private set; } = null!; + + + /// + /// Create a PrivilegedAccessGroupAssignmentSchedule resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public PrivilegedAccessGroupAssignmentSchedule(string name, PrivilegedAccessGroupAssignmentScheduleArgs args, CustomResourceOptions? options = null) + : base("azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule", name, args ?? new PrivilegedAccessGroupAssignmentScheduleArgs(), MakeResourceOptions(options, "")) + { + } + + private PrivilegedAccessGroupAssignmentSchedule(string name, Input id, PrivilegedAccessGroupAssignmentScheduleState? state = null, CustomResourceOptions? options = null) + : base("azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing PrivilegedAccessGroupAssignmentSchedule resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static PrivilegedAccessGroupAssignmentSchedule Get(string name, Input id, PrivilegedAccessGroupAssignmentScheduleState? state = null, CustomResourceOptions? options = null) + { + return new PrivilegedAccessGroupAssignmentSchedule(name, id, state, options); + } + } + + public sealed class PrivilegedAccessGroupAssignmentScheduleArgs : global::Pulumi.ResourceArgs + { + /// + /// The type of assignment to the group. Can be either `member` or `owner`. + /// + [Input("assignmentType", required: true)] + public Input AssignmentType { get; set; } = null!; + + /// + /// The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + /// + [Input("duration")] + public Input? Duration { get; set; } + + /// + /// The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + /// + [Input("expirationDate")] + public Input? ExpirationDate { get; set; } + + /// + /// The Object ID of the Azure AD group to which the principal will be assigned. + /// + [Input("groupId", required: true)] + public Input GroupId { get; set; } = null!; + + /// + /// The justification for this assignment. May be required by the role policy. + /// + [Input("justification")] + public Input? Justification { get; set; } + + /// + /// Is this assigment permanently valid. + /// + /// At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + /// + [Input("permanentAssignment")] + public Input? PermanentAssignment { get; set; } + + /// + /// The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + /// + [Input("principalId", required: true)] + public Input PrincipalId { get; set; } = null!; + + /// + /// The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + /// + [Input("startDate")] + public Input? StartDate { get; set; } + + /// + /// The ticket number in the ticket system approving this assignment. May be required by the role policy. + /// + [Input("ticketNumber")] + public Input? TicketNumber { get; set; } + + /// + /// The ticket system containing the ticket number approving this assignment. May be required by the role policy. + /// + [Input("ticketSystem")] + public Input? TicketSystem { get; set; } + + public PrivilegedAccessGroupAssignmentScheduleArgs() + { + } + public static new PrivilegedAccessGroupAssignmentScheduleArgs Empty => new PrivilegedAccessGroupAssignmentScheduleArgs(); + } + + public sealed class PrivilegedAccessGroupAssignmentScheduleState : global::Pulumi.ResourceArgs + { + /// + /// The type of assignment to the group. Can be either `member` or `owner`. + /// + [Input("assignmentType")] + public Input? AssignmentType { get; set; } + + /// + /// The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + /// + [Input("duration")] + public Input? Duration { get; set; } + + /// + /// The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + /// + [Input("expirationDate")] + public Input? ExpirationDate { get; set; } + + /// + /// The Object ID of the Azure AD group to which the principal will be assigned. + /// + [Input("groupId")] + public Input? GroupId { get; set; } + + /// + /// The justification for this assignment. May be required by the role policy. + /// + [Input("justification")] + public Input? Justification { get; set; } + + /// + /// Is this assigment permanently valid. + /// + /// At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + /// + [Input("permanentAssignment")] + public Input? PermanentAssignment { get; set; } + + /// + /// The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + /// + [Input("principalId")] + public Input? PrincipalId { get; set; } + + /// + /// The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + /// + [Input("startDate")] + public Input? StartDate { get; set; } + + /// + /// (String) The provisioning status of this request. + /// + [Input("status")] + public Input? Status { get; set; } + + /// + /// The ticket number in the ticket system approving this assignment. May be required by the role policy. + /// + [Input("ticketNumber")] + public Input? TicketNumber { get; set; } + + /// + /// The ticket system containing the ticket number approving this assignment. May be required by the role policy. + /// + [Input("ticketSystem")] + public Input? TicketSystem { get; set; } + + public PrivilegedAccessGroupAssignmentScheduleState() + { + } + public static new PrivilegedAccessGroupAssignmentScheduleState Empty => new PrivilegedAccessGroupAssignmentScheduleState(); + } +} diff --git a/sdk/dotnet/PrivilegedAccessGroupEligibilitySchedule.cs b/sdk/dotnet/PrivilegedAccessGroupEligibilitySchedule.cs new file mode 100644 index 000000000..688b3df0a --- /dev/null +++ b/sdk/dotnet/PrivilegedAccessGroupEligibilitySchedule.cs @@ -0,0 +1,327 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD +{ + /// + /// Manages an eligible assignment to a privileged access group. + /// + /// ## API Permissions + /// + /// The following API permissions are required in order to use this resource. + /// + /// When authenticated with a service principal, this resource requires the `PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup` Microsoft Graph API permissions. + /// + /// When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using AzureAD = Pulumi.AzureAD; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var example = new AzureAD.Group("example", new() + /// { + /// DisplayName = "group-name", + /// SecurityEnabled = true, + /// }); + /// + /// var member = new AzureAD.User("member", new() + /// { + /// UserPrincipalName = "jdoe@example.com", + /// DisplayName = "J. Doe", + /// MailNickname = "jdoe", + /// Password = "SecretP@sswd99!", + /// }); + /// + /// var examplePrivilegedAccessGroupEligibilitySchedule = new AzureAD.PrivilegedAccessGroupEligibilitySchedule("example", new() + /// { + /// GroupId = pim.Id, + /// PrincipalId = member.Id, + /// AssignmentType = "member", + /// Duration = "P30D", + /// Justification = "as requested", + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// An assignment schedule can be imported using the schedule ID, e.g. + /// + /// ```sh + /// $ pulumi import azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000 + /// ``` + /// + [AzureADResourceType("azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule")] + public partial class PrivilegedAccessGroupEligibilitySchedule : global::Pulumi.CustomResource + { + /// + /// The type of assignment to the group. Can be either `member` or `owner`. + /// + [Output("assignmentType")] + public Output AssignmentType { get; private set; } = null!; + + /// + /// The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + /// + [Output("duration")] + public Output Duration { get; private set; } = null!; + + /// + /// The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + /// + [Output("expirationDate")] + public Output ExpirationDate { get; private set; } = null!; + + /// + /// The Object ID of the Azure AD group to which the principal will be assigned. + /// + [Output("groupId")] + public Output GroupId { get; private set; } = null!; + + /// + /// The justification for this assignment. May be required by the role policy. + /// + [Output("justification")] + public Output Justification { get; private set; } = null!; + + /// + /// Is this assigment permanently valid. + /// + /// At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + /// + [Output("permanentAssignment")] + public Output PermanentAssignment { get; private set; } = null!; + + /// + /// The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + /// + [Output("principalId")] + public Output PrincipalId { get; private set; } = null!; + + /// + /// The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + /// + [Output("startDate")] + public Output StartDate { get; private set; } = null!; + + /// + /// (String) The provisioning status of this request. + /// + [Output("status")] + public Output Status { get; private set; } = null!; + + /// + /// The ticket number in the ticket system approving this assignment. May be required by the role policy. + /// + [Output("ticketNumber")] + public Output TicketNumber { get; private set; } = null!; + + /// + /// The ticket system containing the ticket number approving this assignment. May be required by the role policy. + /// + [Output("ticketSystem")] + public Output TicketSystem { get; private set; } = null!; + + + /// + /// Create a PrivilegedAccessGroupEligibilitySchedule resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public PrivilegedAccessGroupEligibilitySchedule(string name, PrivilegedAccessGroupEligibilityScheduleArgs args, CustomResourceOptions? options = null) + : base("azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule", name, args ?? new PrivilegedAccessGroupEligibilityScheduleArgs(), MakeResourceOptions(options, "")) + { + } + + private PrivilegedAccessGroupEligibilitySchedule(string name, Input id, PrivilegedAccessGroupEligibilityScheduleState? state = null, CustomResourceOptions? options = null) + : base("azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing PrivilegedAccessGroupEligibilitySchedule resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static PrivilegedAccessGroupEligibilitySchedule Get(string name, Input id, PrivilegedAccessGroupEligibilityScheduleState? state = null, CustomResourceOptions? options = null) + { + return new PrivilegedAccessGroupEligibilitySchedule(name, id, state, options); + } + } + + public sealed class PrivilegedAccessGroupEligibilityScheduleArgs : global::Pulumi.ResourceArgs + { + /// + /// The type of assignment to the group. Can be either `member` or `owner`. + /// + [Input("assignmentType", required: true)] + public Input AssignmentType { get; set; } = null!; + + /// + /// The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + /// + [Input("duration")] + public Input? Duration { get; set; } + + /// + /// The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + /// + [Input("expirationDate")] + public Input? ExpirationDate { get; set; } + + /// + /// The Object ID of the Azure AD group to which the principal will be assigned. + /// + [Input("groupId", required: true)] + public Input GroupId { get; set; } = null!; + + /// + /// The justification for this assignment. May be required by the role policy. + /// + [Input("justification")] + public Input? Justification { get; set; } + + /// + /// Is this assigment permanently valid. + /// + /// At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + /// + [Input("permanentAssignment")] + public Input? PermanentAssignment { get; set; } + + /// + /// The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + /// + [Input("principalId", required: true)] + public Input PrincipalId { get; set; } = null!; + + /// + /// The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + /// + [Input("startDate")] + public Input? StartDate { get; set; } + + /// + /// The ticket number in the ticket system approving this assignment. May be required by the role policy. + /// + [Input("ticketNumber")] + public Input? TicketNumber { get; set; } + + /// + /// The ticket system containing the ticket number approving this assignment. May be required by the role policy. + /// + [Input("ticketSystem")] + public Input? TicketSystem { get; set; } + + public PrivilegedAccessGroupEligibilityScheduleArgs() + { + } + public static new PrivilegedAccessGroupEligibilityScheduleArgs Empty => new PrivilegedAccessGroupEligibilityScheduleArgs(); + } + + public sealed class PrivilegedAccessGroupEligibilityScheduleState : global::Pulumi.ResourceArgs + { + /// + /// The type of assignment to the group. Can be either `member` or `owner`. + /// + [Input("assignmentType")] + public Input? AssignmentType { get; set; } + + /// + /// The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + /// + [Input("duration")] + public Input? Duration { get; set; } + + /// + /// The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + /// + [Input("expirationDate")] + public Input? ExpirationDate { get; set; } + + /// + /// The Object ID of the Azure AD group to which the principal will be assigned. + /// + [Input("groupId")] + public Input? GroupId { get; set; } + + /// + /// The justification for this assignment. May be required by the role policy. + /// + [Input("justification")] + public Input? Justification { get; set; } + + /// + /// Is this assigment permanently valid. + /// + /// At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + /// + [Input("permanentAssignment")] + public Input? PermanentAssignment { get; set; } + + /// + /// The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + /// + [Input("principalId")] + public Input? PrincipalId { get; set; } + + /// + /// The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + /// + [Input("startDate")] + public Input? StartDate { get; set; } + + /// + /// (String) The provisioning status of this request. + /// + [Input("status")] + public Input? Status { get; set; } + + /// + /// The ticket number in the ticket system approving this assignment. May be required by the role policy. + /// + [Input("ticketNumber")] + public Input? TicketNumber { get; set; } + + /// + /// The ticket system containing the ticket number approving this assignment. May be required by the role policy. + /// + [Input("ticketSystem")] + public Input? TicketSystem { get; set; } + + public PrivilegedAccessGroupEligibilityScheduleState() + { + } + public static new PrivilegedAccessGroupEligibilityScheduleState Empty => new PrivilegedAccessGroupEligibilityScheduleState(); + } +} diff --git a/sdk/dotnet/SynchronizationJobProvisionOnDemand.cs b/sdk/dotnet/SynchronizationJobProvisionOnDemand.cs new file mode 100644 index 000000000..42a00e60b --- /dev/null +++ b/sdk/dotnet/SynchronizationJobProvisionOnDemand.cs @@ -0,0 +1,270 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureAD +{ + /// + /// Manages synchronization job on demand provisioning associated with a service principal (enterprise application) within Azure Active Directory. + /// + /// ## API Permissions + /// + /// The following API permissions are required in order to use this resource. + /// + /// When authenticated with a service principal, this resource requires one of the following application roles: `Synchronization.ReadWrite.All` + /// + /// ## Example Usage + /// + /// *Basic example* + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using AzureAD = Pulumi.AzureAD; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var current = AzureAD.GetClientConfig.Invoke(); + /// + /// var exampleGroup = new AzureAD.Group("example", new() + /// { + /// DisplayName = "example", + /// Owners = new[] + /// { + /// current.Apply(getClientConfigResult => getClientConfigResult.ObjectId), + /// }, + /// SecurityEnabled = true, + /// }); + /// + /// var example = AzureAD.GetApplicationTemplate.Invoke(new() + /// { + /// DisplayName = "Azure Databricks SCIM Provisioning Connector", + /// }); + /// + /// var exampleApplication = new AzureAD.Application("example", new() + /// { + /// DisplayName = "example", + /// TemplateId = example.Apply(getApplicationTemplateResult => getApplicationTemplateResult.TemplateId), + /// FeatureTags = new[] + /// { + /// new AzureAD.Inputs.ApplicationFeatureTagArgs + /// { + /// Enterprise = true, + /// Gallery = true, + /// }, + /// }, + /// }); + /// + /// var exampleServicePrincipal = new AzureAD.ServicePrincipal("example", new() + /// { + /// ClientId = exampleApplication.ClientId, + /// UseExisting = true, + /// }); + /// + /// var exampleSynchronizationSecret = new AzureAD.SynchronizationSecret("example", new() + /// { + /// ServicePrincipalId = exampleServicePrincipal.Id, + /// Credentials = new[] + /// { + /// new AzureAD.Inputs.SynchronizationSecretCredentialArgs + /// { + /// Key = "BaseAddress", + /// Value = "https://adb-example.azuredatabricks.net/api/2.0/preview/scim", + /// }, + /// new AzureAD.Inputs.SynchronizationSecretCredentialArgs + /// { + /// Key = "SecretToken", + /// Value = "some-token", + /// }, + /// }, + /// }); + /// + /// var exampleSynchronizationJob = new AzureAD.SynchronizationJob("example", new() + /// { + /// ServicePrincipalId = exampleServicePrincipal.Id, + /// TemplateId = "dataBricks", + /// Enabled = true, + /// }); + /// + /// var exampleSynchronizationJobProvisionOnDemand = new AzureAD.SynchronizationJobProvisionOnDemand("example", new() + /// { + /// ServicePrincipalId = exampleServicePrincipal.Id, + /// SynchronizationJobId = exampleSynchronizationJob.Id, + /// Parameters = new[] + /// { + /// new AzureAD.Inputs.SynchronizationJobProvisionOnDemandParameterArgs + /// { + /// RuleId = "", + /// Subjects = new[] + /// { + /// new AzureAD.Inputs.SynchronizationJobProvisionOnDemandParameterSubjectArgs + /// { + /// ObjectId = exampleGroup.ObjectId, + /// ObjectTypeName = "Group", + /// }, + /// }, + /// }, + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// This resource does not support importing. + /// + [AzureADResourceType("azuread:index/synchronizationJobProvisionOnDemand:SynchronizationJobProvisionOnDemand")] + public partial class SynchronizationJobProvisionOnDemand : global::Pulumi.CustomResource + { + /// + /// One or more `parameter` blocks as documented below. + /// + [Output("parameters")] + public Output> Parameters { get; private set; } = null!; + + /// + /// The object ID of the service principal for the synchronization job. + /// + [Output("servicePrincipalId")] + public Output ServicePrincipalId { get; private set; } = null!; + + /// + /// Identifier of the synchronization template this job is based on. + /// + [Output("synchronizationJobId")] + public Output SynchronizationJobId { get; private set; } = null!; + + [Output("triggers")] + public Output?> Triggers { get; private set; } = null!; + + + /// + /// Create a SynchronizationJobProvisionOnDemand resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public SynchronizationJobProvisionOnDemand(string name, SynchronizationJobProvisionOnDemandArgs args, CustomResourceOptions? options = null) + : base("azuread:index/synchronizationJobProvisionOnDemand:SynchronizationJobProvisionOnDemand", name, args ?? new SynchronizationJobProvisionOnDemandArgs(), MakeResourceOptions(options, "")) + { + } + + private SynchronizationJobProvisionOnDemand(string name, Input id, SynchronizationJobProvisionOnDemandState? state = null, CustomResourceOptions? options = null) + : base("azuread:index/synchronizationJobProvisionOnDemand:SynchronizationJobProvisionOnDemand", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing SynchronizationJobProvisionOnDemand resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static SynchronizationJobProvisionOnDemand Get(string name, Input id, SynchronizationJobProvisionOnDemandState? state = null, CustomResourceOptions? options = null) + { + return new SynchronizationJobProvisionOnDemand(name, id, state, options); + } + } + + public sealed class SynchronizationJobProvisionOnDemandArgs : global::Pulumi.ResourceArgs + { + [Input("parameters", required: true)] + private InputList? _parameters; + + /// + /// One or more `parameter` blocks as documented below. + /// + public InputList Parameters + { + get => _parameters ?? (_parameters = new InputList()); + set => _parameters = value; + } + + /// + /// The object ID of the service principal for the synchronization job. + /// + [Input("servicePrincipalId", required: true)] + public Input ServicePrincipalId { get; set; } = null!; + + /// + /// Identifier of the synchronization template this job is based on. + /// + [Input("synchronizationJobId", required: true)] + public Input SynchronizationJobId { get; set; } = null!; + + [Input("triggers")] + private InputMap? _triggers; + public InputMap Triggers + { + get => _triggers ?? (_triggers = new InputMap()); + set => _triggers = value; + } + + public SynchronizationJobProvisionOnDemandArgs() + { + } + public static new SynchronizationJobProvisionOnDemandArgs Empty => new SynchronizationJobProvisionOnDemandArgs(); + } + + public sealed class SynchronizationJobProvisionOnDemandState : global::Pulumi.ResourceArgs + { + [Input("parameters")] + private InputList? _parameters; + + /// + /// One or more `parameter` blocks as documented below. + /// + public InputList Parameters + { + get => _parameters ?? (_parameters = new InputList()); + set => _parameters = value; + } + + /// + /// The object ID of the service principal for the synchronization job. + /// + [Input("servicePrincipalId")] + public Input? ServicePrincipalId { get; set; } + + /// + /// Identifier of the synchronization template this job is based on. + /// + [Input("synchronizationJobId")] + public Input? SynchronizationJobId { get; set; } + + [Input("triggers")] + private InputMap? _triggers; + public InputMap Triggers + { + get => _triggers ?? (_triggers = new InputMap()); + set => _triggers = value; + } + + public SynchronizationJobProvisionOnDemandState() + { + } + public static new SynchronizationJobProvisionOnDemandState Empty => new SynchronizationJobProvisionOnDemandState(); + } +} diff --git a/sdk/go/azuread/application.go b/sdk/go/azuread/application.go index c002f26c3..f494510d9 100644 --- a/sdk/go/azuread/application.go +++ b/sdk/go/azuread/application.go @@ -252,7 +252,7 @@ type Application struct { // // > **Features and Tags** Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `featureTags` and `tags` for an application at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Tag values also propagate to any linked service principals. FeatureTags ApplicationFeatureTagArrayOutput `pulumi:"featureTags"` - // Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + // A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. GroupMembershipClaims pulumi.StringArrayOutput `pulumi:"groupMembershipClaims"` // A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. IdentifierUris pulumi.StringArrayOutput `pulumi:"identifierUris"` @@ -369,7 +369,7 @@ type applicationState struct { // // > **Features and Tags** Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `featureTags` and `tags` for an application at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Tag values also propagate to any linked service principals. FeatureTags []ApplicationFeatureTag `pulumi:"featureTags"` - // Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + // A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. GroupMembershipClaims []string `pulumi:"groupMembershipClaims"` // A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. IdentifierUris []string `pulumi:"identifierUris"` @@ -454,7 +454,7 @@ type ApplicationState struct { // // > **Features and Tags** Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `featureTags` and `tags` for an application at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Tag values also propagate to any linked service principals. FeatureTags ApplicationFeatureTagArrayInput - // Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + // A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. GroupMembershipClaims pulumi.StringArrayInput // A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. IdentifierUris pulumi.StringArrayInput @@ -533,7 +533,7 @@ type applicationArgs struct { // // > **Features and Tags** Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `featureTags` and `tags` for an application at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Tag values also propagate to any linked service principals. FeatureTags []ApplicationFeatureTag `pulumi:"featureTags"` - // Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + // A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. GroupMembershipClaims []string `pulumi:"groupMembershipClaims"` // A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. IdentifierUris []string `pulumi:"identifierUris"` @@ -601,7 +601,7 @@ type ApplicationArgs struct { // // > **Features and Tags** Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `featureTags` and `tags` for an application at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Tag values also propagate to any linked service principals. FeatureTags ApplicationFeatureTagArrayInput - // Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + // A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. GroupMembershipClaims pulumi.StringArrayInput // A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. IdentifierUris pulumi.StringArrayInput @@ -797,7 +797,7 @@ func (o ApplicationOutput) FeatureTags() ApplicationFeatureTagArrayOutput { return o.ApplyT(func(v *Application) ApplicationFeatureTagArrayOutput { return v.FeatureTags }).(ApplicationFeatureTagArrayOutput) } -// Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. +// A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. func (o ApplicationOutput) GroupMembershipClaims() pulumi.StringArrayOutput { return o.ApplyT(func(v *Application) pulumi.StringArrayOutput { return v.GroupMembershipClaims }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/azuread/getGroup.go b/sdk/go/azuread/getGroup.go index de4a5173b..2792ed43b 100644 --- a/sdk/go/azuread/getGroup.go +++ b/sdk/go/azuread/getGroup.go @@ -63,6 +63,8 @@ func LookupGroup(ctx *pulumi.Context, args *LookupGroupArgs, opts ...pulumi.Invo type LookupGroupArgs struct { // The display name for the group. DisplayName *string `pulumi:"displayName"` + // Whether to include transitive members (a flat list of all nested members). Defaults to `false`. + IncludeTransitiveMembers *bool `pulumi:"includeTransitiveMembers"` // Whether the group is mail-enabled. MailEnabled *bool `pulumi:"mailEnabled"` // The mail alias for the group, unique in the organisation. @@ -96,14 +98,15 @@ type LookupGroupResult struct { // Indicates whether the group is displayed in Outlook clients, such as Outlook for Windows and Outlook on the web. Only set for Unified groups. HideFromOutlookClients bool `pulumi:"hideFromOutlookClients"` // The provider-assigned unique ID for this managed resource. - Id string `pulumi:"id"` + Id string `pulumi:"id"` + IncludeTransitiveMembers *bool `pulumi:"includeTransitiveMembers"` // The SMTP address for the group. Mail string `pulumi:"mail"` // Whether the group is mail-enabled. MailEnabled bool `pulumi:"mailEnabled"` // The mail alias for the group, unique in the organisation. MailNickname string `pulumi:"mailNickname"` - // List of object IDs of the group members. + // List of object IDs of the group members. When `includeTransitiveMembers` is `true`, contains a list of object IDs of all transitive group members. Members []string `pulumi:"members"` // The object ID of the group. ObjectId string `pulumi:"objectId"` @@ -156,6 +159,8 @@ func LookupGroupOutput(ctx *pulumi.Context, args LookupGroupOutputArgs, opts ... type LookupGroupOutputArgs struct { // The display name for the group. DisplayName pulumi.StringPtrInput `pulumi:"displayName"` + // Whether to include transitive members (a flat list of all nested members). Defaults to `false`. + IncludeTransitiveMembers pulumi.BoolPtrInput `pulumi:"includeTransitiveMembers"` // Whether the group is mail-enabled. MailEnabled pulumi.BoolPtrInput `pulumi:"mailEnabled"` // The mail alias for the group, unique in the organisation. @@ -237,6 +242,10 @@ func (o LookupGroupResultOutput) Id() pulumi.StringOutput { return o.ApplyT(func(v LookupGroupResult) string { return v.Id }).(pulumi.StringOutput) } +func (o LookupGroupResultOutput) IncludeTransitiveMembers() pulumi.BoolPtrOutput { + return o.ApplyT(func(v LookupGroupResult) *bool { return v.IncludeTransitiveMembers }).(pulumi.BoolPtrOutput) +} + // The SMTP address for the group. func (o LookupGroupResultOutput) Mail() pulumi.StringOutput { return o.ApplyT(func(v LookupGroupResult) string { return v.Mail }).(pulumi.StringOutput) @@ -252,7 +261,7 @@ func (o LookupGroupResultOutput) MailNickname() pulumi.StringOutput { return o.ApplyT(func(v LookupGroupResult) string { return v.MailNickname }).(pulumi.StringOutput) } -// List of object IDs of the group members. +// List of object IDs of the group members. When `includeTransitiveMembers` is `true`, contains a list of object IDs of all transitive group members. func (o LookupGroupResultOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupGroupResult) []string { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/azuread/getGroupRoleManagementPolicy.go b/sdk/go/azuread/getGroupRoleManagementPolicy.go new file mode 100644 index 000000000..a21ecc98f --- /dev/null +++ b/sdk/go/azuread/getGroupRoleManagementPolicy.go @@ -0,0 +1,149 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package azuread + +import ( + "context" + "reflect" + + "github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Use this data source to retrieve a role policy for an Azure AD group. +// +// ## API Permissions +// +// The following API permissions are required in order to use this resource. +// +// When authenticated with a service principal, this resource requires the `RoleManagementPolicy.Read.AzureADGroup` Microsoft Graph API permissions. +// +// When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. +// +// ## Example Usage +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// example, err := azuread.NewGroup(ctx, "example", &azuread.GroupArgs{ +// DisplayName: pulumi.String("group-name"), +// SecurityEnabled: pulumi.Bool(true), +// }) +// if err != nil { +// return err +// } +// _ = azuread.LookupGroupRoleManagementPolicyOutput(ctx, azuread.GetGroupRoleManagementPolicyOutputArgs{ +// GroupId: example.ID(), +// RoleId: pulumi.String("owner"), +// }, nil) +// return nil +// }) +// } +// +// ``` +func LookupGroupRoleManagementPolicy(ctx *pulumi.Context, args *LookupGroupRoleManagementPolicyArgs, opts ...pulumi.InvokeOption) (*LookupGroupRoleManagementPolicyResult, error) { + opts = internal.PkgInvokeDefaultOpts(opts) + var rv LookupGroupRoleManagementPolicyResult + err := ctx.Invoke("azuread:index/getGroupRoleManagementPolicy:getGroupRoleManagementPolicy", args, &rv, opts...) + if err != nil { + return nil, err + } + return &rv, nil +} + +// A collection of arguments for invoking getGroupRoleManagementPolicy. +type LookupGroupRoleManagementPolicyArgs struct { + // The ID of the Azure AD group for which the policy applies. + GroupId string `pulumi:"groupId"` + // The type of assignment this policy coveres. Can be either `member` or `owner`. + RoleId string `pulumi:"roleId"` +} + +// A collection of values returned by getGroupRoleManagementPolicy. +type LookupGroupRoleManagementPolicyResult struct { + // (String) The description of this policy. + Description string `pulumi:"description"` + // (String) The display name of this policy. + DisplayName string `pulumi:"displayName"` + GroupId string `pulumi:"groupId"` + // The provider-assigned unique ID for this managed resource. + Id string `pulumi:"id"` + RoleId string `pulumi:"roleId"` +} + +func LookupGroupRoleManagementPolicyOutput(ctx *pulumi.Context, args LookupGroupRoleManagementPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupGroupRoleManagementPolicyResultOutput { + return pulumi.ToOutputWithContext(context.Background(), args). + ApplyT(func(v interface{}) (LookupGroupRoleManagementPolicyResult, error) { + args := v.(LookupGroupRoleManagementPolicyArgs) + r, err := LookupGroupRoleManagementPolicy(ctx, &args, opts...) + var s LookupGroupRoleManagementPolicyResult + if r != nil { + s = *r + } + return s, err + }).(LookupGroupRoleManagementPolicyResultOutput) +} + +// A collection of arguments for invoking getGroupRoleManagementPolicy. +type LookupGroupRoleManagementPolicyOutputArgs struct { + // The ID of the Azure AD group for which the policy applies. + GroupId pulumi.StringInput `pulumi:"groupId"` + // The type of assignment this policy coveres. Can be either `member` or `owner`. + RoleId pulumi.StringInput `pulumi:"roleId"` +} + +func (LookupGroupRoleManagementPolicyOutputArgs) ElementType() reflect.Type { + return reflect.TypeOf((*LookupGroupRoleManagementPolicyArgs)(nil)).Elem() +} + +// A collection of values returned by getGroupRoleManagementPolicy. +type LookupGroupRoleManagementPolicyResultOutput struct{ *pulumi.OutputState } + +func (LookupGroupRoleManagementPolicyResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*LookupGroupRoleManagementPolicyResult)(nil)).Elem() +} + +func (o LookupGroupRoleManagementPolicyResultOutput) ToLookupGroupRoleManagementPolicyResultOutput() LookupGroupRoleManagementPolicyResultOutput { + return o +} + +func (o LookupGroupRoleManagementPolicyResultOutput) ToLookupGroupRoleManagementPolicyResultOutputWithContext(ctx context.Context) LookupGroupRoleManagementPolicyResultOutput { + return o +} + +// (String) The description of this policy. +func (o LookupGroupRoleManagementPolicyResultOutput) Description() pulumi.StringOutput { + return o.ApplyT(func(v LookupGroupRoleManagementPolicyResult) string { return v.Description }).(pulumi.StringOutput) +} + +// (String) The display name of this policy. +func (o LookupGroupRoleManagementPolicyResultOutput) DisplayName() pulumi.StringOutput { + return o.ApplyT(func(v LookupGroupRoleManagementPolicyResult) string { return v.DisplayName }).(pulumi.StringOutput) +} + +func (o LookupGroupRoleManagementPolicyResultOutput) GroupId() pulumi.StringOutput { + return o.ApplyT(func(v LookupGroupRoleManagementPolicyResult) string { return v.GroupId }).(pulumi.StringOutput) +} + +// The provider-assigned unique ID for this managed resource. +func (o LookupGroupRoleManagementPolicyResultOutput) Id() pulumi.StringOutput { + return o.ApplyT(func(v LookupGroupRoleManagementPolicyResult) string { return v.Id }).(pulumi.StringOutput) +} + +func (o LookupGroupRoleManagementPolicyResultOutput) RoleId() pulumi.StringOutput { + return o.ApplyT(func(v LookupGroupRoleManagementPolicyResult) string { return v.RoleId }).(pulumi.StringOutput) +} + +func init() { + pulumi.RegisterOutputType(LookupGroupRoleManagementPolicyResultOutput{}) +} diff --git a/sdk/go/azuread/getServicePrincipals.go b/sdk/go/azuread/getServicePrincipals.go index dd49f3a6e..eda5eaee6 100644 --- a/sdk/go/azuread/getServicePrincipals.go +++ b/sdk/go/azuread/getServicePrincipals.go @@ -52,7 +52,7 @@ import ( // // ``` // -// *Look up by application IDs (client IDs* +// *Look up by application IDs (client IDs)* // // ```go // package main diff --git a/sdk/go/azuread/group.go b/sdk/go/azuread/group.go index 3fa50f45e..621aad586 100644 --- a/sdk/go/azuread/group.go +++ b/sdk/go/azuread/group.go @@ -22,7 +22,7 @@ import ( // // Alternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`. // -// If using the `assignableToRole` property, this resource additionally requires one of the following application roles: `RoleManagement.ReadWrite.Directory` or `Directory.ReadWrite.All` +// If using the `assignableToRole` property, this resource additionally requires the `RoleManagement.ReadWrite.Directory` application role. // // If specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All` // @@ -139,7 +139,7 @@ type Group struct { // // > **Known Permissions Issue** The `autoSubscribeNewMembers` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation. AutoSubscribeNewMembers pulumi.BoolOutput `pulumi:"autoSubscribeNewMembers"` - // A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + // A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. Behaviors pulumi.StringArrayOutput `pulumi:"behaviors"` // The description for the group. Description pulumi.StringPtrOutput `pulumi:"description"` @@ -252,7 +252,7 @@ type groupState struct { // // > **Known Permissions Issue** The `autoSubscribeNewMembers` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation. AutoSubscribeNewMembers *bool `pulumi:"autoSubscribeNewMembers"` - // A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + // A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. Behaviors []string `pulumi:"behaviors"` // The description for the group. Description *string `pulumi:"description"` @@ -333,7 +333,7 @@ type GroupState struct { // // > **Known Permissions Issue** The `autoSubscribeNewMembers` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation. AutoSubscribeNewMembers pulumi.BoolPtrInput - // A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + // A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. Behaviors pulumi.StringArrayInput // The description for the group. Description pulumi.StringPtrInput @@ -418,7 +418,7 @@ type groupArgs struct { // // > **Known Permissions Issue** The `autoSubscribeNewMembers` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation. AutoSubscribeNewMembers *bool `pulumi:"autoSubscribeNewMembers"` - // A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + // A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. Behaviors []string `pulumi:"behaviors"` // The description for the group. Description *string `pulumi:"description"` @@ -482,7 +482,7 @@ type GroupArgs struct { // // > **Known Permissions Issue** The `autoSubscribeNewMembers` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation. AutoSubscribeNewMembers pulumi.BoolPtrInput - // A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + // A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. Behaviors pulumi.StringArrayInput // The description for the group. Description pulumi.StringPtrInput @@ -640,7 +640,7 @@ func (o GroupOutput) AutoSubscribeNewMembers() pulumi.BoolOutput { return o.ApplyT(func(v *Group) pulumi.BoolOutput { return v.AutoSubscribeNewMembers }).(pulumi.BoolOutput) } -// A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. +// A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. func (o GroupOutput) Behaviors() pulumi.StringArrayOutput { return o.ApplyT(func(v *Group) pulumi.StringArrayOutput { return v.Behaviors }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/azuread/groupRoleManagementPolicy.go b/sdk/go/azuread/groupRoleManagementPolicy.go new file mode 100644 index 000000000..1c2072619 --- /dev/null +++ b/sdk/go/azuread/groupRoleManagementPolicy.go @@ -0,0 +1,335 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package azuread + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Manage a role policy for an Azure AD group. +// +// ## API Permissions +// +// The following API permissions are required in order to use this resource. +// +// When authenticated with a service principal, this resource requires the `RoleManagementPolicy.ReadWrite.AzureADGroup` Microsoft Graph API permissions. +// +// When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. +type GroupRoleManagementPolicy struct { + pulumi.CustomResourceState + + // An `activationRules` block as defined below. + ActivationRules GroupRoleManagementPolicyActivationRulesOutput `pulumi:"activationRules"` + // An `activeAssignmentRules` block as defined below. + ActiveAssignmentRules GroupRoleManagementPolicyActiveAssignmentRulesOutput `pulumi:"activeAssignmentRules"` + // (String) The description of this policy. + Description pulumi.StringOutput `pulumi:"description"` + // (String) The display name of this policy. + DisplayName pulumi.StringOutput `pulumi:"displayName"` + // An `eligibleAssignmentRules` block as defined below. + EligibleAssignmentRules GroupRoleManagementPolicyEligibleAssignmentRulesOutput `pulumi:"eligibleAssignmentRules"` + // The ID of the Azure AD group for which the policy applies. + GroupId pulumi.StringOutput `pulumi:"groupId"` + // A `notificationRules` block as defined below. + NotificationRules GroupRoleManagementPolicyNotificationRulesOutput `pulumi:"notificationRules"` + // The type of assignment this policy coveres. Can be either `member` or `owner`. + RoleId pulumi.StringOutput `pulumi:"roleId"` +} + +// NewGroupRoleManagementPolicy registers a new resource with the given unique name, arguments, and options. +func NewGroupRoleManagementPolicy(ctx *pulumi.Context, + name string, args *GroupRoleManagementPolicyArgs, opts ...pulumi.ResourceOption) (*GroupRoleManagementPolicy, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.GroupId == nil { + return nil, errors.New("invalid value for required argument 'GroupId'") + } + if args.RoleId == nil { + return nil, errors.New("invalid value for required argument 'RoleId'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource GroupRoleManagementPolicy + err := ctx.RegisterResource("azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetGroupRoleManagementPolicy gets an existing GroupRoleManagementPolicy resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetGroupRoleManagementPolicy(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *GroupRoleManagementPolicyState, opts ...pulumi.ResourceOption) (*GroupRoleManagementPolicy, error) { + var resource GroupRoleManagementPolicy + err := ctx.ReadResource("azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering GroupRoleManagementPolicy resources. +type groupRoleManagementPolicyState struct { + // An `activationRules` block as defined below. + ActivationRules *GroupRoleManagementPolicyActivationRules `pulumi:"activationRules"` + // An `activeAssignmentRules` block as defined below. + ActiveAssignmentRules *GroupRoleManagementPolicyActiveAssignmentRules `pulumi:"activeAssignmentRules"` + // (String) The description of this policy. + Description *string `pulumi:"description"` + // (String) The display name of this policy. + DisplayName *string `pulumi:"displayName"` + // An `eligibleAssignmentRules` block as defined below. + EligibleAssignmentRules *GroupRoleManagementPolicyEligibleAssignmentRules `pulumi:"eligibleAssignmentRules"` + // The ID of the Azure AD group for which the policy applies. + GroupId *string `pulumi:"groupId"` + // A `notificationRules` block as defined below. + NotificationRules *GroupRoleManagementPolicyNotificationRules `pulumi:"notificationRules"` + // The type of assignment this policy coveres. Can be either `member` or `owner`. + RoleId *string `pulumi:"roleId"` +} + +type GroupRoleManagementPolicyState struct { + // An `activationRules` block as defined below. + ActivationRules GroupRoleManagementPolicyActivationRulesPtrInput + // An `activeAssignmentRules` block as defined below. + ActiveAssignmentRules GroupRoleManagementPolicyActiveAssignmentRulesPtrInput + // (String) The description of this policy. + Description pulumi.StringPtrInput + // (String) The display name of this policy. + DisplayName pulumi.StringPtrInput + // An `eligibleAssignmentRules` block as defined below. + EligibleAssignmentRules GroupRoleManagementPolicyEligibleAssignmentRulesPtrInput + // The ID of the Azure AD group for which the policy applies. + GroupId pulumi.StringPtrInput + // A `notificationRules` block as defined below. + NotificationRules GroupRoleManagementPolicyNotificationRulesPtrInput + // The type of assignment this policy coveres. Can be either `member` or `owner`. + RoleId pulumi.StringPtrInput +} + +func (GroupRoleManagementPolicyState) ElementType() reflect.Type { + return reflect.TypeOf((*groupRoleManagementPolicyState)(nil)).Elem() +} + +type groupRoleManagementPolicyArgs struct { + // An `activationRules` block as defined below. + ActivationRules *GroupRoleManagementPolicyActivationRules `pulumi:"activationRules"` + // An `activeAssignmentRules` block as defined below. + ActiveAssignmentRules *GroupRoleManagementPolicyActiveAssignmentRules `pulumi:"activeAssignmentRules"` + // An `eligibleAssignmentRules` block as defined below. + EligibleAssignmentRules *GroupRoleManagementPolicyEligibleAssignmentRules `pulumi:"eligibleAssignmentRules"` + // The ID of the Azure AD group for which the policy applies. + GroupId string `pulumi:"groupId"` + // A `notificationRules` block as defined below. + NotificationRules *GroupRoleManagementPolicyNotificationRules `pulumi:"notificationRules"` + // The type of assignment this policy coveres. Can be either `member` or `owner`. + RoleId string `pulumi:"roleId"` +} + +// The set of arguments for constructing a GroupRoleManagementPolicy resource. +type GroupRoleManagementPolicyArgs struct { + // An `activationRules` block as defined below. + ActivationRules GroupRoleManagementPolicyActivationRulesPtrInput + // An `activeAssignmentRules` block as defined below. + ActiveAssignmentRules GroupRoleManagementPolicyActiveAssignmentRulesPtrInput + // An `eligibleAssignmentRules` block as defined below. + EligibleAssignmentRules GroupRoleManagementPolicyEligibleAssignmentRulesPtrInput + // The ID of the Azure AD group for which the policy applies. + GroupId pulumi.StringInput + // A `notificationRules` block as defined below. + NotificationRules GroupRoleManagementPolicyNotificationRulesPtrInput + // The type of assignment this policy coveres. Can be either `member` or `owner`. + RoleId pulumi.StringInput +} + +func (GroupRoleManagementPolicyArgs) ElementType() reflect.Type { + return reflect.TypeOf((*groupRoleManagementPolicyArgs)(nil)).Elem() +} + +type GroupRoleManagementPolicyInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyOutput() GroupRoleManagementPolicyOutput + ToGroupRoleManagementPolicyOutputWithContext(ctx context.Context) GroupRoleManagementPolicyOutput +} + +func (*GroupRoleManagementPolicy) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicy)(nil)).Elem() +} + +func (i *GroupRoleManagementPolicy) ToGroupRoleManagementPolicyOutput() GroupRoleManagementPolicyOutput { + return i.ToGroupRoleManagementPolicyOutputWithContext(context.Background()) +} + +func (i *GroupRoleManagementPolicy) ToGroupRoleManagementPolicyOutputWithContext(ctx context.Context) GroupRoleManagementPolicyOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyOutput) +} + +// GroupRoleManagementPolicyArrayInput is an input type that accepts GroupRoleManagementPolicyArray and GroupRoleManagementPolicyArrayOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyArrayInput` via: +// +// GroupRoleManagementPolicyArray{ GroupRoleManagementPolicyArgs{...} } +type GroupRoleManagementPolicyArrayInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyArrayOutput() GroupRoleManagementPolicyArrayOutput + ToGroupRoleManagementPolicyArrayOutputWithContext(context.Context) GroupRoleManagementPolicyArrayOutput +} + +type GroupRoleManagementPolicyArray []GroupRoleManagementPolicyInput + +func (GroupRoleManagementPolicyArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*GroupRoleManagementPolicy)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyArray) ToGroupRoleManagementPolicyArrayOutput() GroupRoleManagementPolicyArrayOutput { + return i.ToGroupRoleManagementPolicyArrayOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyArray) ToGroupRoleManagementPolicyArrayOutputWithContext(ctx context.Context) GroupRoleManagementPolicyArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyArrayOutput) +} + +// GroupRoleManagementPolicyMapInput is an input type that accepts GroupRoleManagementPolicyMap and GroupRoleManagementPolicyMapOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyMapInput` via: +// +// GroupRoleManagementPolicyMap{ "key": GroupRoleManagementPolicyArgs{...} } +type GroupRoleManagementPolicyMapInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyMapOutput() GroupRoleManagementPolicyMapOutput + ToGroupRoleManagementPolicyMapOutputWithContext(context.Context) GroupRoleManagementPolicyMapOutput +} + +type GroupRoleManagementPolicyMap map[string]GroupRoleManagementPolicyInput + +func (GroupRoleManagementPolicyMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*GroupRoleManagementPolicy)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyMap) ToGroupRoleManagementPolicyMapOutput() GroupRoleManagementPolicyMapOutput { + return i.ToGroupRoleManagementPolicyMapOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyMap) ToGroupRoleManagementPolicyMapOutputWithContext(ctx context.Context) GroupRoleManagementPolicyMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyMapOutput) +} + +type GroupRoleManagementPolicyOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicy)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyOutput) ToGroupRoleManagementPolicyOutput() GroupRoleManagementPolicyOutput { + return o +} + +func (o GroupRoleManagementPolicyOutput) ToGroupRoleManagementPolicyOutputWithContext(ctx context.Context) GroupRoleManagementPolicyOutput { + return o +} + +// An `activationRules` block as defined below. +func (o GroupRoleManagementPolicyOutput) ActivationRules() GroupRoleManagementPolicyActivationRulesOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicy) GroupRoleManagementPolicyActivationRulesOutput { + return v.ActivationRules + }).(GroupRoleManagementPolicyActivationRulesOutput) +} + +// An `activeAssignmentRules` block as defined below. +func (o GroupRoleManagementPolicyOutput) ActiveAssignmentRules() GroupRoleManagementPolicyActiveAssignmentRulesOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicy) GroupRoleManagementPolicyActiveAssignmentRulesOutput { + return v.ActiveAssignmentRules + }).(GroupRoleManagementPolicyActiveAssignmentRulesOutput) +} + +// (String) The description of this policy. +func (o GroupRoleManagementPolicyOutput) Description() pulumi.StringOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicy) pulumi.StringOutput { return v.Description }).(pulumi.StringOutput) +} + +// (String) The display name of this policy. +func (o GroupRoleManagementPolicyOutput) DisplayName() pulumi.StringOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicy) pulumi.StringOutput { return v.DisplayName }).(pulumi.StringOutput) +} + +// An `eligibleAssignmentRules` block as defined below. +func (o GroupRoleManagementPolicyOutput) EligibleAssignmentRules() GroupRoleManagementPolicyEligibleAssignmentRulesOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicy) GroupRoleManagementPolicyEligibleAssignmentRulesOutput { + return v.EligibleAssignmentRules + }).(GroupRoleManagementPolicyEligibleAssignmentRulesOutput) +} + +// The ID of the Azure AD group for which the policy applies. +func (o GroupRoleManagementPolicyOutput) GroupId() pulumi.StringOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicy) pulumi.StringOutput { return v.GroupId }).(pulumi.StringOutput) +} + +// A `notificationRules` block as defined below. +func (o GroupRoleManagementPolicyOutput) NotificationRules() GroupRoleManagementPolicyNotificationRulesOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicy) GroupRoleManagementPolicyNotificationRulesOutput { + return v.NotificationRules + }).(GroupRoleManagementPolicyNotificationRulesOutput) +} + +// The type of assignment this policy coveres. Can be either `member` or `owner`. +func (o GroupRoleManagementPolicyOutput) RoleId() pulumi.StringOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicy) pulumi.StringOutput { return v.RoleId }).(pulumi.StringOutput) +} + +type GroupRoleManagementPolicyArrayOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*GroupRoleManagementPolicy)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyArrayOutput) ToGroupRoleManagementPolicyArrayOutput() GroupRoleManagementPolicyArrayOutput { + return o +} + +func (o GroupRoleManagementPolicyArrayOutput) ToGroupRoleManagementPolicyArrayOutputWithContext(ctx context.Context) GroupRoleManagementPolicyArrayOutput { + return o +} + +func (o GroupRoleManagementPolicyArrayOutput) Index(i pulumi.IntInput) GroupRoleManagementPolicyOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *GroupRoleManagementPolicy { + return vs[0].([]*GroupRoleManagementPolicy)[vs[1].(int)] + }).(GroupRoleManagementPolicyOutput) +} + +type GroupRoleManagementPolicyMapOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*GroupRoleManagementPolicy)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyMapOutput) ToGroupRoleManagementPolicyMapOutput() GroupRoleManagementPolicyMapOutput { + return o +} + +func (o GroupRoleManagementPolicyMapOutput) ToGroupRoleManagementPolicyMapOutputWithContext(ctx context.Context) GroupRoleManagementPolicyMapOutput { + return o +} + +func (o GroupRoleManagementPolicyMapOutput) MapIndex(k pulumi.StringInput) GroupRoleManagementPolicyOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *GroupRoleManagementPolicy { + return vs[0].(map[string]*GroupRoleManagementPolicy)[vs[1].(string)] + }).(GroupRoleManagementPolicyOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyInput)(nil)).Elem(), &GroupRoleManagementPolicy{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyArrayInput)(nil)).Elem(), GroupRoleManagementPolicyArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyMapInput)(nil)).Elem(), GroupRoleManagementPolicyMap{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyArrayOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyMapOutput{}) +} diff --git a/sdk/go/azuread/init.go b/sdk/go/azuread/init.go index 99898a649..233ed0843 100644 --- a/sdk/go/azuread/init.go +++ b/sdk/go/azuread/init.go @@ -93,10 +93,16 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &Group{} case "azuread:index/groupMember:GroupMember": r = &GroupMember{} + case "azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy": + r = &GroupRoleManagementPolicy{} case "azuread:index/invitation:Invitation": r = &Invitation{} case "azuread:index/namedLocation:NamedLocation": r = &NamedLocation{} + case "azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule": + r = &PrivilegedAccessGroupAssignmentSchedule{} + case "azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule": + r = &PrivilegedAccessGroupEligibilitySchedule{} case "azuread:index/servicePrincipal:ServicePrincipal": r = &ServicePrincipal{} case "azuread:index/servicePrincipalCertificate:ServicePrincipalCertificate": @@ -111,6 +117,8 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &ServicePrincipalTokenSigningCertificate{} case "azuread:index/synchronizationJob:SynchronizationJob": r = &SynchronizationJob{} + case "azuread:index/synchronizationJobProvisionOnDemand:SynchronizationJobProvisionOnDemand": + r = &SynchronizationJobProvisionOnDemand{} case "azuread:index/synchronizationSecret:SynchronizationSecret": r = &SynchronizationSecret{} case "azuread:index/user:User": @@ -328,6 +336,11 @@ func init() { "index/groupMember", &module{version}, ) + pulumi.RegisterResourceModule( + "azuread", + "index/groupRoleManagementPolicy", + &module{version}, + ) pulumi.RegisterResourceModule( "azuread", "index/invitation", @@ -338,6 +351,16 @@ func init() { "index/namedLocation", &module{version}, ) + pulumi.RegisterResourceModule( + "azuread", + "index/privilegedAccessGroupAssignmentSchedule", + &module{version}, + ) + pulumi.RegisterResourceModule( + "azuread", + "index/privilegedAccessGroupEligibilitySchedule", + &module{version}, + ) pulumi.RegisterResourceModule( "azuread", "index/servicePrincipal", @@ -373,6 +396,11 @@ func init() { "index/synchronizationJob", &module{version}, ) + pulumi.RegisterResourceModule( + "azuread", + "index/synchronizationJobProvisionOnDemand", + &module{version}, + ) pulumi.RegisterResourceModule( "azuread", "index/synchronizationSecret", diff --git a/sdk/go/azuread/privilegedAccessGroupAssignmentSchedule.go b/sdk/go/azuread/privilegedAccessGroupAssignmentSchedule.go new file mode 100644 index 000000000..748934676 --- /dev/null +++ b/sdk/go/azuread/privilegedAccessGroupAssignmentSchedule.go @@ -0,0 +1,445 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package azuread + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Manages an active assignment to a privileged access group. +// +// ## API Permissions +// +// The following API permissions are required in order to use this resource. +// +// When authenticated with a service principal, this resource requires the `PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup` Microsoft Graph API permissions. +// +// When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. +// +// ## Example Usage +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := azuread.NewGroup(ctx, "example", &azuread.GroupArgs{ +// DisplayName: pulumi.String("group-name"), +// SecurityEnabled: pulumi.Bool(true), +// }) +// if err != nil { +// return err +// } +// member, err := azuread.NewUser(ctx, "member", &azuread.UserArgs{ +// UserPrincipalName: pulumi.String("jdoe@example.com"), +// DisplayName: pulumi.String("J. Doe"), +// MailNickname: pulumi.String("jdoe"), +// Password: pulumi.String("SecretP@sswd99!"), +// }) +// if err != nil { +// return err +// } +// _, err = azuread.NewPrivilegedAccessGroupAssignmentSchedule(ctx, "example", &azuread.PrivilegedAccessGroupAssignmentScheduleArgs{ +// GroupId: pulumi.Any(pim.Id), +// PrincipalId: member.ID(), +// AssignmentType: pulumi.String("member"), +// Duration: pulumi.String("P30D"), +// Justification: pulumi.String("as requested"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// An assignment schedule can be imported using the schedule ID, e.g. +// +// ```sh +// $ pulumi import azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000 +// ``` +type PrivilegedAccessGroupAssignmentSchedule struct { + pulumi.CustomResourceState + + // The type of assignment to the group. Can be either `member` or `owner`. + AssignmentType pulumi.StringOutput `pulumi:"assignmentType"` + // The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + Duration pulumi.StringPtrOutput `pulumi:"duration"` + // The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + ExpirationDate pulumi.StringOutput `pulumi:"expirationDate"` + // The Object ID of the Azure AD group to which the principal will be assigned. + GroupId pulumi.StringOutput `pulumi:"groupId"` + // The justification for this assignment. May be required by the role policy. + Justification pulumi.StringPtrOutput `pulumi:"justification"` + // Is this assigment permanently valid. + // + // At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + PermanentAssignment pulumi.BoolOutput `pulumi:"permanentAssignment"` + // The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + PrincipalId pulumi.StringOutput `pulumi:"principalId"` + // The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + StartDate pulumi.StringOutput `pulumi:"startDate"` + // (String) The provisioning status of this request. + Status pulumi.StringOutput `pulumi:"status"` + // The ticket number in the ticket system approving this assignment. May be required by the role policy. + TicketNumber pulumi.StringPtrOutput `pulumi:"ticketNumber"` + // The ticket system containing the ticket number approving this assignment. May be required by the role policy. + TicketSystem pulumi.StringPtrOutput `pulumi:"ticketSystem"` +} + +// NewPrivilegedAccessGroupAssignmentSchedule registers a new resource with the given unique name, arguments, and options. +func NewPrivilegedAccessGroupAssignmentSchedule(ctx *pulumi.Context, + name string, args *PrivilegedAccessGroupAssignmentScheduleArgs, opts ...pulumi.ResourceOption) (*PrivilegedAccessGroupAssignmentSchedule, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.AssignmentType == nil { + return nil, errors.New("invalid value for required argument 'AssignmentType'") + } + if args.GroupId == nil { + return nil, errors.New("invalid value for required argument 'GroupId'") + } + if args.PrincipalId == nil { + return nil, errors.New("invalid value for required argument 'PrincipalId'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource PrivilegedAccessGroupAssignmentSchedule + err := ctx.RegisterResource("azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetPrivilegedAccessGroupAssignmentSchedule gets an existing PrivilegedAccessGroupAssignmentSchedule resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetPrivilegedAccessGroupAssignmentSchedule(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *PrivilegedAccessGroupAssignmentScheduleState, opts ...pulumi.ResourceOption) (*PrivilegedAccessGroupAssignmentSchedule, error) { + var resource PrivilegedAccessGroupAssignmentSchedule + err := ctx.ReadResource("azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering PrivilegedAccessGroupAssignmentSchedule resources. +type privilegedAccessGroupAssignmentScheduleState struct { + // The type of assignment to the group. Can be either `member` or `owner`. + AssignmentType *string `pulumi:"assignmentType"` + // The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + Duration *string `pulumi:"duration"` + // The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + ExpirationDate *string `pulumi:"expirationDate"` + // The Object ID of the Azure AD group to which the principal will be assigned. + GroupId *string `pulumi:"groupId"` + // The justification for this assignment. May be required by the role policy. + Justification *string `pulumi:"justification"` + // Is this assigment permanently valid. + // + // At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + PermanentAssignment *bool `pulumi:"permanentAssignment"` + // The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + PrincipalId *string `pulumi:"principalId"` + // The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + StartDate *string `pulumi:"startDate"` + // (String) The provisioning status of this request. + Status *string `pulumi:"status"` + // The ticket number in the ticket system approving this assignment. May be required by the role policy. + TicketNumber *string `pulumi:"ticketNumber"` + // The ticket system containing the ticket number approving this assignment. May be required by the role policy. + TicketSystem *string `pulumi:"ticketSystem"` +} + +type PrivilegedAccessGroupAssignmentScheduleState struct { + // The type of assignment to the group. Can be either `member` or `owner`. + AssignmentType pulumi.StringPtrInput + // The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + Duration pulumi.StringPtrInput + // The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + ExpirationDate pulumi.StringPtrInput + // The Object ID of the Azure AD group to which the principal will be assigned. + GroupId pulumi.StringPtrInput + // The justification for this assignment. May be required by the role policy. + Justification pulumi.StringPtrInput + // Is this assigment permanently valid. + // + // At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + PermanentAssignment pulumi.BoolPtrInput + // The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + PrincipalId pulumi.StringPtrInput + // The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + StartDate pulumi.StringPtrInput + // (String) The provisioning status of this request. + Status pulumi.StringPtrInput + // The ticket number in the ticket system approving this assignment. May be required by the role policy. + TicketNumber pulumi.StringPtrInput + // The ticket system containing the ticket number approving this assignment. May be required by the role policy. + TicketSystem pulumi.StringPtrInput +} + +func (PrivilegedAccessGroupAssignmentScheduleState) ElementType() reflect.Type { + return reflect.TypeOf((*privilegedAccessGroupAssignmentScheduleState)(nil)).Elem() +} + +type privilegedAccessGroupAssignmentScheduleArgs struct { + // The type of assignment to the group. Can be either `member` or `owner`. + AssignmentType string `pulumi:"assignmentType"` + // The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + Duration *string `pulumi:"duration"` + // The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + ExpirationDate *string `pulumi:"expirationDate"` + // The Object ID of the Azure AD group to which the principal will be assigned. + GroupId string `pulumi:"groupId"` + // The justification for this assignment. May be required by the role policy. + Justification *string `pulumi:"justification"` + // Is this assigment permanently valid. + // + // At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + PermanentAssignment *bool `pulumi:"permanentAssignment"` + // The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + PrincipalId string `pulumi:"principalId"` + // The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + StartDate *string `pulumi:"startDate"` + // The ticket number in the ticket system approving this assignment. May be required by the role policy. + TicketNumber *string `pulumi:"ticketNumber"` + // The ticket system containing the ticket number approving this assignment. May be required by the role policy. + TicketSystem *string `pulumi:"ticketSystem"` +} + +// The set of arguments for constructing a PrivilegedAccessGroupAssignmentSchedule resource. +type PrivilegedAccessGroupAssignmentScheduleArgs struct { + // The type of assignment to the group. Can be either `member` or `owner`. + AssignmentType pulumi.StringInput + // The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + Duration pulumi.StringPtrInput + // The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + ExpirationDate pulumi.StringPtrInput + // The Object ID of the Azure AD group to which the principal will be assigned. + GroupId pulumi.StringInput + // The justification for this assignment. May be required by the role policy. + Justification pulumi.StringPtrInput + // Is this assigment permanently valid. + // + // At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + PermanentAssignment pulumi.BoolPtrInput + // The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + PrincipalId pulumi.StringInput + // The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + StartDate pulumi.StringPtrInput + // The ticket number in the ticket system approving this assignment. May be required by the role policy. + TicketNumber pulumi.StringPtrInput + // The ticket system containing the ticket number approving this assignment. May be required by the role policy. + TicketSystem pulumi.StringPtrInput +} + +func (PrivilegedAccessGroupAssignmentScheduleArgs) ElementType() reflect.Type { + return reflect.TypeOf((*privilegedAccessGroupAssignmentScheduleArgs)(nil)).Elem() +} + +type PrivilegedAccessGroupAssignmentScheduleInput interface { + pulumi.Input + + ToPrivilegedAccessGroupAssignmentScheduleOutput() PrivilegedAccessGroupAssignmentScheduleOutput + ToPrivilegedAccessGroupAssignmentScheduleOutputWithContext(ctx context.Context) PrivilegedAccessGroupAssignmentScheduleOutput +} + +func (*PrivilegedAccessGroupAssignmentSchedule) ElementType() reflect.Type { + return reflect.TypeOf((**PrivilegedAccessGroupAssignmentSchedule)(nil)).Elem() +} + +func (i *PrivilegedAccessGroupAssignmentSchedule) ToPrivilegedAccessGroupAssignmentScheduleOutput() PrivilegedAccessGroupAssignmentScheduleOutput { + return i.ToPrivilegedAccessGroupAssignmentScheduleOutputWithContext(context.Background()) +} + +func (i *PrivilegedAccessGroupAssignmentSchedule) ToPrivilegedAccessGroupAssignmentScheduleOutputWithContext(ctx context.Context) PrivilegedAccessGroupAssignmentScheduleOutput { + return pulumi.ToOutputWithContext(ctx, i).(PrivilegedAccessGroupAssignmentScheduleOutput) +} + +// PrivilegedAccessGroupAssignmentScheduleArrayInput is an input type that accepts PrivilegedAccessGroupAssignmentScheduleArray and PrivilegedAccessGroupAssignmentScheduleArrayOutput values. +// You can construct a concrete instance of `PrivilegedAccessGroupAssignmentScheduleArrayInput` via: +// +// PrivilegedAccessGroupAssignmentScheduleArray{ PrivilegedAccessGroupAssignmentScheduleArgs{...} } +type PrivilegedAccessGroupAssignmentScheduleArrayInput interface { + pulumi.Input + + ToPrivilegedAccessGroupAssignmentScheduleArrayOutput() PrivilegedAccessGroupAssignmentScheduleArrayOutput + ToPrivilegedAccessGroupAssignmentScheduleArrayOutputWithContext(context.Context) PrivilegedAccessGroupAssignmentScheduleArrayOutput +} + +type PrivilegedAccessGroupAssignmentScheduleArray []PrivilegedAccessGroupAssignmentScheduleInput + +func (PrivilegedAccessGroupAssignmentScheduleArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*PrivilegedAccessGroupAssignmentSchedule)(nil)).Elem() +} + +func (i PrivilegedAccessGroupAssignmentScheduleArray) ToPrivilegedAccessGroupAssignmentScheduleArrayOutput() PrivilegedAccessGroupAssignmentScheduleArrayOutput { + return i.ToPrivilegedAccessGroupAssignmentScheduleArrayOutputWithContext(context.Background()) +} + +func (i PrivilegedAccessGroupAssignmentScheduleArray) ToPrivilegedAccessGroupAssignmentScheduleArrayOutputWithContext(ctx context.Context) PrivilegedAccessGroupAssignmentScheduleArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(PrivilegedAccessGroupAssignmentScheduleArrayOutput) +} + +// PrivilegedAccessGroupAssignmentScheduleMapInput is an input type that accepts PrivilegedAccessGroupAssignmentScheduleMap and PrivilegedAccessGroupAssignmentScheduleMapOutput values. +// You can construct a concrete instance of `PrivilegedAccessGroupAssignmentScheduleMapInput` via: +// +// PrivilegedAccessGroupAssignmentScheduleMap{ "key": PrivilegedAccessGroupAssignmentScheduleArgs{...} } +type PrivilegedAccessGroupAssignmentScheduleMapInput interface { + pulumi.Input + + ToPrivilegedAccessGroupAssignmentScheduleMapOutput() PrivilegedAccessGroupAssignmentScheduleMapOutput + ToPrivilegedAccessGroupAssignmentScheduleMapOutputWithContext(context.Context) PrivilegedAccessGroupAssignmentScheduleMapOutput +} + +type PrivilegedAccessGroupAssignmentScheduleMap map[string]PrivilegedAccessGroupAssignmentScheduleInput + +func (PrivilegedAccessGroupAssignmentScheduleMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*PrivilegedAccessGroupAssignmentSchedule)(nil)).Elem() +} + +func (i PrivilegedAccessGroupAssignmentScheduleMap) ToPrivilegedAccessGroupAssignmentScheduleMapOutput() PrivilegedAccessGroupAssignmentScheduleMapOutput { + return i.ToPrivilegedAccessGroupAssignmentScheduleMapOutputWithContext(context.Background()) +} + +func (i PrivilegedAccessGroupAssignmentScheduleMap) ToPrivilegedAccessGroupAssignmentScheduleMapOutputWithContext(ctx context.Context) PrivilegedAccessGroupAssignmentScheduleMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(PrivilegedAccessGroupAssignmentScheduleMapOutput) +} + +type PrivilegedAccessGroupAssignmentScheduleOutput struct{ *pulumi.OutputState } + +func (PrivilegedAccessGroupAssignmentScheduleOutput) ElementType() reflect.Type { + return reflect.TypeOf((**PrivilegedAccessGroupAssignmentSchedule)(nil)).Elem() +} + +func (o PrivilegedAccessGroupAssignmentScheduleOutput) ToPrivilegedAccessGroupAssignmentScheduleOutput() PrivilegedAccessGroupAssignmentScheduleOutput { + return o +} + +func (o PrivilegedAccessGroupAssignmentScheduleOutput) ToPrivilegedAccessGroupAssignmentScheduleOutputWithContext(ctx context.Context) PrivilegedAccessGroupAssignmentScheduleOutput { + return o +} + +// The type of assignment to the group. Can be either `member` or `owner`. +func (o PrivilegedAccessGroupAssignmentScheduleOutput) AssignmentType() pulumi.StringOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupAssignmentSchedule) pulumi.StringOutput { return v.AssignmentType }).(pulumi.StringOutput) +} + +// The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). +func (o PrivilegedAccessGroupAssignmentScheduleOutput) Duration() pulumi.StringPtrOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupAssignmentSchedule) pulumi.StringPtrOutput { return v.Duration }).(pulumi.StringPtrOutput) +} + +// The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). +func (o PrivilegedAccessGroupAssignmentScheduleOutput) ExpirationDate() pulumi.StringOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupAssignmentSchedule) pulumi.StringOutput { return v.ExpirationDate }).(pulumi.StringOutput) +} + +// The Object ID of the Azure AD group to which the principal will be assigned. +func (o PrivilegedAccessGroupAssignmentScheduleOutput) GroupId() pulumi.StringOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupAssignmentSchedule) pulumi.StringOutput { return v.GroupId }).(pulumi.StringOutput) +} + +// The justification for this assignment. May be required by the role policy. +func (o PrivilegedAccessGroupAssignmentScheduleOutput) Justification() pulumi.StringPtrOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupAssignmentSchedule) pulumi.StringPtrOutput { return v.Justification }).(pulumi.StringPtrOutput) +} + +// Is this assigment permanently valid. +// +// At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. +func (o PrivilegedAccessGroupAssignmentScheduleOutput) PermanentAssignment() pulumi.BoolOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupAssignmentSchedule) pulumi.BoolOutput { return v.PermanentAssignment }).(pulumi.BoolOutput) +} + +// The Object ID of the principal to be assigned to the above group. Can be either a user or a group. +func (o PrivilegedAccessGroupAssignmentScheduleOutput) PrincipalId() pulumi.StringOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupAssignmentSchedule) pulumi.StringOutput { return v.PrincipalId }).(pulumi.StringOutput) +} + +// The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. +func (o PrivilegedAccessGroupAssignmentScheduleOutput) StartDate() pulumi.StringOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupAssignmentSchedule) pulumi.StringOutput { return v.StartDate }).(pulumi.StringOutput) +} + +// (String) The provisioning status of this request. +func (o PrivilegedAccessGroupAssignmentScheduleOutput) Status() pulumi.StringOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupAssignmentSchedule) pulumi.StringOutput { return v.Status }).(pulumi.StringOutput) +} + +// The ticket number in the ticket system approving this assignment. May be required by the role policy. +func (o PrivilegedAccessGroupAssignmentScheduleOutput) TicketNumber() pulumi.StringPtrOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupAssignmentSchedule) pulumi.StringPtrOutput { return v.TicketNumber }).(pulumi.StringPtrOutput) +} + +// The ticket system containing the ticket number approving this assignment. May be required by the role policy. +func (o PrivilegedAccessGroupAssignmentScheduleOutput) TicketSystem() pulumi.StringPtrOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupAssignmentSchedule) pulumi.StringPtrOutput { return v.TicketSystem }).(pulumi.StringPtrOutput) +} + +type PrivilegedAccessGroupAssignmentScheduleArrayOutput struct{ *pulumi.OutputState } + +func (PrivilegedAccessGroupAssignmentScheduleArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*PrivilegedAccessGroupAssignmentSchedule)(nil)).Elem() +} + +func (o PrivilegedAccessGroupAssignmentScheduleArrayOutput) ToPrivilegedAccessGroupAssignmentScheduleArrayOutput() PrivilegedAccessGroupAssignmentScheduleArrayOutput { + return o +} + +func (o PrivilegedAccessGroupAssignmentScheduleArrayOutput) ToPrivilegedAccessGroupAssignmentScheduleArrayOutputWithContext(ctx context.Context) PrivilegedAccessGroupAssignmentScheduleArrayOutput { + return o +} + +func (o PrivilegedAccessGroupAssignmentScheduleArrayOutput) Index(i pulumi.IntInput) PrivilegedAccessGroupAssignmentScheduleOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *PrivilegedAccessGroupAssignmentSchedule { + return vs[0].([]*PrivilegedAccessGroupAssignmentSchedule)[vs[1].(int)] + }).(PrivilegedAccessGroupAssignmentScheduleOutput) +} + +type PrivilegedAccessGroupAssignmentScheduleMapOutput struct{ *pulumi.OutputState } + +func (PrivilegedAccessGroupAssignmentScheduleMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*PrivilegedAccessGroupAssignmentSchedule)(nil)).Elem() +} + +func (o PrivilegedAccessGroupAssignmentScheduleMapOutput) ToPrivilegedAccessGroupAssignmentScheduleMapOutput() PrivilegedAccessGroupAssignmentScheduleMapOutput { + return o +} + +func (o PrivilegedAccessGroupAssignmentScheduleMapOutput) ToPrivilegedAccessGroupAssignmentScheduleMapOutputWithContext(ctx context.Context) PrivilegedAccessGroupAssignmentScheduleMapOutput { + return o +} + +func (o PrivilegedAccessGroupAssignmentScheduleMapOutput) MapIndex(k pulumi.StringInput) PrivilegedAccessGroupAssignmentScheduleOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *PrivilegedAccessGroupAssignmentSchedule { + return vs[0].(map[string]*PrivilegedAccessGroupAssignmentSchedule)[vs[1].(string)] + }).(PrivilegedAccessGroupAssignmentScheduleOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*PrivilegedAccessGroupAssignmentScheduleInput)(nil)).Elem(), &PrivilegedAccessGroupAssignmentSchedule{}) + pulumi.RegisterInputType(reflect.TypeOf((*PrivilegedAccessGroupAssignmentScheduleArrayInput)(nil)).Elem(), PrivilegedAccessGroupAssignmentScheduleArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*PrivilegedAccessGroupAssignmentScheduleMapInput)(nil)).Elem(), PrivilegedAccessGroupAssignmentScheduleMap{}) + pulumi.RegisterOutputType(PrivilegedAccessGroupAssignmentScheduleOutput{}) + pulumi.RegisterOutputType(PrivilegedAccessGroupAssignmentScheduleArrayOutput{}) + pulumi.RegisterOutputType(PrivilegedAccessGroupAssignmentScheduleMapOutput{}) +} diff --git a/sdk/go/azuread/privilegedAccessGroupEligibilitySchedule.go b/sdk/go/azuread/privilegedAccessGroupEligibilitySchedule.go new file mode 100644 index 000000000..eb1ae71a8 --- /dev/null +++ b/sdk/go/azuread/privilegedAccessGroupEligibilitySchedule.go @@ -0,0 +1,445 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package azuread + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Manages an eligible assignment to a privileged access group. +// +// ## API Permissions +// +// The following API permissions are required in order to use this resource. +// +// When authenticated with a service principal, this resource requires the `PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup` Microsoft Graph API permissions. +// +// When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. +// +// ## Example Usage +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := azuread.NewGroup(ctx, "example", &azuread.GroupArgs{ +// DisplayName: pulumi.String("group-name"), +// SecurityEnabled: pulumi.Bool(true), +// }) +// if err != nil { +// return err +// } +// member, err := azuread.NewUser(ctx, "member", &azuread.UserArgs{ +// UserPrincipalName: pulumi.String("jdoe@example.com"), +// DisplayName: pulumi.String("J. Doe"), +// MailNickname: pulumi.String("jdoe"), +// Password: pulumi.String("SecretP@sswd99!"), +// }) +// if err != nil { +// return err +// } +// _, err = azuread.NewPrivilegedAccessGroupEligibilitySchedule(ctx, "example", &azuread.PrivilegedAccessGroupEligibilityScheduleArgs{ +// GroupId: pulumi.Any(pim.Id), +// PrincipalId: member.ID(), +// AssignmentType: pulumi.String("member"), +// Duration: pulumi.String("P30D"), +// Justification: pulumi.String("as requested"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// An assignment schedule can be imported using the schedule ID, e.g. +// +// ```sh +// $ pulumi import azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000 +// ``` +type PrivilegedAccessGroupEligibilitySchedule struct { + pulumi.CustomResourceState + + // The type of assignment to the group. Can be either `member` or `owner`. + AssignmentType pulumi.StringOutput `pulumi:"assignmentType"` + // The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + Duration pulumi.StringPtrOutput `pulumi:"duration"` + // The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + ExpirationDate pulumi.StringOutput `pulumi:"expirationDate"` + // The Object ID of the Azure AD group to which the principal will be assigned. + GroupId pulumi.StringOutput `pulumi:"groupId"` + // The justification for this assignment. May be required by the role policy. + Justification pulumi.StringPtrOutput `pulumi:"justification"` + // Is this assigment permanently valid. + // + // At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + PermanentAssignment pulumi.BoolOutput `pulumi:"permanentAssignment"` + // The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + PrincipalId pulumi.StringOutput `pulumi:"principalId"` + // The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + StartDate pulumi.StringOutput `pulumi:"startDate"` + // (String) The provisioning status of this request. + Status pulumi.StringOutput `pulumi:"status"` + // The ticket number in the ticket system approving this assignment. May be required by the role policy. + TicketNumber pulumi.StringPtrOutput `pulumi:"ticketNumber"` + // The ticket system containing the ticket number approving this assignment. May be required by the role policy. + TicketSystem pulumi.StringPtrOutput `pulumi:"ticketSystem"` +} + +// NewPrivilegedAccessGroupEligibilitySchedule registers a new resource with the given unique name, arguments, and options. +func NewPrivilegedAccessGroupEligibilitySchedule(ctx *pulumi.Context, + name string, args *PrivilegedAccessGroupEligibilityScheduleArgs, opts ...pulumi.ResourceOption) (*PrivilegedAccessGroupEligibilitySchedule, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.AssignmentType == nil { + return nil, errors.New("invalid value for required argument 'AssignmentType'") + } + if args.GroupId == nil { + return nil, errors.New("invalid value for required argument 'GroupId'") + } + if args.PrincipalId == nil { + return nil, errors.New("invalid value for required argument 'PrincipalId'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource PrivilegedAccessGroupEligibilitySchedule + err := ctx.RegisterResource("azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetPrivilegedAccessGroupEligibilitySchedule gets an existing PrivilegedAccessGroupEligibilitySchedule resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetPrivilegedAccessGroupEligibilitySchedule(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *PrivilegedAccessGroupEligibilityScheduleState, opts ...pulumi.ResourceOption) (*PrivilegedAccessGroupEligibilitySchedule, error) { + var resource PrivilegedAccessGroupEligibilitySchedule + err := ctx.ReadResource("azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering PrivilegedAccessGroupEligibilitySchedule resources. +type privilegedAccessGroupEligibilityScheduleState struct { + // The type of assignment to the group. Can be either `member` or `owner`. + AssignmentType *string `pulumi:"assignmentType"` + // The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + Duration *string `pulumi:"duration"` + // The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + ExpirationDate *string `pulumi:"expirationDate"` + // The Object ID of the Azure AD group to which the principal will be assigned. + GroupId *string `pulumi:"groupId"` + // The justification for this assignment. May be required by the role policy. + Justification *string `pulumi:"justification"` + // Is this assigment permanently valid. + // + // At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + PermanentAssignment *bool `pulumi:"permanentAssignment"` + // The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + PrincipalId *string `pulumi:"principalId"` + // The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + StartDate *string `pulumi:"startDate"` + // (String) The provisioning status of this request. + Status *string `pulumi:"status"` + // The ticket number in the ticket system approving this assignment. May be required by the role policy. + TicketNumber *string `pulumi:"ticketNumber"` + // The ticket system containing the ticket number approving this assignment. May be required by the role policy. + TicketSystem *string `pulumi:"ticketSystem"` +} + +type PrivilegedAccessGroupEligibilityScheduleState struct { + // The type of assignment to the group. Can be either `member` or `owner`. + AssignmentType pulumi.StringPtrInput + // The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + Duration pulumi.StringPtrInput + // The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + ExpirationDate pulumi.StringPtrInput + // The Object ID of the Azure AD group to which the principal will be assigned. + GroupId pulumi.StringPtrInput + // The justification for this assignment. May be required by the role policy. + Justification pulumi.StringPtrInput + // Is this assigment permanently valid. + // + // At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + PermanentAssignment pulumi.BoolPtrInput + // The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + PrincipalId pulumi.StringPtrInput + // The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + StartDate pulumi.StringPtrInput + // (String) The provisioning status of this request. + Status pulumi.StringPtrInput + // The ticket number in the ticket system approving this assignment. May be required by the role policy. + TicketNumber pulumi.StringPtrInput + // The ticket system containing the ticket number approving this assignment. May be required by the role policy. + TicketSystem pulumi.StringPtrInput +} + +func (PrivilegedAccessGroupEligibilityScheduleState) ElementType() reflect.Type { + return reflect.TypeOf((*privilegedAccessGroupEligibilityScheduleState)(nil)).Elem() +} + +type privilegedAccessGroupEligibilityScheduleArgs struct { + // The type of assignment to the group. Can be either `member` or `owner`. + AssignmentType string `pulumi:"assignmentType"` + // The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + Duration *string `pulumi:"duration"` + // The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + ExpirationDate *string `pulumi:"expirationDate"` + // The Object ID of the Azure AD group to which the principal will be assigned. + GroupId string `pulumi:"groupId"` + // The justification for this assignment. May be required by the role policy. + Justification *string `pulumi:"justification"` + // Is this assigment permanently valid. + // + // At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + PermanentAssignment *bool `pulumi:"permanentAssignment"` + // The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + PrincipalId string `pulumi:"principalId"` + // The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + StartDate *string `pulumi:"startDate"` + // The ticket number in the ticket system approving this assignment. May be required by the role policy. + TicketNumber *string `pulumi:"ticketNumber"` + // The ticket system containing the ticket number approving this assignment. May be required by the role policy. + TicketSystem *string `pulumi:"ticketSystem"` +} + +// The set of arguments for constructing a PrivilegedAccessGroupEligibilitySchedule resource. +type PrivilegedAccessGroupEligibilityScheduleArgs struct { + // The type of assignment to the group. Can be either `member` or `owner`. + AssignmentType pulumi.StringInput + // The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + Duration pulumi.StringPtrInput + // The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + ExpirationDate pulumi.StringPtrInput + // The Object ID of the Azure AD group to which the principal will be assigned. + GroupId pulumi.StringInput + // The justification for this assignment. May be required by the role policy. + Justification pulumi.StringPtrInput + // Is this assigment permanently valid. + // + // At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + PermanentAssignment pulumi.BoolPtrInput + // The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + PrincipalId pulumi.StringInput + // The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + StartDate pulumi.StringPtrInput + // The ticket number in the ticket system approving this assignment. May be required by the role policy. + TicketNumber pulumi.StringPtrInput + // The ticket system containing the ticket number approving this assignment. May be required by the role policy. + TicketSystem pulumi.StringPtrInput +} + +func (PrivilegedAccessGroupEligibilityScheduleArgs) ElementType() reflect.Type { + return reflect.TypeOf((*privilegedAccessGroupEligibilityScheduleArgs)(nil)).Elem() +} + +type PrivilegedAccessGroupEligibilityScheduleInput interface { + pulumi.Input + + ToPrivilegedAccessGroupEligibilityScheduleOutput() PrivilegedAccessGroupEligibilityScheduleOutput + ToPrivilegedAccessGroupEligibilityScheduleOutputWithContext(ctx context.Context) PrivilegedAccessGroupEligibilityScheduleOutput +} + +func (*PrivilegedAccessGroupEligibilitySchedule) ElementType() reflect.Type { + return reflect.TypeOf((**PrivilegedAccessGroupEligibilitySchedule)(nil)).Elem() +} + +func (i *PrivilegedAccessGroupEligibilitySchedule) ToPrivilegedAccessGroupEligibilityScheduleOutput() PrivilegedAccessGroupEligibilityScheduleOutput { + return i.ToPrivilegedAccessGroupEligibilityScheduleOutputWithContext(context.Background()) +} + +func (i *PrivilegedAccessGroupEligibilitySchedule) ToPrivilegedAccessGroupEligibilityScheduleOutputWithContext(ctx context.Context) PrivilegedAccessGroupEligibilityScheduleOutput { + return pulumi.ToOutputWithContext(ctx, i).(PrivilegedAccessGroupEligibilityScheduleOutput) +} + +// PrivilegedAccessGroupEligibilityScheduleArrayInput is an input type that accepts PrivilegedAccessGroupEligibilityScheduleArray and PrivilegedAccessGroupEligibilityScheduleArrayOutput values. +// You can construct a concrete instance of `PrivilegedAccessGroupEligibilityScheduleArrayInput` via: +// +// PrivilegedAccessGroupEligibilityScheduleArray{ PrivilegedAccessGroupEligibilityScheduleArgs{...} } +type PrivilegedAccessGroupEligibilityScheduleArrayInput interface { + pulumi.Input + + ToPrivilegedAccessGroupEligibilityScheduleArrayOutput() PrivilegedAccessGroupEligibilityScheduleArrayOutput + ToPrivilegedAccessGroupEligibilityScheduleArrayOutputWithContext(context.Context) PrivilegedAccessGroupEligibilityScheduleArrayOutput +} + +type PrivilegedAccessGroupEligibilityScheduleArray []PrivilegedAccessGroupEligibilityScheduleInput + +func (PrivilegedAccessGroupEligibilityScheduleArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*PrivilegedAccessGroupEligibilitySchedule)(nil)).Elem() +} + +func (i PrivilegedAccessGroupEligibilityScheduleArray) ToPrivilegedAccessGroupEligibilityScheduleArrayOutput() PrivilegedAccessGroupEligibilityScheduleArrayOutput { + return i.ToPrivilegedAccessGroupEligibilityScheduleArrayOutputWithContext(context.Background()) +} + +func (i PrivilegedAccessGroupEligibilityScheduleArray) ToPrivilegedAccessGroupEligibilityScheduleArrayOutputWithContext(ctx context.Context) PrivilegedAccessGroupEligibilityScheduleArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(PrivilegedAccessGroupEligibilityScheduleArrayOutput) +} + +// PrivilegedAccessGroupEligibilityScheduleMapInput is an input type that accepts PrivilegedAccessGroupEligibilityScheduleMap and PrivilegedAccessGroupEligibilityScheduleMapOutput values. +// You can construct a concrete instance of `PrivilegedAccessGroupEligibilityScheduleMapInput` via: +// +// PrivilegedAccessGroupEligibilityScheduleMap{ "key": PrivilegedAccessGroupEligibilityScheduleArgs{...} } +type PrivilegedAccessGroupEligibilityScheduleMapInput interface { + pulumi.Input + + ToPrivilegedAccessGroupEligibilityScheduleMapOutput() PrivilegedAccessGroupEligibilityScheduleMapOutput + ToPrivilegedAccessGroupEligibilityScheduleMapOutputWithContext(context.Context) PrivilegedAccessGroupEligibilityScheduleMapOutput +} + +type PrivilegedAccessGroupEligibilityScheduleMap map[string]PrivilegedAccessGroupEligibilityScheduleInput + +func (PrivilegedAccessGroupEligibilityScheduleMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*PrivilegedAccessGroupEligibilitySchedule)(nil)).Elem() +} + +func (i PrivilegedAccessGroupEligibilityScheduleMap) ToPrivilegedAccessGroupEligibilityScheduleMapOutput() PrivilegedAccessGroupEligibilityScheduleMapOutput { + return i.ToPrivilegedAccessGroupEligibilityScheduleMapOutputWithContext(context.Background()) +} + +func (i PrivilegedAccessGroupEligibilityScheduleMap) ToPrivilegedAccessGroupEligibilityScheduleMapOutputWithContext(ctx context.Context) PrivilegedAccessGroupEligibilityScheduleMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(PrivilegedAccessGroupEligibilityScheduleMapOutput) +} + +type PrivilegedAccessGroupEligibilityScheduleOutput struct{ *pulumi.OutputState } + +func (PrivilegedAccessGroupEligibilityScheduleOutput) ElementType() reflect.Type { + return reflect.TypeOf((**PrivilegedAccessGroupEligibilitySchedule)(nil)).Elem() +} + +func (o PrivilegedAccessGroupEligibilityScheduleOutput) ToPrivilegedAccessGroupEligibilityScheduleOutput() PrivilegedAccessGroupEligibilityScheduleOutput { + return o +} + +func (o PrivilegedAccessGroupEligibilityScheduleOutput) ToPrivilegedAccessGroupEligibilityScheduleOutputWithContext(ctx context.Context) PrivilegedAccessGroupEligibilityScheduleOutput { + return o +} + +// The type of assignment to the group. Can be either `member` or `owner`. +func (o PrivilegedAccessGroupEligibilityScheduleOutput) AssignmentType() pulumi.StringOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupEligibilitySchedule) pulumi.StringOutput { return v.AssignmentType }).(pulumi.StringOutput) +} + +// The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). +func (o PrivilegedAccessGroupEligibilityScheduleOutput) Duration() pulumi.StringPtrOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupEligibilitySchedule) pulumi.StringPtrOutput { return v.Duration }).(pulumi.StringPtrOutput) +} + +// The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). +func (o PrivilegedAccessGroupEligibilityScheduleOutput) ExpirationDate() pulumi.StringOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupEligibilitySchedule) pulumi.StringOutput { return v.ExpirationDate }).(pulumi.StringOutput) +} + +// The Object ID of the Azure AD group to which the principal will be assigned. +func (o PrivilegedAccessGroupEligibilityScheduleOutput) GroupId() pulumi.StringOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupEligibilitySchedule) pulumi.StringOutput { return v.GroupId }).(pulumi.StringOutput) +} + +// The justification for this assignment. May be required by the role policy. +func (o PrivilegedAccessGroupEligibilityScheduleOutput) Justification() pulumi.StringPtrOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupEligibilitySchedule) pulumi.StringPtrOutput { return v.Justification }).(pulumi.StringPtrOutput) +} + +// Is this assigment permanently valid. +// +// At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. +func (o PrivilegedAccessGroupEligibilityScheduleOutput) PermanentAssignment() pulumi.BoolOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupEligibilitySchedule) pulumi.BoolOutput { return v.PermanentAssignment }).(pulumi.BoolOutput) +} + +// The Object ID of the principal to be assigned to the above group. Can be either a user or a group. +func (o PrivilegedAccessGroupEligibilityScheduleOutput) PrincipalId() pulumi.StringOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupEligibilitySchedule) pulumi.StringOutput { return v.PrincipalId }).(pulumi.StringOutput) +} + +// The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. +func (o PrivilegedAccessGroupEligibilityScheduleOutput) StartDate() pulumi.StringOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupEligibilitySchedule) pulumi.StringOutput { return v.StartDate }).(pulumi.StringOutput) +} + +// (String) The provisioning status of this request. +func (o PrivilegedAccessGroupEligibilityScheduleOutput) Status() pulumi.StringOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupEligibilitySchedule) pulumi.StringOutput { return v.Status }).(pulumi.StringOutput) +} + +// The ticket number in the ticket system approving this assignment. May be required by the role policy. +func (o PrivilegedAccessGroupEligibilityScheduleOutput) TicketNumber() pulumi.StringPtrOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupEligibilitySchedule) pulumi.StringPtrOutput { return v.TicketNumber }).(pulumi.StringPtrOutput) +} + +// The ticket system containing the ticket number approving this assignment. May be required by the role policy. +func (o PrivilegedAccessGroupEligibilityScheduleOutput) TicketSystem() pulumi.StringPtrOutput { + return o.ApplyT(func(v *PrivilegedAccessGroupEligibilitySchedule) pulumi.StringPtrOutput { return v.TicketSystem }).(pulumi.StringPtrOutput) +} + +type PrivilegedAccessGroupEligibilityScheduleArrayOutput struct{ *pulumi.OutputState } + +func (PrivilegedAccessGroupEligibilityScheduleArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*PrivilegedAccessGroupEligibilitySchedule)(nil)).Elem() +} + +func (o PrivilegedAccessGroupEligibilityScheduleArrayOutput) ToPrivilegedAccessGroupEligibilityScheduleArrayOutput() PrivilegedAccessGroupEligibilityScheduleArrayOutput { + return o +} + +func (o PrivilegedAccessGroupEligibilityScheduleArrayOutput) ToPrivilegedAccessGroupEligibilityScheduleArrayOutputWithContext(ctx context.Context) PrivilegedAccessGroupEligibilityScheduleArrayOutput { + return o +} + +func (o PrivilegedAccessGroupEligibilityScheduleArrayOutput) Index(i pulumi.IntInput) PrivilegedAccessGroupEligibilityScheduleOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *PrivilegedAccessGroupEligibilitySchedule { + return vs[0].([]*PrivilegedAccessGroupEligibilitySchedule)[vs[1].(int)] + }).(PrivilegedAccessGroupEligibilityScheduleOutput) +} + +type PrivilegedAccessGroupEligibilityScheduleMapOutput struct{ *pulumi.OutputState } + +func (PrivilegedAccessGroupEligibilityScheduleMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*PrivilegedAccessGroupEligibilitySchedule)(nil)).Elem() +} + +func (o PrivilegedAccessGroupEligibilityScheduleMapOutput) ToPrivilegedAccessGroupEligibilityScheduleMapOutput() PrivilegedAccessGroupEligibilityScheduleMapOutput { + return o +} + +func (o PrivilegedAccessGroupEligibilityScheduleMapOutput) ToPrivilegedAccessGroupEligibilityScheduleMapOutputWithContext(ctx context.Context) PrivilegedAccessGroupEligibilityScheduleMapOutput { + return o +} + +func (o PrivilegedAccessGroupEligibilityScheduleMapOutput) MapIndex(k pulumi.StringInput) PrivilegedAccessGroupEligibilityScheduleOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *PrivilegedAccessGroupEligibilitySchedule { + return vs[0].(map[string]*PrivilegedAccessGroupEligibilitySchedule)[vs[1].(string)] + }).(PrivilegedAccessGroupEligibilityScheduleOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*PrivilegedAccessGroupEligibilityScheduleInput)(nil)).Elem(), &PrivilegedAccessGroupEligibilitySchedule{}) + pulumi.RegisterInputType(reflect.TypeOf((*PrivilegedAccessGroupEligibilityScheduleArrayInput)(nil)).Elem(), PrivilegedAccessGroupEligibilityScheduleArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*PrivilegedAccessGroupEligibilityScheduleMapInput)(nil)).Elem(), PrivilegedAccessGroupEligibilityScheduleMap{}) + pulumi.RegisterOutputType(PrivilegedAccessGroupEligibilityScheduleOutput{}) + pulumi.RegisterOutputType(PrivilegedAccessGroupEligibilityScheduleArrayOutput{}) + pulumi.RegisterOutputType(PrivilegedAccessGroupEligibilityScheduleMapOutput{}) +} diff --git a/sdk/go/azuread/pulumiTypes.go b/sdk/go/azuread/pulumiTypes.go index 9a6f5fe1e..4240842c3 100644 --- a/sdk/go/azuread/pulumiTypes.go +++ b/sdk/go/azuread/pulumiTypes.go @@ -6632,6 +6632,3254 @@ func (o GroupDynamicMembershipPtrOutput) Rule() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } +type GroupRoleManagementPolicyActivationRules struct { + // An `approvalStage` block as defined below. + ApprovalStage *GroupRoleManagementPolicyActivationRulesApprovalStage `pulumi:"approvalStage"` + // The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + MaximumDuration *string `pulumi:"maximumDuration"` + // Is approval required for activation. If `true` an `approvalStage` block must be provided. + RequireApproval *bool `pulumi:"requireApproval"` + // Is a justification required during activation of the role. + RequireJustification *bool `pulumi:"requireJustification"` + // Is multi-factor authentication required to activate the role. Conflicts with `requiredConditionalAccessAuthenticationContext`. + RequireMultifactorAuthentication *bool `pulumi:"requireMultifactorAuthentication"` + // Is ticket information requrired during activation of the role. + RequireTicketInfo *bool `pulumi:"requireTicketInfo"` + // The Entra ID Conditional Access context that must be present for activation. Conflicts with `requireMultifactorAuthentication`. + RequiredConditionalAccessAuthenticationContext *string `pulumi:"requiredConditionalAccessAuthenticationContext"` +} + +// GroupRoleManagementPolicyActivationRulesInput is an input type that accepts GroupRoleManagementPolicyActivationRulesArgs and GroupRoleManagementPolicyActivationRulesOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyActivationRulesInput` via: +// +// GroupRoleManagementPolicyActivationRulesArgs{...} +type GroupRoleManagementPolicyActivationRulesInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyActivationRulesOutput() GroupRoleManagementPolicyActivationRulesOutput + ToGroupRoleManagementPolicyActivationRulesOutputWithContext(context.Context) GroupRoleManagementPolicyActivationRulesOutput +} + +type GroupRoleManagementPolicyActivationRulesArgs struct { + // An `approvalStage` block as defined below. + ApprovalStage GroupRoleManagementPolicyActivationRulesApprovalStagePtrInput `pulumi:"approvalStage"` + // The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + MaximumDuration pulumi.StringPtrInput `pulumi:"maximumDuration"` + // Is approval required for activation. If `true` an `approvalStage` block must be provided. + RequireApproval pulumi.BoolPtrInput `pulumi:"requireApproval"` + // Is a justification required during activation of the role. + RequireJustification pulumi.BoolPtrInput `pulumi:"requireJustification"` + // Is multi-factor authentication required to activate the role. Conflicts with `requiredConditionalAccessAuthenticationContext`. + RequireMultifactorAuthentication pulumi.BoolPtrInput `pulumi:"requireMultifactorAuthentication"` + // Is ticket information requrired during activation of the role. + RequireTicketInfo pulumi.BoolPtrInput `pulumi:"requireTicketInfo"` + // The Entra ID Conditional Access context that must be present for activation. Conflicts with `requireMultifactorAuthentication`. + RequiredConditionalAccessAuthenticationContext pulumi.StringPtrInput `pulumi:"requiredConditionalAccessAuthenticationContext"` +} + +func (GroupRoleManagementPolicyActivationRulesArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyActivationRules)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyActivationRulesArgs) ToGroupRoleManagementPolicyActivationRulesOutput() GroupRoleManagementPolicyActivationRulesOutput { + return i.ToGroupRoleManagementPolicyActivationRulesOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyActivationRulesArgs) ToGroupRoleManagementPolicyActivationRulesOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActivationRulesOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyActivationRulesOutput) +} + +func (i GroupRoleManagementPolicyActivationRulesArgs) ToGroupRoleManagementPolicyActivationRulesPtrOutput() GroupRoleManagementPolicyActivationRulesPtrOutput { + return i.ToGroupRoleManagementPolicyActivationRulesPtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyActivationRulesArgs) ToGroupRoleManagementPolicyActivationRulesPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActivationRulesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyActivationRulesOutput).ToGroupRoleManagementPolicyActivationRulesPtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyActivationRulesPtrInput is an input type that accepts GroupRoleManagementPolicyActivationRulesArgs, GroupRoleManagementPolicyActivationRulesPtr and GroupRoleManagementPolicyActivationRulesPtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyActivationRulesPtrInput` via: +// +// GroupRoleManagementPolicyActivationRulesArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyActivationRulesPtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyActivationRulesPtrOutput() GroupRoleManagementPolicyActivationRulesPtrOutput + ToGroupRoleManagementPolicyActivationRulesPtrOutputWithContext(context.Context) GroupRoleManagementPolicyActivationRulesPtrOutput +} + +type groupRoleManagementPolicyActivationRulesPtrType GroupRoleManagementPolicyActivationRulesArgs + +func GroupRoleManagementPolicyActivationRulesPtr(v *GroupRoleManagementPolicyActivationRulesArgs) GroupRoleManagementPolicyActivationRulesPtrInput { + return (*groupRoleManagementPolicyActivationRulesPtrType)(v) +} + +func (*groupRoleManagementPolicyActivationRulesPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyActivationRules)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyActivationRulesPtrType) ToGroupRoleManagementPolicyActivationRulesPtrOutput() GroupRoleManagementPolicyActivationRulesPtrOutput { + return i.ToGroupRoleManagementPolicyActivationRulesPtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyActivationRulesPtrType) ToGroupRoleManagementPolicyActivationRulesPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActivationRulesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyActivationRulesPtrOutput) +} + +type GroupRoleManagementPolicyActivationRulesOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyActivationRulesOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyActivationRules)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyActivationRulesOutput) ToGroupRoleManagementPolicyActivationRulesOutput() GroupRoleManagementPolicyActivationRulesOutput { + return o +} + +func (o GroupRoleManagementPolicyActivationRulesOutput) ToGroupRoleManagementPolicyActivationRulesOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActivationRulesOutput { + return o +} + +func (o GroupRoleManagementPolicyActivationRulesOutput) ToGroupRoleManagementPolicyActivationRulesPtrOutput() GroupRoleManagementPolicyActivationRulesPtrOutput { + return o.ToGroupRoleManagementPolicyActivationRulesPtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyActivationRulesOutput) ToGroupRoleManagementPolicyActivationRulesPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActivationRulesPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyActivationRules) *GroupRoleManagementPolicyActivationRules { + return &v + }).(GroupRoleManagementPolicyActivationRulesPtrOutput) +} + +// An `approvalStage` block as defined below. +func (o GroupRoleManagementPolicyActivationRulesOutput) ApprovalStage() GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyActivationRules) *GroupRoleManagementPolicyActivationRulesApprovalStage { + return v.ApprovalStage + }).(GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput) +} + +// The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. +func (o GroupRoleManagementPolicyActivationRulesOutput) MaximumDuration() pulumi.StringPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyActivationRules) *string { return v.MaximumDuration }).(pulumi.StringPtrOutput) +} + +// Is approval required for activation. If `true` an `approvalStage` block must be provided. +func (o GroupRoleManagementPolicyActivationRulesOutput) RequireApproval() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyActivationRules) *bool { return v.RequireApproval }).(pulumi.BoolPtrOutput) +} + +// Is a justification required during activation of the role. +func (o GroupRoleManagementPolicyActivationRulesOutput) RequireJustification() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyActivationRules) *bool { return v.RequireJustification }).(pulumi.BoolPtrOutput) +} + +// Is multi-factor authentication required to activate the role. Conflicts with `requiredConditionalAccessAuthenticationContext`. +func (o GroupRoleManagementPolicyActivationRulesOutput) RequireMultifactorAuthentication() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyActivationRules) *bool { return v.RequireMultifactorAuthentication }).(pulumi.BoolPtrOutput) +} + +// Is ticket information requrired during activation of the role. +func (o GroupRoleManagementPolicyActivationRulesOutput) RequireTicketInfo() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyActivationRules) *bool { return v.RequireTicketInfo }).(pulumi.BoolPtrOutput) +} + +// The Entra ID Conditional Access context that must be present for activation. Conflicts with `requireMultifactorAuthentication`. +func (o GroupRoleManagementPolicyActivationRulesOutput) RequiredConditionalAccessAuthenticationContext() pulumi.StringPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyActivationRules) *string { + return v.RequiredConditionalAccessAuthenticationContext + }).(pulumi.StringPtrOutput) +} + +type GroupRoleManagementPolicyActivationRulesPtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyActivationRulesPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyActivationRules)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyActivationRulesPtrOutput) ToGroupRoleManagementPolicyActivationRulesPtrOutput() GroupRoleManagementPolicyActivationRulesPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyActivationRulesPtrOutput) ToGroupRoleManagementPolicyActivationRulesPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActivationRulesPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyActivationRulesPtrOutput) Elem() GroupRoleManagementPolicyActivationRulesOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyActivationRules) GroupRoleManagementPolicyActivationRules { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyActivationRules + return ret + }).(GroupRoleManagementPolicyActivationRulesOutput) +} + +// An `approvalStage` block as defined below. +func (o GroupRoleManagementPolicyActivationRulesPtrOutput) ApprovalStage() GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyActivationRules) *GroupRoleManagementPolicyActivationRulesApprovalStage { + if v == nil { + return nil + } + return v.ApprovalStage + }).(GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput) +} + +// The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. +func (o GroupRoleManagementPolicyActivationRulesPtrOutput) MaximumDuration() pulumi.StringPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyActivationRules) *string { + if v == nil { + return nil + } + return v.MaximumDuration + }).(pulumi.StringPtrOutput) +} + +// Is approval required for activation. If `true` an `approvalStage` block must be provided. +func (o GroupRoleManagementPolicyActivationRulesPtrOutput) RequireApproval() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyActivationRules) *bool { + if v == nil { + return nil + } + return v.RequireApproval + }).(pulumi.BoolPtrOutput) +} + +// Is a justification required during activation of the role. +func (o GroupRoleManagementPolicyActivationRulesPtrOutput) RequireJustification() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyActivationRules) *bool { + if v == nil { + return nil + } + return v.RequireJustification + }).(pulumi.BoolPtrOutput) +} + +// Is multi-factor authentication required to activate the role. Conflicts with `requiredConditionalAccessAuthenticationContext`. +func (o GroupRoleManagementPolicyActivationRulesPtrOutput) RequireMultifactorAuthentication() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyActivationRules) *bool { + if v == nil { + return nil + } + return v.RequireMultifactorAuthentication + }).(pulumi.BoolPtrOutput) +} + +// Is ticket information requrired during activation of the role. +func (o GroupRoleManagementPolicyActivationRulesPtrOutput) RequireTicketInfo() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyActivationRules) *bool { + if v == nil { + return nil + } + return v.RequireTicketInfo + }).(pulumi.BoolPtrOutput) +} + +// The Entra ID Conditional Access context that must be present for activation. Conflicts with `requireMultifactorAuthentication`. +func (o GroupRoleManagementPolicyActivationRulesPtrOutput) RequiredConditionalAccessAuthenticationContext() pulumi.StringPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyActivationRules) *string { + if v == nil { + return nil + } + return v.RequiredConditionalAccessAuthenticationContext + }).(pulumi.StringPtrOutput) +} + +type GroupRoleManagementPolicyActivationRulesApprovalStage struct { + // The IDs of the users or groups who can approve the activation + PrimaryApprovers []GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover `pulumi:"primaryApprovers"` +} + +// GroupRoleManagementPolicyActivationRulesApprovalStageInput is an input type that accepts GroupRoleManagementPolicyActivationRulesApprovalStageArgs and GroupRoleManagementPolicyActivationRulesApprovalStageOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyActivationRulesApprovalStageInput` via: +// +// GroupRoleManagementPolicyActivationRulesApprovalStageArgs{...} +type GroupRoleManagementPolicyActivationRulesApprovalStageInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyActivationRulesApprovalStageOutput() GroupRoleManagementPolicyActivationRulesApprovalStageOutput + ToGroupRoleManagementPolicyActivationRulesApprovalStageOutputWithContext(context.Context) GroupRoleManagementPolicyActivationRulesApprovalStageOutput +} + +type GroupRoleManagementPolicyActivationRulesApprovalStageArgs struct { + // The IDs of the users or groups who can approve the activation + PrimaryApprovers GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayInput `pulumi:"primaryApprovers"` +} + +func (GroupRoleManagementPolicyActivationRulesApprovalStageArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyActivationRulesApprovalStage)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyActivationRulesApprovalStageArgs) ToGroupRoleManagementPolicyActivationRulesApprovalStageOutput() GroupRoleManagementPolicyActivationRulesApprovalStageOutput { + return i.ToGroupRoleManagementPolicyActivationRulesApprovalStageOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyActivationRulesApprovalStageArgs) ToGroupRoleManagementPolicyActivationRulesApprovalStageOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActivationRulesApprovalStageOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyActivationRulesApprovalStageOutput) +} + +func (i GroupRoleManagementPolicyActivationRulesApprovalStageArgs) ToGroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput() GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput { + return i.ToGroupRoleManagementPolicyActivationRulesApprovalStagePtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyActivationRulesApprovalStageArgs) ToGroupRoleManagementPolicyActivationRulesApprovalStagePtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyActivationRulesApprovalStageOutput).ToGroupRoleManagementPolicyActivationRulesApprovalStagePtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyActivationRulesApprovalStagePtrInput is an input type that accepts GroupRoleManagementPolicyActivationRulesApprovalStageArgs, GroupRoleManagementPolicyActivationRulesApprovalStagePtr and GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyActivationRulesApprovalStagePtrInput` via: +// +// GroupRoleManagementPolicyActivationRulesApprovalStageArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyActivationRulesApprovalStagePtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput() GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput + ToGroupRoleManagementPolicyActivationRulesApprovalStagePtrOutputWithContext(context.Context) GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput +} + +type groupRoleManagementPolicyActivationRulesApprovalStagePtrType GroupRoleManagementPolicyActivationRulesApprovalStageArgs + +func GroupRoleManagementPolicyActivationRulesApprovalStagePtr(v *GroupRoleManagementPolicyActivationRulesApprovalStageArgs) GroupRoleManagementPolicyActivationRulesApprovalStagePtrInput { + return (*groupRoleManagementPolicyActivationRulesApprovalStagePtrType)(v) +} + +func (*groupRoleManagementPolicyActivationRulesApprovalStagePtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyActivationRulesApprovalStage)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyActivationRulesApprovalStagePtrType) ToGroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput() GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput { + return i.ToGroupRoleManagementPolicyActivationRulesApprovalStagePtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyActivationRulesApprovalStagePtrType) ToGroupRoleManagementPolicyActivationRulesApprovalStagePtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput) +} + +type GroupRoleManagementPolicyActivationRulesApprovalStageOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyActivationRulesApprovalStageOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyActivationRulesApprovalStage)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyActivationRulesApprovalStageOutput) ToGroupRoleManagementPolicyActivationRulesApprovalStageOutput() GroupRoleManagementPolicyActivationRulesApprovalStageOutput { + return o +} + +func (o GroupRoleManagementPolicyActivationRulesApprovalStageOutput) ToGroupRoleManagementPolicyActivationRulesApprovalStageOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActivationRulesApprovalStageOutput { + return o +} + +func (o GroupRoleManagementPolicyActivationRulesApprovalStageOutput) ToGroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput() GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput { + return o.ToGroupRoleManagementPolicyActivationRulesApprovalStagePtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyActivationRulesApprovalStageOutput) ToGroupRoleManagementPolicyActivationRulesApprovalStagePtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyActivationRulesApprovalStage) *GroupRoleManagementPolicyActivationRulesApprovalStage { + return &v + }).(GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput) +} + +// The IDs of the users or groups who can approve the activation +func (o GroupRoleManagementPolicyActivationRulesApprovalStageOutput) PrimaryApprovers() GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyActivationRulesApprovalStage) []GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover { + return v.PrimaryApprovers + }).(GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput) +} + +type GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyActivationRulesApprovalStage)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput) ToGroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput() GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput { + return o +} + +func (o GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput) ToGroupRoleManagementPolicyActivationRulesApprovalStagePtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput { + return o +} + +func (o GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput) Elem() GroupRoleManagementPolicyActivationRulesApprovalStageOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyActivationRulesApprovalStage) GroupRoleManagementPolicyActivationRulesApprovalStage { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyActivationRulesApprovalStage + return ret + }).(GroupRoleManagementPolicyActivationRulesApprovalStageOutput) +} + +// The IDs of the users or groups who can approve the activation +func (o GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput) PrimaryApprovers() GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyActivationRulesApprovalStage) []GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover { + if v == nil { + return nil + } + return v.PrimaryApprovers + }).(GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput) +} + +type GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover struct { + // The ID of the object which will act as an approver. + ObjectId string `pulumi:"objectId"` + // The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + Type *string `pulumi:"type"` +} + +// GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverInput is an input type that accepts GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs and GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverInput` via: +// +// GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs{...} +type GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput() GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput + ToGroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutputWithContext(context.Context) GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput +} + +type GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs struct { + // The ID of the object which will act as an approver. + ObjectId pulumi.StringInput `pulumi:"objectId"` + // The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + Type pulumi.StringPtrInput `pulumi:"type"` +} + +func (GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs) ToGroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput() GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput { + return i.ToGroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs) ToGroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput) +} + +// GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayInput is an input type that accepts GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArray and GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayInput` via: +// +// GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArray{ GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs{...} } +type GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput() GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput + ToGroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutputWithContext(context.Context) GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput +} + +type GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArray []GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverInput + +func (GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArray) ToGroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput() GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput { + return i.ToGroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArray) ToGroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput) +} + +type GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput) ToGroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput() GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput { + return o +} + +func (o GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput) ToGroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput { + return o +} + +// The ID of the object which will act as an approver. +func (o GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput) ObjectId() pulumi.StringOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover) string { return v.ObjectId }).(pulumi.StringOutput) +} + +// The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. +func (o GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput) Type() pulumi.StringPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover) *string { return v.Type }).(pulumi.StringPtrOutput) +} + +type GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput) ToGroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput() GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput { + return o +} + +func (o GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput) ToGroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput { + return o +} + +func (o GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput) Index(i pulumi.IntInput) GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover { + return vs[0].([]GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover)[vs[1].(int)] + }).(GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput) +} + +type GroupRoleManagementPolicyActiveAssignmentRules struct { + // Must an assignment have an expiry date. `false` allows permanent assignment. + ExpirationRequired *bool `pulumi:"expirationRequired"` + // The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + ExpireAfter *string `pulumi:"expireAfter"` + // Is a justification required to create new assignments. + RequireJustification *bool `pulumi:"requireJustification"` + // Is multi-factor authentication required to create new assignments. + RequireMultifactorAuthentication *bool `pulumi:"requireMultifactorAuthentication"` + // Is ticket information required to create new assignments. + // + // One of `expirationRequired` or `expireAfter` must be provided. + RequireTicketInfo *bool `pulumi:"requireTicketInfo"` +} + +// GroupRoleManagementPolicyActiveAssignmentRulesInput is an input type that accepts GroupRoleManagementPolicyActiveAssignmentRulesArgs and GroupRoleManagementPolicyActiveAssignmentRulesOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyActiveAssignmentRulesInput` via: +// +// GroupRoleManagementPolicyActiveAssignmentRulesArgs{...} +type GroupRoleManagementPolicyActiveAssignmentRulesInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyActiveAssignmentRulesOutput() GroupRoleManagementPolicyActiveAssignmentRulesOutput + ToGroupRoleManagementPolicyActiveAssignmentRulesOutputWithContext(context.Context) GroupRoleManagementPolicyActiveAssignmentRulesOutput +} + +type GroupRoleManagementPolicyActiveAssignmentRulesArgs struct { + // Must an assignment have an expiry date. `false` allows permanent assignment. + ExpirationRequired pulumi.BoolPtrInput `pulumi:"expirationRequired"` + // The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + ExpireAfter pulumi.StringPtrInput `pulumi:"expireAfter"` + // Is a justification required to create new assignments. + RequireJustification pulumi.BoolPtrInput `pulumi:"requireJustification"` + // Is multi-factor authentication required to create new assignments. + RequireMultifactorAuthentication pulumi.BoolPtrInput `pulumi:"requireMultifactorAuthentication"` + // Is ticket information required to create new assignments. + // + // One of `expirationRequired` or `expireAfter` must be provided. + RequireTicketInfo pulumi.BoolPtrInput `pulumi:"requireTicketInfo"` +} + +func (GroupRoleManagementPolicyActiveAssignmentRulesArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyActiveAssignmentRules)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyActiveAssignmentRulesArgs) ToGroupRoleManagementPolicyActiveAssignmentRulesOutput() GroupRoleManagementPolicyActiveAssignmentRulesOutput { + return i.ToGroupRoleManagementPolicyActiveAssignmentRulesOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyActiveAssignmentRulesArgs) ToGroupRoleManagementPolicyActiveAssignmentRulesOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActiveAssignmentRulesOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyActiveAssignmentRulesOutput) +} + +func (i GroupRoleManagementPolicyActiveAssignmentRulesArgs) ToGroupRoleManagementPolicyActiveAssignmentRulesPtrOutput() GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput { + return i.ToGroupRoleManagementPolicyActiveAssignmentRulesPtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyActiveAssignmentRulesArgs) ToGroupRoleManagementPolicyActiveAssignmentRulesPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyActiveAssignmentRulesOutput).ToGroupRoleManagementPolicyActiveAssignmentRulesPtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyActiveAssignmentRulesPtrInput is an input type that accepts GroupRoleManagementPolicyActiveAssignmentRulesArgs, GroupRoleManagementPolicyActiveAssignmentRulesPtr and GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyActiveAssignmentRulesPtrInput` via: +// +// GroupRoleManagementPolicyActiveAssignmentRulesArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyActiveAssignmentRulesPtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyActiveAssignmentRulesPtrOutput() GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput + ToGroupRoleManagementPolicyActiveAssignmentRulesPtrOutputWithContext(context.Context) GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput +} + +type groupRoleManagementPolicyActiveAssignmentRulesPtrType GroupRoleManagementPolicyActiveAssignmentRulesArgs + +func GroupRoleManagementPolicyActiveAssignmentRulesPtr(v *GroupRoleManagementPolicyActiveAssignmentRulesArgs) GroupRoleManagementPolicyActiveAssignmentRulesPtrInput { + return (*groupRoleManagementPolicyActiveAssignmentRulesPtrType)(v) +} + +func (*groupRoleManagementPolicyActiveAssignmentRulesPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyActiveAssignmentRules)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyActiveAssignmentRulesPtrType) ToGroupRoleManagementPolicyActiveAssignmentRulesPtrOutput() GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput { + return i.ToGroupRoleManagementPolicyActiveAssignmentRulesPtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyActiveAssignmentRulesPtrType) ToGroupRoleManagementPolicyActiveAssignmentRulesPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput) +} + +type GroupRoleManagementPolicyActiveAssignmentRulesOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyActiveAssignmentRulesOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyActiveAssignmentRules)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyActiveAssignmentRulesOutput) ToGroupRoleManagementPolicyActiveAssignmentRulesOutput() GroupRoleManagementPolicyActiveAssignmentRulesOutput { + return o +} + +func (o GroupRoleManagementPolicyActiveAssignmentRulesOutput) ToGroupRoleManagementPolicyActiveAssignmentRulesOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActiveAssignmentRulesOutput { + return o +} + +func (o GroupRoleManagementPolicyActiveAssignmentRulesOutput) ToGroupRoleManagementPolicyActiveAssignmentRulesPtrOutput() GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput { + return o.ToGroupRoleManagementPolicyActiveAssignmentRulesPtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyActiveAssignmentRulesOutput) ToGroupRoleManagementPolicyActiveAssignmentRulesPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyActiveAssignmentRules) *GroupRoleManagementPolicyActiveAssignmentRules { + return &v + }).(GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput) +} + +// Must an assignment have an expiry date. `false` allows permanent assignment. +func (o GroupRoleManagementPolicyActiveAssignmentRulesOutput) ExpirationRequired() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyActiveAssignmentRules) *bool { return v.ExpirationRequired }).(pulumi.BoolPtrOutput) +} + +// The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. +func (o GroupRoleManagementPolicyActiveAssignmentRulesOutput) ExpireAfter() pulumi.StringPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyActiveAssignmentRules) *string { return v.ExpireAfter }).(pulumi.StringPtrOutput) +} + +// Is a justification required to create new assignments. +func (o GroupRoleManagementPolicyActiveAssignmentRulesOutput) RequireJustification() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyActiveAssignmentRules) *bool { return v.RequireJustification }).(pulumi.BoolPtrOutput) +} + +// Is multi-factor authentication required to create new assignments. +func (o GroupRoleManagementPolicyActiveAssignmentRulesOutput) RequireMultifactorAuthentication() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyActiveAssignmentRules) *bool { + return v.RequireMultifactorAuthentication + }).(pulumi.BoolPtrOutput) +} + +// Is ticket information required to create new assignments. +// +// One of `expirationRequired` or `expireAfter` must be provided. +func (o GroupRoleManagementPolicyActiveAssignmentRulesOutput) RequireTicketInfo() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyActiveAssignmentRules) *bool { return v.RequireTicketInfo }).(pulumi.BoolPtrOutput) +} + +type GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyActiveAssignmentRules)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput) ToGroupRoleManagementPolicyActiveAssignmentRulesPtrOutput() GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput) ToGroupRoleManagementPolicyActiveAssignmentRulesPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput) Elem() GroupRoleManagementPolicyActiveAssignmentRulesOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyActiveAssignmentRules) GroupRoleManagementPolicyActiveAssignmentRules { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyActiveAssignmentRules + return ret + }).(GroupRoleManagementPolicyActiveAssignmentRulesOutput) +} + +// Must an assignment have an expiry date. `false` allows permanent assignment. +func (o GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput) ExpirationRequired() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyActiveAssignmentRules) *bool { + if v == nil { + return nil + } + return v.ExpirationRequired + }).(pulumi.BoolPtrOutput) +} + +// The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. +func (o GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput) ExpireAfter() pulumi.StringPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyActiveAssignmentRules) *string { + if v == nil { + return nil + } + return v.ExpireAfter + }).(pulumi.StringPtrOutput) +} + +// Is a justification required to create new assignments. +func (o GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput) RequireJustification() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyActiveAssignmentRules) *bool { + if v == nil { + return nil + } + return v.RequireJustification + }).(pulumi.BoolPtrOutput) +} + +// Is multi-factor authentication required to create new assignments. +func (o GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput) RequireMultifactorAuthentication() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyActiveAssignmentRules) *bool { + if v == nil { + return nil + } + return v.RequireMultifactorAuthentication + }).(pulumi.BoolPtrOutput) +} + +// Is ticket information required to create new assignments. +// +// One of `expirationRequired` or `expireAfter` must be provided. +func (o GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput) RequireTicketInfo() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyActiveAssignmentRules) *bool { + if v == nil { + return nil + } + return v.RequireTicketInfo + }).(pulumi.BoolPtrOutput) +} + +type GroupRoleManagementPolicyEligibleAssignmentRules struct { + // Must an assignment have an expiry date. `false` allows permanent assignment. + ExpirationRequired *bool `pulumi:"expirationRequired"` + // The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + // + // One of `expirationRequired` or `expireAfter` must be provided. + ExpireAfter *string `pulumi:"expireAfter"` +} + +// GroupRoleManagementPolicyEligibleAssignmentRulesInput is an input type that accepts GroupRoleManagementPolicyEligibleAssignmentRulesArgs and GroupRoleManagementPolicyEligibleAssignmentRulesOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyEligibleAssignmentRulesInput` via: +// +// GroupRoleManagementPolicyEligibleAssignmentRulesArgs{...} +type GroupRoleManagementPolicyEligibleAssignmentRulesInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyEligibleAssignmentRulesOutput() GroupRoleManagementPolicyEligibleAssignmentRulesOutput + ToGroupRoleManagementPolicyEligibleAssignmentRulesOutputWithContext(context.Context) GroupRoleManagementPolicyEligibleAssignmentRulesOutput +} + +type GroupRoleManagementPolicyEligibleAssignmentRulesArgs struct { + // Must an assignment have an expiry date. `false` allows permanent assignment. + ExpirationRequired pulumi.BoolPtrInput `pulumi:"expirationRequired"` + // The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + // + // One of `expirationRequired` or `expireAfter` must be provided. + ExpireAfter pulumi.StringPtrInput `pulumi:"expireAfter"` +} + +func (GroupRoleManagementPolicyEligibleAssignmentRulesArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyEligibleAssignmentRules)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyEligibleAssignmentRulesArgs) ToGroupRoleManagementPolicyEligibleAssignmentRulesOutput() GroupRoleManagementPolicyEligibleAssignmentRulesOutput { + return i.ToGroupRoleManagementPolicyEligibleAssignmentRulesOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyEligibleAssignmentRulesArgs) ToGroupRoleManagementPolicyEligibleAssignmentRulesOutputWithContext(ctx context.Context) GroupRoleManagementPolicyEligibleAssignmentRulesOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyEligibleAssignmentRulesOutput) +} + +func (i GroupRoleManagementPolicyEligibleAssignmentRulesArgs) ToGroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput() GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput { + return i.ToGroupRoleManagementPolicyEligibleAssignmentRulesPtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyEligibleAssignmentRulesArgs) ToGroupRoleManagementPolicyEligibleAssignmentRulesPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyEligibleAssignmentRulesOutput).ToGroupRoleManagementPolicyEligibleAssignmentRulesPtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyEligibleAssignmentRulesPtrInput is an input type that accepts GroupRoleManagementPolicyEligibleAssignmentRulesArgs, GroupRoleManagementPolicyEligibleAssignmentRulesPtr and GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyEligibleAssignmentRulesPtrInput` via: +// +// GroupRoleManagementPolicyEligibleAssignmentRulesArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyEligibleAssignmentRulesPtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput() GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput + ToGroupRoleManagementPolicyEligibleAssignmentRulesPtrOutputWithContext(context.Context) GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput +} + +type groupRoleManagementPolicyEligibleAssignmentRulesPtrType GroupRoleManagementPolicyEligibleAssignmentRulesArgs + +func GroupRoleManagementPolicyEligibleAssignmentRulesPtr(v *GroupRoleManagementPolicyEligibleAssignmentRulesArgs) GroupRoleManagementPolicyEligibleAssignmentRulesPtrInput { + return (*groupRoleManagementPolicyEligibleAssignmentRulesPtrType)(v) +} + +func (*groupRoleManagementPolicyEligibleAssignmentRulesPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyEligibleAssignmentRules)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyEligibleAssignmentRulesPtrType) ToGroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput() GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput { + return i.ToGroupRoleManagementPolicyEligibleAssignmentRulesPtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyEligibleAssignmentRulesPtrType) ToGroupRoleManagementPolicyEligibleAssignmentRulesPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput) +} + +type GroupRoleManagementPolicyEligibleAssignmentRulesOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyEligibleAssignmentRulesOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyEligibleAssignmentRules)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyEligibleAssignmentRulesOutput) ToGroupRoleManagementPolicyEligibleAssignmentRulesOutput() GroupRoleManagementPolicyEligibleAssignmentRulesOutput { + return o +} + +func (o GroupRoleManagementPolicyEligibleAssignmentRulesOutput) ToGroupRoleManagementPolicyEligibleAssignmentRulesOutputWithContext(ctx context.Context) GroupRoleManagementPolicyEligibleAssignmentRulesOutput { + return o +} + +func (o GroupRoleManagementPolicyEligibleAssignmentRulesOutput) ToGroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput() GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput { + return o.ToGroupRoleManagementPolicyEligibleAssignmentRulesPtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyEligibleAssignmentRulesOutput) ToGroupRoleManagementPolicyEligibleAssignmentRulesPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyEligibleAssignmentRules) *GroupRoleManagementPolicyEligibleAssignmentRules { + return &v + }).(GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput) +} + +// Must an assignment have an expiry date. `false` allows permanent assignment. +func (o GroupRoleManagementPolicyEligibleAssignmentRulesOutput) ExpirationRequired() pulumi.BoolPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyEligibleAssignmentRules) *bool { return v.ExpirationRequired }).(pulumi.BoolPtrOutput) +} + +// The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. +// +// One of `expirationRequired` or `expireAfter` must be provided. +func (o GroupRoleManagementPolicyEligibleAssignmentRulesOutput) ExpireAfter() pulumi.StringPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyEligibleAssignmentRules) *string { return v.ExpireAfter }).(pulumi.StringPtrOutput) +} + +type GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyEligibleAssignmentRules)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput) ToGroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput() GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput) ToGroupRoleManagementPolicyEligibleAssignmentRulesPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput) Elem() GroupRoleManagementPolicyEligibleAssignmentRulesOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyEligibleAssignmentRules) GroupRoleManagementPolicyEligibleAssignmentRules { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyEligibleAssignmentRules + return ret + }).(GroupRoleManagementPolicyEligibleAssignmentRulesOutput) +} + +// Must an assignment have an expiry date. `false` allows permanent assignment. +func (o GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput) ExpirationRequired() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyEligibleAssignmentRules) *bool { + if v == nil { + return nil + } + return v.ExpirationRequired + }).(pulumi.BoolPtrOutput) +} + +// The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. +// +// One of `expirationRequired` or `expireAfter` must be provided. +func (o GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput) ExpireAfter() pulumi.StringPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyEligibleAssignmentRules) *string { + if v == nil { + return nil + } + return v.ExpireAfter + }).(pulumi.StringPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRules struct { + // A `notificationTarget` block as defined below to configure notfications on active role assignments. + ActiveAssignments *GroupRoleManagementPolicyNotificationRulesActiveAssignments `pulumi:"activeAssignments"` + // A `notificationTarget` block as defined below for configuring notifications on activation of eligible role. + EligibleActivations *GroupRoleManagementPolicyNotificationRulesEligibleActivations `pulumi:"eligibleActivations"` + // A `notificationTarget` block as defined below to configure notification on eligible role assignments. + // + // At least one `notificationTarget` block must be provided. + EligibleAssignments *GroupRoleManagementPolicyNotificationRulesEligibleAssignments `pulumi:"eligibleAssignments"` +} + +// GroupRoleManagementPolicyNotificationRulesInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesArgs and GroupRoleManagementPolicyNotificationRulesOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesInput` via: +// +// GroupRoleManagementPolicyNotificationRulesArgs{...} +type GroupRoleManagementPolicyNotificationRulesInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesOutput() GroupRoleManagementPolicyNotificationRulesOutput + ToGroupRoleManagementPolicyNotificationRulesOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesOutput +} + +type GroupRoleManagementPolicyNotificationRulesArgs struct { + // A `notificationTarget` block as defined below to configure notfications on active role assignments. + ActiveAssignments GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrInput `pulumi:"activeAssignments"` + // A `notificationTarget` block as defined below for configuring notifications on activation of eligible role. + EligibleActivations GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrInput `pulumi:"eligibleActivations"` + // A `notificationTarget` block as defined below to configure notification on eligible role assignments. + // + // At least one `notificationTarget` block must be provided. + EligibleAssignments GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrInput `pulumi:"eligibleAssignments"` +} + +func (GroupRoleManagementPolicyNotificationRulesArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRules)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyNotificationRulesArgs) ToGroupRoleManagementPolicyNotificationRulesOutput() GroupRoleManagementPolicyNotificationRulesOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesArgs) ToGroupRoleManagementPolicyNotificationRulesOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesOutput) +} + +func (i GroupRoleManagementPolicyNotificationRulesArgs) ToGroupRoleManagementPolicyNotificationRulesPtrOutput() GroupRoleManagementPolicyNotificationRulesPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesPtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesArgs) ToGroupRoleManagementPolicyNotificationRulesPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesOutput).ToGroupRoleManagementPolicyNotificationRulesPtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyNotificationRulesPtrInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesArgs, GroupRoleManagementPolicyNotificationRulesPtr and GroupRoleManagementPolicyNotificationRulesPtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesPtrInput` via: +// +// GroupRoleManagementPolicyNotificationRulesArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyNotificationRulesPtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesPtrOutput() GroupRoleManagementPolicyNotificationRulesPtrOutput + ToGroupRoleManagementPolicyNotificationRulesPtrOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesPtrOutput +} + +type groupRoleManagementPolicyNotificationRulesPtrType GroupRoleManagementPolicyNotificationRulesArgs + +func GroupRoleManagementPolicyNotificationRulesPtr(v *GroupRoleManagementPolicyNotificationRulesArgs) GroupRoleManagementPolicyNotificationRulesPtrInput { + return (*groupRoleManagementPolicyNotificationRulesPtrType)(v) +} + +func (*groupRoleManagementPolicyNotificationRulesPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRules)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyNotificationRulesPtrType) ToGroupRoleManagementPolicyNotificationRulesPtrOutput() GroupRoleManagementPolicyNotificationRulesPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesPtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyNotificationRulesPtrType) ToGroupRoleManagementPolicyNotificationRulesPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRules)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesOutput) ToGroupRoleManagementPolicyNotificationRulesOutput() GroupRoleManagementPolicyNotificationRulesOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesOutput) ToGroupRoleManagementPolicyNotificationRulesOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesOutput) ToGroupRoleManagementPolicyNotificationRulesPtrOutput() GroupRoleManagementPolicyNotificationRulesPtrOutput { + return o.ToGroupRoleManagementPolicyNotificationRulesPtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyNotificationRulesOutput) ToGroupRoleManagementPolicyNotificationRulesPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyNotificationRules) *GroupRoleManagementPolicyNotificationRules { + return &v + }).(GroupRoleManagementPolicyNotificationRulesPtrOutput) +} + +// A `notificationTarget` block as defined below to configure notfications on active role assignments. +func (o GroupRoleManagementPolicyNotificationRulesOutput) ActiveAssignments() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRules) *GroupRoleManagementPolicyNotificationRulesActiveAssignments { + return v.ActiveAssignments + }).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput) +} + +// A `notificationTarget` block as defined below for configuring notifications on activation of eligible role. +func (o GroupRoleManagementPolicyNotificationRulesOutput) EligibleActivations() GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRules) *GroupRoleManagementPolicyNotificationRulesEligibleActivations { + return v.EligibleActivations + }).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput) +} + +// A `notificationTarget` block as defined below to configure notification on eligible role assignments. +// +// At least one `notificationTarget` block must be provided. +func (o GroupRoleManagementPolicyNotificationRulesOutput) EligibleAssignments() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRules) *GroupRoleManagementPolicyNotificationRulesEligibleAssignments { + return v.EligibleAssignments + }).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesPtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRules)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesPtrOutput) ToGroupRoleManagementPolicyNotificationRulesPtrOutput() GroupRoleManagementPolicyNotificationRulesPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesPtrOutput) ToGroupRoleManagementPolicyNotificationRulesPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesPtrOutput) Elem() GroupRoleManagementPolicyNotificationRulesOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRules) GroupRoleManagementPolicyNotificationRules { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyNotificationRules + return ret + }).(GroupRoleManagementPolicyNotificationRulesOutput) +} + +// A `notificationTarget` block as defined below to configure notfications on active role assignments. +func (o GroupRoleManagementPolicyNotificationRulesPtrOutput) ActiveAssignments() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRules) *GroupRoleManagementPolicyNotificationRulesActiveAssignments { + if v == nil { + return nil + } + return v.ActiveAssignments + }).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput) +} + +// A `notificationTarget` block as defined below for configuring notifications on activation of eligible role. +func (o GroupRoleManagementPolicyNotificationRulesPtrOutput) EligibleActivations() GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRules) *GroupRoleManagementPolicyNotificationRulesEligibleActivations { + if v == nil { + return nil + } + return v.EligibleActivations + }).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput) +} + +// A `notificationTarget` block as defined below to configure notification on eligible role assignments. +// +// At least one `notificationTarget` block must be provided. +func (o GroupRoleManagementPolicyNotificationRulesPtrOutput) EligibleAssignments() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRules) *GroupRoleManagementPolicyNotificationRulesEligibleAssignments { + if v == nil { + return nil + } + return v.EligibleAssignments + }).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesActiveAssignments struct { + // Admin notification settings + AdminNotifications *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications `pulumi:"adminNotifications"` + // Approver notification settings + ApproverNotifications *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications `pulumi:"approverNotifications"` + // Assignee notification settings + AssigneeNotifications *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications `pulumi:"assigneeNotifications"` +} + +// GroupRoleManagementPolicyNotificationRulesActiveAssignmentsInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs and GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesActiveAssignmentsInput` via: +// +// GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs{...} +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput + ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput +} + +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs struct { + // Admin notification settings + AdminNotifications GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrInput `pulumi:"adminNotifications"` + // Approver notification settings + ApproverNotifications GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrInput `pulumi:"approverNotifications"` + // Assignee notification settings + AssigneeNotifications GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrInput `pulumi:"assigneeNotifications"` +} + +func (GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesActiveAssignments)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput) +} + +func (i GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput).ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs, GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtr and GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrInput` via: +// +// GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput + ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput +} + +type groupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrType GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs + +func GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtr(v *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrInput { + return (*groupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrType)(v) +} + +func (*groupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesActiveAssignments)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrType) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrType) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesActiveAssignments)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput { + return o.ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyNotificationRulesActiveAssignments) *GroupRoleManagementPolicyNotificationRulesActiveAssignments { + return &v + }).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput) +} + +// Admin notification settings +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput) AdminNotifications() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesActiveAssignments) *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications { + return v.AdminNotifications + }).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput) +} + +// Approver notification settings +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput) ApproverNotifications() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesActiveAssignments) *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications { + return v.ApproverNotifications + }).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput) +} + +// Assignee notification settings +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput) AssigneeNotifications() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesActiveAssignments) *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications { + return v.AssigneeNotifications + }).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesActiveAssignments)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput) Elem() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesActiveAssignments) GroupRoleManagementPolicyNotificationRulesActiveAssignments { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyNotificationRulesActiveAssignments + return ret + }).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput) +} + +// Admin notification settings +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput) AdminNotifications() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesActiveAssignments) *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications { + if v == nil { + return nil + } + return v.AdminNotifications + }).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput) +} + +// Approver notification settings +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput) ApproverNotifications() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesActiveAssignments) *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications { + if v == nil { + return nil + } + return v.ApproverNotifications + }).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput) +} + +// Assignee notification settings +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput) AssigneeNotifications() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesActiveAssignments) *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications { + if v == nil { + return nil + } + return v.AssigneeNotifications + }).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications struct { + // The additional recipients to notify + AdditionalRecipients []string `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients bool `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel string `pulumi:"notificationLevel"` +} + +// GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs and GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsInput` via: +// +// GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs{...} +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput + ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput +} + +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs struct { + // The additional recipients to notify + AdditionalRecipients pulumi.StringArrayInput `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients pulumi.BoolInput `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel pulumi.StringInput `pulumi:"notificationLevel"` +} + +func (GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput) +} + +func (i GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput).ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs, GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtr and GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrInput` via: +// +// GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput + ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput +} + +type groupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrType GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs + +func GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtr(v *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrInput { + return (*groupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrType)(v) +} + +func (*groupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput { + return o.ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications) *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications { + return &v + }).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications) []string { + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput) DefaultRecipients() pulumi.BoolOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications) bool { + return v.DefaultRecipients + }).(pulumi.BoolOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput) NotificationLevel() pulumi.StringOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications) string { + return v.NotificationLevel + }).(pulumi.StringOutput) +} + +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput) Elem() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications + return ret + }).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications) []string { + if v == nil { + return nil + } + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput) DefaultRecipients() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications) *bool { + if v == nil { + return nil + } + return &v.DefaultRecipients + }).(pulumi.BoolPtrOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput) NotificationLevel() pulumi.StringPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications) *string { + if v == nil { + return nil + } + return &v.NotificationLevel + }).(pulumi.StringPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications struct { + // The additional recipients to notify + AdditionalRecipients []string `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients bool `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel string `pulumi:"notificationLevel"` +} + +// GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs and GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsInput` via: +// +// GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs{...} +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput + ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput +} + +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs struct { + // The additional recipients to notify + AdditionalRecipients pulumi.StringArrayInput `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients pulumi.BoolInput `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel pulumi.StringInput `pulumi:"notificationLevel"` +} + +func (GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput) +} + +func (i GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput).ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs, GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtr and GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrInput` via: +// +// GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput + ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput +} + +type groupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrType GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs + +func GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtr(v *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrInput { + return (*groupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrType)(v) +} + +func (*groupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput { + return o.ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications) *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications { + return &v + }).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications) []string { + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput) DefaultRecipients() pulumi.BoolOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications) bool { + return v.DefaultRecipients + }).(pulumi.BoolOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput) NotificationLevel() pulumi.StringOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications) string { + return v.NotificationLevel + }).(pulumi.StringOutput) +} + +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput) Elem() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications + return ret + }).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications) []string { + if v == nil { + return nil + } + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput) DefaultRecipients() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications) *bool { + if v == nil { + return nil + } + return &v.DefaultRecipients + }).(pulumi.BoolPtrOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput) NotificationLevel() pulumi.StringPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications) *string { + if v == nil { + return nil + } + return &v.NotificationLevel + }).(pulumi.StringPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications struct { + // The additional recipients to notify + AdditionalRecipients []string `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients bool `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel string `pulumi:"notificationLevel"` +} + +// GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs and GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsInput` via: +// +// GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs{...} +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput + ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput +} + +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs struct { + // The additional recipients to notify + AdditionalRecipients pulumi.StringArrayInput `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients pulumi.BoolInput `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel pulumi.StringInput `pulumi:"notificationLevel"` +} + +func (GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput) +} + +func (i GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput).ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs, GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtr and GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrInput` via: +// +// GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput + ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput +} + +type groupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrType GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs + +func GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtr(v *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrInput { + return (*groupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrType)(v) +} + +func (*groupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput { + return o.ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications) *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications { + return &v + }).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications) []string { + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput) DefaultRecipients() pulumi.BoolOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications) bool { + return v.DefaultRecipients + }).(pulumi.BoolOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput) NotificationLevel() pulumi.StringOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications) string { + return v.NotificationLevel + }).(pulumi.StringOutput) +} + +type GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput) Elem() GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications) GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications + return ret + }).(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications) []string { + if v == nil { + return nil + } + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput) DefaultRecipients() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications) *bool { + if v == nil { + return nil + } + return &v.DefaultRecipients + }).(pulumi.BoolPtrOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput) NotificationLevel() pulumi.StringPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications) *string { + if v == nil { + return nil + } + return &v.NotificationLevel + }).(pulumi.StringPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleActivations struct { + // Admin notification settings + AdminNotifications *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications `pulumi:"adminNotifications"` + // Approver notification settings + ApproverNotifications *GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications `pulumi:"approverNotifications"` + // Assignee notification settings + AssigneeNotifications *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications `pulumi:"assigneeNotifications"` +} + +// GroupRoleManagementPolicyNotificationRulesEligibleActivationsInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs and GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesEligibleActivationsInput` via: +// +// GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs{...} +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput + ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput +} + +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs struct { + // Admin notification settings + AdminNotifications GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrInput `pulumi:"adminNotifications"` + // Approver notification settings + ApproverNotifications GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrInput `pulumi:"approverNotifications"` + // Assignee notification settings + AssigneeNotifications GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrInput `pulumi:"assigneeNotifications"` +} + +func (GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleActivations)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput).ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs, GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtr and GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrInput` via: +// +// GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput + ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput +} + +type groupRoleManagementPolicyNotificationRulesEligibleActivationsPtrType GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs + +func GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtr(v *GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs) GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrInput { + return (*groupRoleManagementPolicyNotificationRulesEligibleActivationsPtrType)(v) +} + +func (*groupRoleManagementPolicyNotificationRulesEligibleActivationsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesEligibleActivations)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyNotificationRulesEligibleActivationsPtrType) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyNotificationRulesEligibleActivationsPtrType) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleActivations)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput { + return o.ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyNotificationRulesEligibleActivations) *GroupRoleManagementPolicyNotificationRulesEligibleActivations { + return &v + }).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput) +} + +// Admin notification settings +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput) AdminNotifications() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleActivations) *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications { + return v.AdminNotifications + }).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput) +} + +// Approver notification settings +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput) ApproverNotifications() GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleActivations) *GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications { + return v.ApproverNotifications + }).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput) +} + +// Assignee notification settings +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput) AssigneeNotifications() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleActivations) *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications { + return v.AssigneeNotifications + }).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesEligibleActivations)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput) Elem() GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleActivations) GroupRoleManagementPolicyNotificationRulesEligibleActivations { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyNotificationRulesEligibleActivations + return ret + }).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput) +} + +// Admin notification settings +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput) AdminNotifications() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleActivations) *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications { + if v == nil { + return nil + } + return v.AdminNotifications + }).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput) +} + +// Approver notification settings +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput) ApproverNotifications() GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleActivations) *GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications { + if v == nil { + return nil + } + return v.ApproverNotifications + }).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput) +} + +// Assignee notification settings +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput) AssigneeNotifications() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleActivations) *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications { + if v == nil { + return nil + } + return v.AssigneeNotifications + }).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications struct { + // The additional recipients to notify + AdditionalRecipients []string `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients bool `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel string `pulumi:"notificationLevel"` +} + +// GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs and GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsInput` via: +// +// GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs{...} +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput + ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput +} + +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs struct { + // The additional recipients to notify + AdditionalRecipients pulumi.StringArrayInput `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients pulumi.BoolInput `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel pulumi.StringInput `pulumi:"notificationLevel"` +} + +func (GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput).ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs, GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtr and GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrInput` via: +// +// GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput + ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput +} + +type groupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrType GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs + +func GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtr(v *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrInput { + return (*groupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrType)(v) +} + +func (*groupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput { + return o.ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications) *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications { + return &v + }).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications) []string { + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput) DefaultRecipients() pulumi.BoolOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications) bool { + return v.DefaultRecipients + }).(pulumi.BoolOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput) NotificationLevel() pulumi.StringOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications) string { + return v.NotificationLevel + }).(pulumi.StringOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput) Elem() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications + return ret + }).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications) []string { + if v == nil { + return nil + } + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput) DefaultRecipients() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications) *bool { + if v == nil { + return nil + } + return &v.DefaultRecipients + }).(pulumi.BoolPtrOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput) NotificationLevel() pulumi.StringPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications) *string { + if v == nil { + return nil + } + return &v.NotificationLevel + }).(pulumi.StringPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications struct { + // The additional recipients to notify + AdditionalRecipients []string `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients bool `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel string `pulumi:"notificationLevel"` +} + +// GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs and GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsInput` via: +// +// GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs{...} +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput + ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput +} + +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs struct { + // The additional recipients to notify + AdditionalRecipients pulumi.StringArrayInput `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients pulumi.BoolInput `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel pulumi.StringInput `pulumi:"notificationLevel"` +} + +func (GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput).ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs, GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtr and GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrInput` via: +// +// GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput + ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput +} + +type groupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrType GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs + +func GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtr(v *GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs) GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrInput { + return (*groupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrType)(v) +} + +func (*groupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput { + return o.ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications) *GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications { + return &v + }).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications) []string { + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput) DefaultRecipients() pulumi.BoolOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications) bool { + return v.DefaultRecipients + }).(pulumi.BoolOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput) NotificationLevel() pulumi.StringOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications) string { + return v.NotificationLevel + }).(pulumi.StringOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput) Elem() GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications) GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications + return ret + }).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications) []string { + if v == nil { + return nil + } + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput) DefaultRecipients() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications) *bool { + if v == nil { + return nil + } + return &v.DefaultRecipients + }).(pulumi.BoolPtrOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput) NotificationLevel() pulumi.StringPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications) *string { + if v == nil { + return nil + } + return &v.NotificationLevel + }).(pulumi.StringPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications struct { + // The additional recipients to notify + AdditionalRecipients []string `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients bool `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel string `pulumi:"notificationLevel"` +} + +// GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs and GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsInput` via: +// +// GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs{...} +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput + ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput +} + +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs struct { + // The additional recipients to notify + AdditionalRecipients pulumi.StringArrayInput `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients pulumi.BoolInput `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel pulumi.StringInput `pulumi:"notificationLevel"` +} + +func (GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput).ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs, GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtr and GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrInput` via: +// +// GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput + ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput +} + +type groupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrType GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs + +func GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtr(v *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrInput { + return (*groupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrType)(v) +} + +func (*groupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput { + return o.ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications) *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications { + return &v + }).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications) []string { + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput) DefaultRecipients() pulumi.BoolOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications) bool { + return v.DefaultRecipients + }).(pulumi.BoolOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput) NotificationLevel() pulumi.StringOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications) string { + return v.NotificationLevel + }).(pulumi.StringOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput) Elem() GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications) GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications + return ret + }).(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications) []string { + if v == nil { + return nil + } + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput) DefaultRecipients() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications) *bool { + if v == nil { + return nil + } + return &v.DefaultRecipients + }).(pulumi.BoolPtrOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput) NotificationLevel() pulumi.StringPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications) *string { + if v == nil { + return nil + } + return &v.NotificationLevel + }).(pulumi.StringPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleAssignments struct { + // Admin notification settings + AdminNotifications *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications `pulumi:"adminNotifications"` + // Approver notification settings + ApproverNotifications *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications `pulumi:"approverNotifications"` + // Assignee notification settings + AssigneeNotifications *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications `pulumi:"assigneeNotifications"` +} + +// GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs and GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsInput` via: +// +// GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs{...} +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput + ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput +} + +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs struct { + // Admin notification settings + AdminNotifications GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrInput `pulumi:"adminNotifications"` + // Approver notification settings + ApproverNotifications GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrInput `pulumi:"approverNotifications"` + // Assignee notification settings + AssigneeNotifications GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrInput `pulumi:"assigneeNotifications"` +} + +func (GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleAssignments)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput).ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs, GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtr and GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrInput` via: +// +// GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput + ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput +} + +type groupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrType GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs + +func GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtr(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrInput { + return (*groupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrType)(v) +} + +func (*groupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesEligibleAssignments)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrType) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrType) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleAssignments)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput { + return o.ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyNotificationRulesEligibleAssignments) *GroupRoleManagementPolicyNotificationRulesEligibleAssignments { + return &v + }).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput) +} + +// Admin notification settings +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput) AdminNotifications() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleAssignments) *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications { + return v.AdminNotifications + }).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput) +} + +// Approver notification settings +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput) ApproverNotifications() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleAssignments) *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications { + return v.ApproverNotifications + }).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput) +} + +// Assignee notification settings +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput) AssigneeNotifications() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleAssignments) *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications { + return v.AssigneeNotifications + }).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesEligibleAssignments)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput) Elem() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignments) GroupRoleManagementPolicyNotificationRulesEligibleAssignments { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyNotificationRulesEligibleAssignments + return ret + }).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput) +} + +// Admin notification settings +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput) AdminNotifications() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignments) *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications { + if v == nil { + return nil + } + return v.AdminNotifications + }).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput) +} + +// Approver notification settings +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput) ApproverNotifications() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignments) *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications { + if v == nil { + return nil + } + return v.ApproverNotifications + }).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput) +} + +// Assignee notification settings +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput) AssigneeNotifications() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignments) *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications { + if v == nil { + return nil + } + return v.AssigneeNotifications + }).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications struct { + // The additional recipients to notify + AdditionalRecipients []string `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients bool `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel string `pulumi:"notificationLevel"` +} + +// GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs and GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsInput` via: +// +// GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs{...} +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput + ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput +} + +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs struct { + // The additional recipients to notify + AdditionalRecipients pulumi.StringArrayInput `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients pulumi.BoolInput `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel pulumi.StringInput `pulumi:"notificationLevel"` +} + +func (GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput).ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs, GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtr and GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrInput` via: +// +// GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput + ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput +} + +type groupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrType GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs + +func GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtr(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrInput { + return (*groupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrType)(v) +} + +func (*groupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput { + return o.ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications) *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications { + return &v + }).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications) []string { + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput) DefaultRecipients() pulumi.BoolOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications) bool { + return v.DefaultRecipients + }).(pulumi.BoolOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput) NotificationLevel() pulumi.StringOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications) string { + return v.NotificationLevel + }).(pulumi.StringOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput) Elem() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications + return ret + }).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications) []string { + if v == nil { + return nil + } + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput) DefaultRecipients() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications) *bool { + if v == nil { + return nil + } + return &v.DefaultRecipients + }).(pulumi.BoolPtrOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput) NotificationLevel() pulumi.StringPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications) *string { + if v == nil { + return nil + } + return &v.NotificationLevel + }).(pulumi.StringPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications struct { + // The additional recipients to notify + AdditionalRecipients []string `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients bool `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel string `pulumi:"notificationLevel"` +} + +// GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs and GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsInput` via: +// +// GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs{...} +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput + ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput +} + +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs struct { + // The additional recipients to notify + AdditionalRecipients pulumi.StringArrayInput `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients pulumi.BoolInput `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel pulumi.StringInput `pulumi:"notificationLevel"` +} + +func (GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput).ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs, GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtr and GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrInput` via: +// +// GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput + ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput +} + +type groupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrType GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs + +func GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtr(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrInput { + return (*groupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrType)(v) +} + +func (*groupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput { + return o.ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications) *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications { + return &v + }).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications) []string { + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput) DefaultRecipients() pulumi.BoolOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications) bool { + return v.DefaultRecipients + }).(pulumi.BoolOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput) NotificationLevel() pulumi.StringOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications) string { + return v.NotificationLevel + }).(pulumi.StringOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput) Elem() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications + return ret + }).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications) []string { + if v == nil { + return nil + } + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput) DefaultRecipients() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications) *bool { + if v == nil { + return nil + } + return &v.DefaultRecipients + }).(pulumi.BoolPtrOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput) NotificationLevel() pulumi.StringPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications) *string { + if v == nil { + return nil + } + return &v.NotificationLevel + }).(pulumi.StringPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications struct { + // The additional recipients to notify + AdditionalRecipients []string `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients bool `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel string `pulumi:"notificationLevel"` +} + +// GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs and GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsInput` via: +// +// GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs{...} +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput + ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput +} + +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs struct { + // The additional recipients to notify + AdditionalRecipients pulumi.StringArrayInput `pulumi:"additionalRecipients"` + // Whether the default recipients are notified + DefaultRecipients pulumi.BoolInput `pulumi:"defaultRecipients"` + // What level of notifications are sent + NotificationLevel pulumi.StringInput `pulumi:"notificationLevel"` +} + +func (GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications)(nil)).Elem() +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutputWithContext(context.Background()) +} + +func (i GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput).ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutputWithContext(ctx) +} + +// GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrInput is an input type that accepts GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs, GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtr and GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput values. +// You can construct a concrete instance of `GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrInput` via: +// +// GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs{...} +// +// or: +// +// nil +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrInput interface { + pulumi.Input + + ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput + ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutputWithContext(context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput +} + +type groupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrType GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs + +func GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtr(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrInput { + return (*groupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrType)(v) +} + +func (*groupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications)(nil)).Elem() +} + +func (i *groupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput { + return i.ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutputWithContext(context.Background()) +} + +func (i *groupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrType) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput { + return o.ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutputWithContext(context.Background()) +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications) *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications { + return &v + }).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications) []string { + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput) DefaultRecipients() pulumi.BoolOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications) bool { + return v.DefaultRecipients + }).(pulumi.BoolOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput) NotificationLevel() pulumi.StringOutput { + return o.ApplyT(func(v GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications) string { + return v.NotificationLevel + }).(pulumi.StringOutput) +} + +type GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput struct{ *pulumi.OutputState } + +func (GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications)(nil)).Elem() +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput) ToGroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutputWithContext(ctx context.Context) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput { + return o +} + +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput) Elem() GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications) GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications { + if v != nil { + return *v + } + var ret GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications + return ret + }).(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput) +} + +// The additional recipients to notify +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput) AdditionalRecipients() pulumi.StringArrayOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications) []string { + if v == nil { + return nil + } + return v.AdditionalRecipients + }).(pulumi.StringArrayOutput) +} + +// Whether the default recipients are notified +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput) DefaultRecipients() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications) *bool { + if v == nil { + return nil + } + return &v.DefaultRecipients + }).(pulumi.BoolPtrOutput) +} + +// What level of notifications are sent +func (o GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput) NotificationLevel() pulumi.StringPtrOutput { + return o.ApplyT(func(v *GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications) *string { + if v == nil { + return nil + } + return &v.NotificationLevel + }).(pulumi.StringPtrOutput) +} + type InvitationMessage struct { // Email addresses of additional recipients the invitation message should be sent to. Only 1 additional recipient is currently supported by Azure. AdditionalRecipients *string `pulumi:"additionalRecipients"` @@ -7806,6 +11054,220 @@ func (o ServicePrincipalSamlSingleSignOnPtrOutput) RelayState() pulumi.StringPtr }).(pulumi.StringPtrOutput) } +type SynchronizationJobProvisionOnDemandParameter struct { + // The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + RuleId string `pulumi:"ruleId"` + // One or more `subject` blocks as documented below. + Subjects []SynchronizationJobProvisionOnDemandParameterSubject `pulumi:"subjects"` +} + +// SynchronizationJobProvisionOnDemandParameterInput is an input type that accepts SynchronizationJobProvisionOnDemandParameterArgs and SynchronizationJobProvisionOnDemandParameterOutput values. +// You can construct a concrete instance of `SynchronizationJobProvisionOnDemandParameterInput` via: +// +// SynchronizationJobProvisionOnDemandParameterArgs{...} +type SynchronizationJobProvisionOnDemandParameterInput interface { + pulumi.Input + + ToSynchronizationJobProvisionOnDemandParameterOutput() SynchronizationJobProvisionOnDemandParameterOutput + ToSynchronizationJobProvisionOnDemandParameterOutputWithContext(context.Context) SynchronizationJobProvisionOnDemandParameterOutput +} + +type SynchronizationJobProvisionOnDemandParameterArgs struct { + // The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + RuleId pulumi.StringInput `pulumi:"ruleId"` + // One or more `subject` blocks as documented below. + Subjects SynchronizationJobProvisionOnDemandParameterSubjectArrayInput `pulumi:"subjects"` +} + +func (SynchronizationJobProvisionOnDemandParameterArgs) ElementType() reflect.Type { + return reflect.TypeOf((*SynchronizationJobProvisionOnDemandParameter)(nil)).Elem() +} + +func (i SynchronizationJobProvisionOnDemandParameterArgs) ToSynchronizationJobProvisionOnDemandParameterOutput() SynchronizationJobProvisionOnDemandParameterOutput { + return i.ToSynchronizationJobProvisionOnDemandParameterOutputWithContext(context.Background()) +} + +func (i SynchronizationJobProvisionOnDemandParameterArgs) ToSynchronizationJobProvisionOnDemandParameterOutputWithContext(ctx context.Context) SynchronizationJobProvisionOnDemandParameterOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationJobProvisionOnDemandParameterOutput) +} + +// SynchronizationJobProvisionOnDemandParameterArrayInput is an input type that accepts SynchronizationJobProvisionOnDemandParameterArray and SynchronizationJobProvisionOnDemandParameterArrayOutput values. +// You can construct a concrete instance of `SynchronizationJobProvisionOnDemandParameterArrayInput` via: +// +// SynchronizationJobProvisionOnDemandParameterArray{ SynchronizationJobProvisionOnDemandParameterArgs{...} } +type SynchronizationJobProvisionOnDemandParameterArrayInput interface { + pulumi.Input + + ToSynchronizationJobProvisionOnDemandParameterArrayOutput() SynchronizationJobProvisionOnDemandParameterArrayOutput + ToSynchronizationJobProvisionOnDemandParameterArrayOutputWithContext(context.Context) SynchronizationJobProvisionOnDemandParameterArrayOutput +} + +type SynchronizationJobProvisionOnDemandParameterArray []SynchronizationJobProvisionOnDemandParameterInput + +func (SynchronizationJobProvisionOnDemandParameterArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]SynchronizationJobProvisionOnDemandParameter)(nil)).Elem() +} + +func (i SynchronizationJobProvisionOnDemandParameterArray) ToSynchronizationJobProvisionOnDemandParameterArrayOutput() SynchronizationJobProvisionOnDemandParameterArrayOutput { + return i.ToSynchronizationJobProvisionOnDemandParameterArrayOutputWithContext(context.Background()) +} + +func (i SynchronizationJobProvisionOnDemandParameterArray) ToSynchronizationJobProvisionOnDemandParameterArrayOutputWithContext(ctx context.Context) SynchronizationJobProvisionOnDemandParameterArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationJobProvisionOnDemandParameterArrayOutput) +} + +type SynchronizationJobProvisionOnDemandParameterOutput struct{ *pulumi.OutputState } + +func (SynchronizationJobProvisionOnDemandParameterOutput) ElementType() reflect.Type { + return reflect.TypeOf((*SynchronizationJobProvisionOnDemandParameter)(nil)).Elem() +} + +func (o SynchronizationJobProvisionOnDemandParameterOutput) ToSynchronizationJobProvisionOnDemandParameterOutput() SynchronizationJobProvisionOnDemandParameterOutput { + return o +} + +func (o SynchronizationJobProvisionOnDemandParameterOutput) ToSynchronizationJobProvisionOnDemandParameterOutputWithContext(ctx context.Context) SynchronizationJobProvisionOnDemandParameterOutput { + return o +} + +// The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. +func (o SynchronizationJobProvisionOnDemandParameterOutput) RuleId() pulumi.StringOutput { + return o.ApplyT(func(v SynchronizationJobProvisionOnDemandParameter) string { return v.RuleId }).(pulumi.StringOutput) +} + +// One or more `subject` blocks as documented below. +func (o SynchronizationJobProvisionOnDemandParameterOutput) Subjects() SynchronizationJobProvisionOnDemandParameterSubjectArrayOutput { + return o.ApplyT(func(v SynchronizationJobProvisionOnDemandParameter) []SynchronizationJobProvisionOnDemandParameterSubject { + return v.Subjects + }).(SynchronizationJobProvisionOnDemandParameterSubjectArrayOutput) +} + +type SynchronizationJobProvisionOnDemandParameterArrayOutput struct{ *pulumi.OutputState } + +func (SynchronizationJobProvisionOnDemandParameterArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]SynchronizationJobProvisionOnDemandParameter)(nil)).Elem() +} + +func (o SynchronizationJobProvisionOnDemandParameterArrayOutput) ToSynchronizationJobProvisionOnDemandParameterArrayOutput() SynchronizationJobProvisionOnDemandParameterArrayOutput { + return o +} + +func (o SynchronizationJobProvisionOnDemandParameterArrayOutput) ToSynchronizationJobProvisionOnDemandParameterArrayOutputWithContext(ctx context.Context) SynchronizationJobProvisionOnDemandParameterArrayOutput { + return o +} + +func (o SynchronizationJobProvisionOnDemandParameterArrayOutput) Index(i pulumi.IntInput) SynchronizationJobProvisionOnDemandParameterOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) SynchronizationJobProvisionOnDemandParameter { + return vs[0].([]SynchronizationJobProvisionOnDemandParameter)[vs[1].(int)] + }).(SynchronizationJobProvisionOnDemandParameterOutput) +} + +type SynchronizationJobProvisionOnDemandParameterSubject struct { + // The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + ObjectId string `pulumi:"objectId"` + // The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + ObjectTypeName string `pulumi:"objectTypeName"` +} + +// SynchronizationJobProvisionOnDemandParameterSubjectInput is an input type that accepts SynchronizationJobProvisionOnDemandParameterSubjectArgs and SynchronizationJobProvisionOnDemandParameterSubjectOutput values. +// You can construct a concrete instance of `SynchronizationJobProvisionOnDemandParameterSubjectInput` via: +// +// SynchronizationJobProvisionOnDemandParameterSubjectArgs{...} +type SynchronizationJobProvisionOnDemandParameterSubjectInput interface { + pulumi.Input + + ToSynchronizationJobProvisionOnDemandParameterSubjectOutput() SynchronizationJobProvisionOnDemandParameterSubjectOutput + ToSynchronizationJobProvisionOnDemandParameterSubjectOutputWithContext(context.Context) SynchronizationJobProvisionOnDemandParameterSubjectOutput +} + +type SynchronizationJobProvisionOnDemandParameterSubjectArgs struct { + // The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + ObjectId pulumi.StringInput `pulumi:"objectId"` + // The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + ObjectTypeName pulumi.StringInput `pulumi:"objectTypeName"` +} + +func (SynchronizationJobProvisionOnDemandParameterSubjectArgs) ElementType() reflect.Type { + return reflect.TypeOf((*SynchronizationJobProvisionOnDemandParameterSubject)(nil)).Elem() +} + +func (i SynchronizationJobProvisionOnDemandParameterSubjectArgs) ToSynchronizationJobProvisionOnDemandParameterSubjectOutput() SynchronizationJobProvisionOnDemandParameterSubjectOutput { + return i.ToSynchronizationJobProvisionOnDemandParameterSubjectOutputWithContext(context.Background()) +} + +func (i SynchronizationJobProvisionOnDemandParameterSubjectArgs) ToSynchronizationJobProvisionOnDemandParameterSubjectOutputWithContext(ctx context.Context) SynchronizationJobProvisionOnDemandParameterSubjectOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationJobProvisionOnDemandParameterSubjectOutput) +} + +// SynchronizationJobProvisionOnDemandParameterSubjectArrayInput is an input type that accepts SynchronizationJobProvisionOnDemandParameterSubjectArray and SynchronizationJobProvisionOnDemandParameterSubjectArrayOutput values. +// You can construct a concrete instance of `SynchronizationJobProvisionOnDemandParameterSubjectArrayInput` via: +// +// SynchronizationJobProvisionOnDemandParameterSubjectArray{ SynchronizationJobProvisionOnDemandParameterSubjectArgs{...} } +type SynchronizationJobProvisionOnDemandParameterSubjectArrayInput interface { + pulumi.Input + + ToSynchronizationJobProvisionOnDemandParameterSubjectArrayOutput() SynchronizationJobProvisionOnDemandParameterSubjectArrayOutput + ToSynchronizationJobProvisionOnDemandParameterSubjectArrayOutputWithContext(context.Context) SynchronizationJobProvisionOnDemandParameterSubjectArrayOutput +} + +type SynchronizationJobProvisionOnDemandParameterSubjectArray []SynchronizationJobProvisionOnDemandParameterSubjectInput + +func (SynchronizationJobProvisionOnDemandParameterSubjectArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]SynchronizationJobProvisionOnDemandParameterSubject)(nil)).Elem() +} + +func (i SynchronizationJobProvisionOnDemandParameterSubjectArray) ToSynchronizationJobProvisionOnDemandParameterSubjectArrayOutput() SynchronizationJobProvisionOnDemandParameterSubjectArrayOutput { + return i.ToSynchronizationJobProvisionOnDemandParameterSubjectArrayOutputWithContext(context.Background()) +} + +func (i SynchronizationJobProvisionOnDemandParameterSubjectArray) ToSynchronizationJobProvisionOnDemandParameterSubjectArrayOutputWithContext(ctx context.Context) SynchronizationJobProvisionOnDemandParameterSubjectArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationJobProvisionOnDemandParameterSubjectArrayOutput) +} + +type SynchronizationJobProvisionOnDemandParameterSubjectOutput struct{ *pulumi.OutputState } + +func (SynchronizationJobProvisionOnDemandParameterSubjectOutput) ElementType() reflect.Type { + return reflect.TypeOf((*SynchronizationJobProvisionOnDemandParameterSubject)(nil)).Elem() +} + +func (o SynchronizationJobProvisionOnDemandParameterSubjectOutput) ToSynchronizationJobProvisionOnDemandParameterSubjectOutput() SynchronizationJobProvisionOnDemandParameterSubjectOutput { + return o +} + +func (o SynchronizationJobProvisionOnDemandParameterSubjectOutput) ToSynchronizationJobProvisionOnDemandParameterSubjectOutputWithContext(ctx context.Context) SynchronizationJobProvisionOnDemandParameterSubjectOutput { + return o +} + +// The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. +func (o SynchronizationJobProvisionOnDemandParameterSubjectOutput) ObjectId() pulumi.StringOutput { + return o.ApplyT(func(v SynchronizationJobProvisionOnDemandParameterSubject) string { return v.ObjectId }).(pulumi.StringOutput) +} + +// The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. +func (o SynchronizationJobProvisionOnDemandParameterSubjectOutput) ObjectTypeName() pulumi.StringOutput { + return o.ApplyT(func(v SynchronizationJobProvisionOnDemandParameterSubject) string { return v.ObjectTypeName }).(pulumi.StringOutput) +} + +type SynchronizationJobProvisionOnDemandParameterSubjectArrayOutput struct{ *pulumi.OutputState } + +func (SynchronizationJobProvisionOnDemandParameterSubjectArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]SynchronizationJobProvisionOnDemandParameterSubject)(nil)).Elem() +} + +func (o SynchronizationJobProvisionOnDemandParameterSubjectArrayOutput) ToSynchronizationJobProvisionOnDemandParameterSubjectArrayOutput() SynchronizationJobProvisionOnDemandParameterSubjectArrayOutput { + return o +} + +func (o SynchronizationJobProvisionOnDemandParameterSubjectArrayOutput) ToSynchronizationJobProvisionOnDemandParameterSubjectArrayOutputWithContext(ctx context.Context) SynchronizationJobProvisionOnDemandParameterSubjectArrayOutput { + return o +} + +func (o SynchronizationJobProvisionOnDemandParameterSubjectArrayOutput) Index(i pulumi.IntInput) SynchronizationJobProvisionOnDemandParameterSubjectOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) SynchronizationJobProvisionOnDemandParameterSubject { + return vs[0].([]SynchronizationJobProvisionOnDemandParameterSubject)[vs[1].(int)] + }).(SynchronizationJobProvisionOnDemandParameterSubjectOutput) +} + type SynchronizationJobSchedule struct { // Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). Expiration *string `pulumi:"expiration"` @@ -11539,6 +15001,42 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*CustomDirectoryRolePermissionArrayInput)(nil)).Elem(), CustomDirectoryRolePermissionArray{}) pulumi.RegisterInputType(reflect.TypeOf((*GroupDynamicMembershipInput)(nil)).Elem(), GroupDynamicMembershipArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*GroupDynamicMembershipPtrInput)(nil)).Elem(), GroupDynamicMembershipArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyActivationRulesInput)(nil)).Elem(), GroupRoleManagementPolicyActivationRulesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyActivationRulesPtrInput)(nil)).Elem(), GroupRoleManagementPolicyActivationRulesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyActivationRulesApprovalStageInput)(nil)).Elem(), GroupRoleManagementPolicyActivationRulesApprovalStageArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyActivationRulesApprovalStagePtrInput)(nil)).Elem(), GroupRoleManagementPolicyActivationRulesApprovalStageArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverInput)(nil)).Elem(), GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayInput)(nil)).Elem(), GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyActiveAssignmentRulesInput)(nil)).Elem(), GroupRoleManagementPolicyActiveAssignmentRulesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyActiveAssignmentRulesPtrInput)(nil)).Elem(), GroupRoleManagementPolicyActiveAssignmentRulesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyEligibleAssignmentRulesInput)(nil)).Elem(), GroupRoleManagementPolicyEligibleAssignmentRulesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyEligibleAssignmentRulesPtrInput)(nil)).Elem(), GroupRoleManagementPolicyEligibleAssignmentRulesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesPtrInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesActiveAssignmentsInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleActivationsInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrInput)(nil)).Elem(), GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*InvitationMessageInput)(nil)).Elem(), InvitationMessageArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*InvitationMessagePtrInput)(nil)).Elem(), InvitationMessageArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*NamedLocationCountryInput)(nil)).Elem(), NamedLocationCountryArgs{}) @@ -11555,6 +15053,10 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*ServicePrincipalOauth2PermissionScopeArrayInput)(nil)).Elem(), ServicePrincipalOauth2PermissionScopeArray{}) pulumi.RegisterInputType(reflect.TypeOf((*ServicePrincipalSamlSingleSignOnInput)(nil)).Elem(), ServicePrincipalSamlSingleSignOnArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ServicePrincipalSamlSingleSignOnPtrInput)(nil)).Elem(), ServicePrincipalSamlSingleSignOnArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationJobProvisionOnDemandParameterInput)(nil)).Elem(), SynchronizationJobProvisionOnDemandParameterArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationJobProvisionOnDemandParameterArrayInput)(nil)).Elem(), SynchronizationJobProvisionOnDemandParameterArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationJobProvisionOnDemandParameterSubjectInput)(nil)).Elem(), SynchronizationJobProvisionOnDemandParameterSubjectArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationJobProvisionOnDemandParameterSubjectArrayInput)(nil)).Elem(), SynchronizationJobProvisionOnDemandParameterSubjectArray{}) pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationJobScheduleInput)(nil)).Elem(), SynchronizationJobScheduleArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationJobScheduleArrayInput)(nil)).Elem(), SynchronizationJobScheduleArray{}) pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationSecretCredentialInput)(nil)).Elem(), SynchronizationSecretCredentialArgs{}) @@ -11699,6 +15201,42 @@ func init() { pulumi.RegisterOutputType(CustomDirectoryRolePermissionArrayOutput{}) pulumi.RegisterOutputType(GroupDynamicMembershipOutput{}) pulumi.RegisterOutputType(GroupDynamicMembershipPtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyActivationRulesOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyActivationRulesPtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyActivationRulesApprovalStageOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyActivationRulesApprovalStagePtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArrayOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyActiveAssignmentRulesOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyActiveAssignmentRulesPtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyEligibleAssignmentRulesOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyEligibleAssignmentRulesPtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesPtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsPtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsPtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsPtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsPtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesEligibleActivationsOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesEligibleActivationsPtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsPtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsPtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsPtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsPtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsPtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsPtrOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsOutput{}) + pulumi.RegisterOutputType(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsPtrOutput{}) pulumi.RegisterOutputType(InvitationMessageOutput{}) pulumi.RegisterOutputType(InvitationMessagePtrOutput{}) pulumi.RegisterOutputType(NamedLocationCountryOutput{}) @@ -11715,6 +15253,10 @@ func init() { pulumi.RegisterOutputType(ServicePrincipalOauth2PermissionScopeArrayOutput{}) pulumi.RegisterOutputType(ServicePrincipalSamlSingleSignOnOutput{}) pulumi.RegisterOutputType(ServicePrincipalSamlSingleSignOnPtrOutput{}) + pulumi.RegisterOutputType(SynchronizationJobProvisionOnDemandParameterOutput{}) + pulumi.RegisterOutputType(SynchronizationJobProvisionOnDemandParameterArrayOutput{}) + pulumi.RegisterOutputType(SynchronizationJobProvisionOnDemandParameterSubjectOutput{}) + pulumi.RegisterOutputType(SynchronizationJobProvisionOnDemandParameterSubjectArrayOutput{}) pulumi.RegisterOutputType(SynchronizationJobScheduleOutput{}) pulumi.RegisterOutputType(SynchronizationJobScheduleArrayOutput{}) pulumi.RegisterOutputType(SynchronizationSecretCredentialOutput{}) diff --git a/sdk/go/azuread/synchronizationJobProvisionOnDemand.go b/sdk/go/azuread/synchronizationJobProvisionOnDemand.go new file mode 100644 index 000000000..507326b37 --- /dev/null +++ b/sdk/go/azuread/synchronizationJobProvisionOnDemand.go @@ -0,0 +1,380 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package azuread + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Manages synchronization job on demand provisioning associated with a service principal (enterprise application) within Azure Active Directory. +// +// ## API Permissions +// +// The following API permissions are required in order to use this resource. +// +// When authenticated with a service principal, this resource requires one of the following application roles: `Synchronization.ReadWrite.All` +// +// ## Example Usage +// +// *Basic example* +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// current, err := azuread.GetClientConfig(ctx, nil, nil) +// if err != nil { +// return err +// } +// exampleGroup, err := azuread.NewGroup(ctx, "example", &azuread.GroupArgs{ +// DisplayName: pulumi.String("example"), +// Owners: pulumi.StringArray{ +// pulumi.String(current.ObjectId), +// }, +// SecurityEnabled: pulumi.Bool(true), +// }) +// if err != nil { +// return err +// } +// example, err := azuread.GetApplicationTemplate(ctx, &azuread.GetApplicationTemplateArgs{ +// DisplayName: pulumi.StringRef("Azure Databricks SCIM Provisioning Connector"), +// }, nil) +// if err != nil { +// return err +// } +// exampleApplication, err := azuread.NewApplication(ctx, "example", &azuread.ApplicationArgs{ +// DisplayName: pulumi.String("example"), +// TemplateId: pulumi.String(example.TemplateId), +// FeatureTags: azuread.ApplicationFeatureTagArray{ +// &azuread.ApplicationFeatureTagArgs{ +// Enterprise: pulumi.Bool(true), +// Gallery: pulumi.Bool(true), +// }, +// }, +// }) +// if err != nil { +// return err +// } +// exampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, "example", &azuread.ServicePrincipalArgs{ +// ClientId: exampleApplication.ClientId, +// UseExisting: pulumi.Bool(true), +// }) +// if err != nil { +// return err +// } +// _, err = azuread.NewSynchronizationSecret(ctx, "example", &azuread.SynchronizationSecretArgs{ +// ServicePrincipalId: exampleServicePrincipal.ID(), +// Credentials: azuread.SynchronizationSecretCredentialArray{ +// &azuread.SynchronizationSecretCredentialArgs{ +// Key: pulumi.String("BaseAddress"), +// Value: pulumi.String("https://adb-example.azuredatabricks.net/api/2.0/preview/scim"), +// }, +// &azuread.SynchronizationSecretCredentialArgs{ +// Key: pulumi.String("SecretToken"), +// Value: pulumi.String("some-token"), +// }, +// }, +// }) +// if err != nil { +// return err +// } +// exampleSynchronizationJob, err := azuread.NewSynchronizationJob(ctx, "example", &azuread.SynchronizationJobArgs{ +// ServicePrincipalId: exampleServicePrincipal.ID(), +// TemplateId: pulumi.String("dataBricks"), +// Enabled: pulumi.Bool(true), +// }) +// if err != nil { +// return err +// } +// _, err = azuread.NewSynchronizationJobProvisionOnDemand(ctx, "example", &azuread.SynchronizationJobProvisionOnDemandArgs{ +// ServicePrincipalId: exampleServicePrincipal.ID(), +// SynchronizationJobId: exampleSynchronizationJob.ID(), +// Parameters: azuread.SynchronizationJobProvisionOnDemandParameterArray{ +// &azuread.SynchronizationJobProvisionOnDemandParameterArgs{ +// RuleId: pulumi.String(""), +// Subjects: azuread.SynchronizationJobProvisionOnDemandParameterSubjectArray{ +// &azuread.SynchronizationJobProvisionOnDemandParameterSubjectArgs{ +// ObjectId: exampleGroup.ObjectId, +// ObjectTypeName: pulumi.String("Group"), +// }, +// }, +// }, +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// This resource does not support importing. +type SynchronizationJobProvisionOnDemand struct { + pulumi.CustomResourceState + + // One or more `parameter` blocks as documented below. + Parameters SynchronizationJobProvisionOnDemandParameterArrayOutput `pulumi:"parameters"` + // The object ID of the service principal for the synchronization job. + ServicePrincipalId pulumi.StringOutput `pulumi:"servicePrincipalId"` + // Identifier of the synchronization template this job is based on. + SynchronizationJobId pulumi.StringOutput `pulumi:"synchronizationJobId"` + Triggers pulumi.StringMapOutput `pulumi:"triggers"` +} + +// NewSynchronizationJobProvisionOnDemand registers a new resource with the given unique name, arguments, and options. +func NewSynchronizationJobProvisionOnDemand(ctx *pulumi.Context, + name string, args *SynchronizationJobProvisionOnDemandArgs, opts ...pulumi.ResourceOption) (*SynchronizationJobProvisionOnDemand, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.Parameters == nil { + return nil, errors.New("invalid value for required argument 'Parameters'") + } + if args.ServicePrincipalId == nil { + return nil, errors.New("invalid value for required argument 'ServicePrincipalId'") + } + if args.SynchronizationJobId == nil { + return nil, errors.New("invalid value for required argument 'SynchronizationJobId'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource SynchronizationJobProvisionOnDemand + err := ctx.RegisterResource("azuread:index/synchronizationJobProvisionOnDemand:SynchronizationJobProvisionOnDemand", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetSynchronizationJobProvisionOnDemand gets an existing SynchronizationJobProvisionOnDemand resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetSynchronizationJobProvisionOnDemand(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *SynchronizationJobProvisionOnDemandState, opts ...pulumi.ResourceOption) (*SynchronizationJobProvisionOnDemand, error) { + var resource SynchronizationJobProvisionOnDemand + err := ctx.ReadResource("azuread:index/synchronizationJobProvisionOnDemand:SynchronizationJobProvisionOnDemand", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering SynchronizationJobProvisionOnDemand resources. +type synchronizationJobProvisionOnDemandState struct { + // One or more `parameter` blocks as documented below. + Parameters []SynchronizationJobProvisionOnDemandParameter `pulumi:"parameters"` + // The object ID of the service principal for the synchronization job. + ServicePrincipalId *string `pulumi:"servicePrincipalId"` + // Identifier of the synchronization template this job is based on. + SynchronizationJobId *string `pulumi:"synchronizationJobId"` + Triggers map[string]string `pulumi:"triggers"` +} + +type SynchronizationJobProvisionOnDemandState struct { + // One or more `parameter` blocks as documented below. + Parameters SynchronizationJobProvisionOnDemandParameterArrayInput + // The object ID of the service principal for the synchronization job. + ServicePrincipalId pulumi.StringPtrInput + // Identifier of the synchronization template this job is based on. + SynchronizationJobId pulumi.StringPtrInput + Triggers pulumi.StringMapInput +} + +func (SynchronizationJobProvisionOnDemandState) ElementType() reflect.Type { + return reflect.TypeOf((*synchronizationJobProvisionOnDemandState)(nil)).Elem() +} + +type synchronizationJobProvisionOnDemandArgs struct { + // One or more `parameter` blocks as documented below. + Parameters []SynchronizationJobProvisionOnDemandParameter `pulumi:"parameters"` + // The object ID of the service principal for the synchronization job. + ServicePrincipalId string `pulumi:"servicePrincipalId"` + // Identifier of the synchronization template this job is based on. + SynchronizationJobId string `pulumi:"synchronizationJobId"` + Triggers map[string]string `pulumi:"triggers"` +} + +// The set of arguments for constructing a SynchronizationJobProvisionOnDemand resource. +type SynchronizationJobProvisionOnDemandArgs struct { + // One or more `parameter` blocks as documented below. + Parameters SynchronizationJobProvisionOnDemandParameterArrayInput + // The object ID of the service principal for the synchronization job. + ServicePrincipalId pulumi.StringInput + // Identifier of the synchronization template this job is based on. + SynchronizationJobId pulumi.StringInput + Triggers pulumi.StringMapInput +} + +func (SynchronizationJobProvisionOnDemandArgs) ElementType() reflect.Type { + return reflect.TypeOf((*synchronizationJobProvisionOnDemandArgs)(nil)).Elem() +} + +type SynchronizationJobProvisionOnDemandInput interface { + pulumi.Input + + ToSynchronizationJobProvisionOnDemandOutput() SynchronizationJobProvisionOnDemandOutput + ToSynchronizationJobProvisionOnDemandOutputWithContext(ctx context.Context) SynchronizationJobProvisionOnDemandOutput +} + +func (*SynchronizationJobProvisionOnDemand) ElementType() reflect.Type { + return reflect.TypeOf((**SynchronizationJobProvisionOnDemand)(nil)).Elem() +} + +func (i *SynchronizationJobProvisionOnDemand) ToSynchronizationJobProvisionOnDemandOutput() SynchronizationJobProvisionOnDemandOutput { + return i.ToSynchronizationJobProvisionOnDemandOutputWithContext(context.Background()) +} + +func (i *SynchronizationJobProvisionOnDemand) ToSynchronizationJobProvisionOnDemandOutputWithContext(ctx context.Context) SynchronizationJobProvisionOnDemandOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationJobProvisionOnDemandOutput) +} + +// SynchronizationJobProvisionOnDemandArrayInput is an input type that accepts SynchronizationJobProvisionOnDemandArray and SynchronizationJobProvisionOnDemandArrayOutput values. +// You can construct a concrete instance of `SynchronizationJobProvisionOnDemandArrayInput` via: +// +// SynchronizationJobProvisionOnDemandArray{ SynchronizationJobProvisionOnDemandArgs{...} } +type SynchronizationJobProvisionOnDemandArrayInput interface { + pulumi.Input + + ToSynchronizationJobProvisionOnDemandArrayOutput() SynchronizationJobProvisionOnDemandArrayOutput + ToSynchronizationJobProvisionOnDemandArrayOutputWithContext(context.Context) SynchronizationJobProvisionOnDemandArrayOutput +} + +type SynchronizationJobProvisionOnDemandArray []SynchronizationJobProvisionOnDemandInput + +func (SynchronizationJobProvisionOnDemandArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SynchronizationJobProvisionOnDemand)(nil)).Elem() +} + +func (i SynchronizationJobProvisionOnDemandArray) ToSynchronizationJobProvisionOnDemandArrayOutput() SynchronizationJobProvisionOnDemandArrayOutput { + return i.ToSynchronizationJobProvisionOnDemandArrayOutputWithContext(context.Background()) +} + +func (i SynchronizationJobProvisionOnDemandArray) ToSynchronizationJobProvisionOnDemandArrayOutputWithContext(ctx context.Context) SynchronizationJobProvisionOnDemandArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationJobProvisionOnDemandArrayOutput) +} + +// SynchronizationJobProvisionOnDemandMapInput is an input type that accepts SynchronizationJobProvisionOnDemandMap and SynchronizationJobProvisionOnDemandMapOutput values. +// You can construct a concrete instance of `SynchronizationJobProvisionOnDemandMapInput` via: +// +// SynchronizationJobProvisionOnDemandMap{ "key": SynchronizationJobProvisionOnDemandArgs{...} } +type SynchronizationJobProvisionOnDemandMapInput interface { + pulumi.Input + + ToSynchronizationJobProvisionOnDemandMapOutput() SynchronizationJobProvisionOnDemandMapOutput + ToSynchronizationJobProvisionOnDemandMapOutputWithContext(context.Context) SynchronizationJobProvisionOnDemandMapOutput +} + +type SynchronizationJobProvisionOnDemandMap map[string]SynchronizationJobProvisionOnDemandInput + +func (SynchronizationJobProvisionOnDemandMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SynchronizationJobProvisionOnDemand)(nil)).Elem() +} + +func (i SynchronizationJobProvisionOnDemandMap) ToSynchronizationJobProvisionOnDemandMapOutput() SynchronizationJobProvisionOnDemandMapOutput { + return i.ToSynchronizationJobProvisionOnDemandMapOutputWithContext(context.Background()) +} + +func (i SynchronizationJobProvisionOnDemandMap) ToSynchronizationJobProvisionOnDemandMapOutputWithContext(ctx context.Context) SynchronizationJobProvisionOnDemandMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(SynchronizationJobProvisionOnDemandMapOutput) +} + +type SynchronizationJobProvisionOnDemandOutput struct{ *pulumi.OutputState } + +func (SynchronizationJobProvisionOnDemandOutput) ElementType() reflect.Type { + return reflect.TypeOf((**SynchronizationJobProvisionOnDemand)(nil)).Elem() +} + +func (o SynchronizationJobProvisionOnDemandOutput) ToSynchronizationJobProvisionOnDemandOutput() SynchronizationJobProvisionOnDemandOutput { + return o +} + +func (o SynchronizationJobProvisionOnDemandOutput) ToSynchronizationJobProvisionOnDemandOutputWithContext(ctx context.Context) SynchronizationJobProvisionOnDemandOutput { + return o +} + +// One or more `parameter` blocks as documented below. +func (o SynchronizationJobProvisionOnDemandOutput) Parameters() SynchronizationJobProvisionOnDemandParameterArrayOutput { + return o.ApplyT(func(v *SynchronizationJobProvisionOnDemand) SynchronizationJobProvisionOnDemandParameterArrayOutput { + return v.Parameters + }).(SynchronizationJobProvisionOnDemandParameterArrayOutput) +} + +// The object ID of the service principal for the synchronization job. +func (o SynchronizationJobProvisionOnDemandOutput) ServicePrincipalId() pulumi.StringOutput { + return o.ApplyT(func(v *SynchronizationJobProvisionOnDemand) pulumi.StringOutput { return v.ServicePrincipalId }).(pulumi.StringOutput) +} + +// Identifier of the synchronization template this job is based on. +func (o SynchronizationJobProvisionOnDemandOutput) SynchronizationJobId() pulumi.StringOutput { + return o.ApplyT(func(v *SynchronizationJobProvisionOnDemand) pulumi.StringOutput { return v.SynchronizationJobId }).(pulumi.StringOutput) +} + +func (o SynchronizationJobProvisionOnDemandOutput) Triggers() pulumi.StringMapOutput { + return o.ApplyT(func(v *SynchronizationJobProvisionOnDemand) pulumi.StringMapOutput { return v.Triggers }).(pulumi.StringMapOutput) +} + +type SynchronizationJobProvisionOnDemandArrayOutput struct{ *pulumi.OutputState } + +func (SynchronizationJobProvisionOnDemandArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SynchronizationJobProvisionOnDemand)(nil)).Elem() +} + +func (o SynchronizationJobProvisionOnDemandArrayOutput) ToSynchronizationJobProvisionOnDemandArrayOutput() SynchronizationJobProvisionOnDemandArrayOutput { + return o +} + +func (o SynchronizationJobProvisionOnDemandArrayOutput) ToSynchronizationJobProvisionOnDemandArrayOutputWithContext(ctx context.Context) SynchronizationJobProvisionOnDemandArrayOutput { + return o +} + +func (o SynchronizationJobProvisionOnDemandArrayOutput) Index(i pulumi.IntInput) SynchronizationJobProvisionOnDemandOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *SynchronizationJobProvisionOnDemand { + return vs[0].([]*SynchronizationJobProvisionOnDemand)[vs[1].(int)] + }).(SynchronizationJobProvisionOnDemandOutput) +} + +type SynchronizationJobProvisionOnDemandMapOutput struct{ *pulumi.OutputState } + +func (SynchronizationJobProvisionOnDemandMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SynchronizationJobProvisionOnDemand)(nil)).Elem() +} + +func (o SynchronizationJobProvisionOnDemandMapOutput) ToSynchronizationJobProvisionOnDemandMapOutput() SynchronizationJobProvisionOnDemandMapOutput { + return o +} + +func (o SynchronizationJobProvisionOnDemandMapOutput) ToSynchronizationJobProvisionOnDemandMapOutputWithContext(ctx context.Context) SynchronizationJobProvisionOnDemandMapOutput { + return o +} + +func (o SynchronizationJobProvisionOnDemandMapOutput) MapIndex(k pulumi.StringInput) SynchronizationJobProvisionOnDemandOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *SynchronizationJobProvisionOnDemand { + return vs[0].(map[string]*SynchronizationJobProvisionOnDemand)[vs[1].(string)] + }).(SynchronizationJobProvisionOnDemandOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationJobProvisionOnDemandInput)(nil)).Elem(), &SynchronizationJobProvisionOnDemand{}) + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationJobProvisionOnDemandArrayInput)(nil)).Elem(), SynchronizationJobProvisionOnDemandArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SynchronizationJobProvisionOnDemandMapInput)(nil)).Elem(), SynchronizationJobProvisionOnDemandMap{}) + pulumi.RegisterOutputType(SynchronizationJobProvisionOnDemandOutput{}) + pulumi.RegisterOutputType(SynchronizationJobProvisionOnDemandArrayOutput{}) + pulumi.RegisterOutputType(SynchronizationJobProvisionOnDemandMapOutput{}) +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/Application.java b/sdk/java/src/main/java/com/pulumi/azuread/Application.java index 0295f46dd..3de68b59b 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/Application.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/Application.java @@ -398,14 +398,14 @@ public Output> featureTags() { return this.featureTags; } /** - * Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + * A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. * */ @Export(name="groupMembershipClaims", refs={List.class,String.class}, tree="[0,1]") private Output> groupMembershipClaims; /** - * @return Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + * @return A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. * */ public Output>> groupMembershipClaims() { diff --git a/sdk/java/src/main/java/com/pulumi/azuread/ApplicationArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/ApplicationArgs.java index 085cd5cb3..08fbd3f3a 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/ApplicationArgs.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/ApplicationArgs.java @@ -136,14 +136,14 @@ public Optional>> featureTags() { } /** - * Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + * A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. * */ @Import(name="groupMembershipClaims") private @Nullable Output> groupMembershipClaims; /** - * @return Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + * @return A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. * */ public Optional>> groupMembershipClaims() { @@ -675,7 +675,7 @@ public Builder featureTags(ApplicationFeatureTagArgs... featureTags) { } /** - * @param groupMembershipClaims Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + * @param groupMembershipClaims A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. * * @return builder * @@ -686,7 +686,7 @@ public Builder groupMembershipClaims(@Nullable Output> groupMembers } /** - * @param groupMembershipClaims Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + * @param groupMembershipClaims A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. * * @return builder * @@ -696,7 +696,7 @@ public Builder groupMembershipClaims(List groupMembershipClaims) { } /** - * @param groupMembershipClaims Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + * @param groupMembershipClaims A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/azuread/AzureadFunctions.java b/sdk/java/src/main/java/com/pulumi/azuread/AzureadFunctions.java index fd5273996..fa59cac4a 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/AzureadFunctions.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/AzureadFunctions.java @@ -22,6 +22,8 @@ import com.pulumi.azuread.inputs.GetDomainsPlainArgs; import com.pulumi.azuread.inputs.GetGroupArgs; import com.pulumi.azuread.inputs.GetGroupPlainArgs; +import com.pulumi.azuread.inputs.GetGroupRoleManagementPolicyArgs; +import com.pulumi.azuread.inputs.GetGroupRoleManagementPolicyPlainArgs; import com.pulumi.azuread.inputs.GetGroupsArgs; import com.pulumi.azuread.inputs.GetGroupsPlainArgs; import com.pulumi.azuread.inputs.GetNamedLocationArgs; @@ -47,6 +49,7 @@ import com.pulumi.azuread.outputs.GetDirectoryRolesResult; import com.pulumi.azuread.outputs.GetDomainsResult; import com.pulumi.azuread.outputs.GetGroupResult; +import com.pulumi.azuread.outputs.GetGroupRoleManagementPolicyResult; import com.pulumi.azuread.outputs.GetGroupsResult; import com.pulumi.azuread.outputs.GetNamedLocationResult; import com.pulumi.azuread.outputs.GetServicePrincipalResult; @@ -5025,6 +5028,238 @@ public static Output getGroup(GetGroupArgs args, InvokeOptions o public static CompletableFuture getGroupPlain(GetGroupPlainArgs args, InvokeOptions options) { return Deployment.getInstance().invokeAsync("azuread:index/getGroup:getGroup", TypeShape.of(GetGroupResult.class), args, Utilities.withVersion(options)); } + /** + * Use this data source to retrieve a role policy for an Azure AD group. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires the `RoleManagementPolicy.Read.AzureADGroup` Microsoft Graph API permissions. + * + * When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + *
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.azuread.Group;
+     * import com.pulumi.azuread.GroupArgs;
+     * import com.pulumi.azuread.AzureadFunctions;
+     * import com.pulumi.azuread.inputs.GetGroupRoleManagementPolicyArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         var example = new Group("example", GroupArgs.builder()        
+     *             .displayName("group-name")
+     *             .securityEnabled(true)
+     *             .build());
+     * 
+     *         final var ownersPolicy = AzureadFunctions.getGroupRoleManagementPolicy(GetGroupRoleManagementPolicyArgs.builder()
+     *             .groupId(example.id())
+     *             .roleId("owner")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     * 
+ * <!--End PulumiCodeChooser --> + * + */ + public static Output getGroupRoleManagementPolicy(GetGroupRoleManagementPolicyArgs args) { + return getGroupRoleManagementPolicy(args, InvokeOptions.Empty); + } + /** + * Use this data source to retrieve a role policy for an Azure AD group. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires the `RoleManagementPolicy.Read.AzureADGroup` Microsoft Graph API permissions. + * + * When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + *
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.azuread.Group;
+     * import com.pulumi.azuread.GroupArgs;
+     * import com.pulumi.azuread.AzureadFunctions;
+     * import com.pulumi.azuread.inputs.GetGroupRoleManagementPolicyArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         var example = new Group("example", GroupArgs.builder()        
+     *             .displayName("group-name")
+     *             .securityEnabled(true)
+     *             .build());
+     * 
+     *         final var ownersPolicy = AzureadFunctions.getGroupRoleManagementPolicy(GetGroupRoleManagementPolicyArgs.builder()
+     *             .groupId(example.id())
+     *             .roleId("owner")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     * 
+ * <!--End PulumiCodeChooser --> + * + */ + public static CompletableFuture getGroupRoleManagementPolicyPlain(GetGroupRoleManagementPolicyPlainArgs args) { + return getGroupRoleManagementPolicyPlain(args, InvokeOptions.Empty); + } + /** + * Use this data source to retrieve a role policy for an Azure AD group. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires the `RoleManagementPolicy.Read.AzureADGroup` Microsoft Graph API permissions. + * + * When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + *
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.azuread.Group;
+     * import com.pulumi.azuread.GroupArgs;
+     * import com.pulumi.azuread.AzureadFunctions;
+     * import com.pulumi.azuread.inputs.GetGroupRoleManagementPolicyArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         var example = new Group("example", GroupArgs.builder()        
+     *             .displayName("group-name")
+     *             .securityEnabled(true)
+     *             .build());
+     * 
+     *         final var ownersPolicy = AzureadFunctions.getGroupRoleManagementPolicy(GetGroupRoleManagementPolicyArgs.builder()
+     *             .groupId(example.id())
+     *             .roleId("owner")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     * 
+ * <!--End PulumiCodeChooser --> + * + */ + public static Output getGroupRoleManagementPolicy(GetGroupRoleManagementPolicyArgs args, InvokeOptions options) { + return Deployment.getInstance().invoke("azuread:index/getGroupRoleManagementPolicy:getGroupRoleManagementPolicy", TypeShape.of(GetGroupRoleManagementPolicyResult.class), args, Utilities.withVersion(options)); + } + /** + * Use this data source to retrieve a role policy for an Azure AD group. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires the `RoleManagementPolicy.Read.AzureADGroup` Microsoft Graph API permissions. + * + * When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + *
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.azuread.Group;
+     * import com.pulumi.azuread.GroupArgs;
+     * import com.pulumi.azuread.AzureadFunctions;
+     * import com.pulumi.azuread.inputs.GetGroupRoleManagementPolicyArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         var example = new Group("example", GroupArgs.builder()        
+     *             .displayName("group-name")
+     *             .securityEnabled(true)
+     *             .build());
+     * 
+     *         final var ownersPolicy = AzureadFunctions.getGroupRoleManagementPolicy(GetGroupRoleManagementPolicyArgs.builder()
+     *             .groupId(example.id())
+     *             .roleId("owner")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     * 
+ * <!--End PulumiCodeChooser --> + * + */ + public static CompletableFuture getGroupRoleManagementPolicyPlain(GetGroupRoleManagementPolicyPlainArgs args, InvokeOptions options) { + return Deployment.getInstance().invokeAsync("azuread:index/getGroupRoleManagementPolicy:getGroupRoleManagementPolicy", TypeShape.of(GetGroupRoleManagementPolicyResult.class), args, Utilities.withVersion(options)); + } /** * Gets Object IDs or Display Names for multiple Azure Active Directory groups. * @@ -7247,7 +7482,7 @@ public static CompletableFuture getServicePrincipalPl * * <!--End PulumiCodeChooser --> * - * *Look up by application IDs (client IDs* + * *Look up by application IDs (client IDs)* * * <!--Start PulumiCodeChooser --> *
@@ -7377,7 +7612,7 @@ public static Output getServicePrincipals() {
      * 
* <!--End PulumiCodeChooser --> * - * *Look up by application IDs (client IDs* + * *Look up by application IDs (client IDs)* * * <!--Start PulumiCodeChooser --> *
@@ -7507,7 +7742,7 @@ public static CompletableFuture getServicePrincipals
      * 
* <!--End PulumiCodeChooser --> * - * *Look up by application IDs (client IDs* + * *Look up by application IDs (client IDs)* * * <!--Start PulumiCodeChooser --> *
@@ -7637,7 +7872,7 @@ public static Output getServicePrincipals(GetService
      * 
* <!--End PulumiCodeChooser --> * - * *Look up by application IDs (client IDs* + * *Look up by application IDs (client IDs)* * * <!--Start PulumiCodeChooser --> *
@@ -7767,7 +8002,7 @@ public static CompletableFuture getServicePrincipals
      * 
* <!--End PulumiCodeChooser --> * - * *Look up by application IDs (client IDs* + * *Look up by application IDs (client IDs)* * * <!--Start PulumiCodeChooser --> *
@@ -7897,7 +8132,7 @@ public static Output getServicePrincipals(GetService
      * 
* <!--End PulumiCodeChooser --> * - * *Look up by application IDs (client IDs* + * *Look up by application IDs (client IDs)* * * <!--Start PulumiCodeChooser --> *
diff --git a/sdk/java/src/main/java/com/pulumi/azuread/Group.java b/sdk/java/src/main/java/com/pulumi/azuread/Group.java
index f518bba56..781e90092 100644
--- a/sdk/java/src/main/java/com/pulumi/azuread/Group.java
+++ b/sdk/java/src/main/java/com/pulumi/azuread/Group.java
@@ -28,7 +28,7 @@
  * 
  * Alternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`.
  * 
- * If using the `assignable_to_role` property, this resource additionally requires one of the following application roles: `RoleManagement.ReadWrite.Directory` or `Directory.ReadWrite.All`
+ * If using the `assignable_to_role` property, this resource additionally requires the `RoleManagement.ReadWrite.Directory` application role.
  * 
  * If specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All`
  * 
@@ -292,14 +292,14 @@ public Output autoSubscribeNewMembers() {
         return this.autoSubscribeNewMembers;
     }
     /**
-     * A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
+     * A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
      * 
      */
     @Export(name="behaviors", refs={List.class,String.class}, tree="[0,1]")
     private Output> behaviors;
 
     /**
-     * @return A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
+     * @return A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
      * 
      */
     public Output>> behaviors() {
diff --git a/sdk/java/src/main/java/com/pulumi/azuread/GroupArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/GroupArgs.java
index 6461ae4cc..d0da1a23c 100644
--- a/sdk/java/src/main/java/com/pulumi/azuread/GroupArgs.java
+++ b/sdk/java/src/main/java/com/pulumi/azuread/GroupArgs.java
@@ -73,14 +73,14 @@ public Optional> autoSubscribeNewMembers() {
     }
 
     /**
-     * A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
+     * A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
      * 
      */
     @Import(name="behaviors")
     private @Nullable Output> behaviors;
 
     /**
-     * @return A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
+     * @return A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
      * 
      */
     public Optional>> behaviors() {
@@ -510,7 +510,7 @@ public Builder autoSubscribeNewMembers(Boolean autoSubscribeNewMembers) {
         }
 
         /**
-         * @param behaviors A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
+         * @param behaviors A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
          * 
          * @return builder
          * 
@@ -521,7 +521,7 @@ public Builder behaviors(@Nullable Output> behaviors) {
         }
 
         /**
-         * @param behaviors A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
+         * @param behaviors A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
          * 
          * @return builder
          * 
@@ -531,7 +531,7 @@ public Builder behaviors(List behaviors) {
         }
 
         /**
-         * @param behaviors A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
+         * @param behaviors A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created.
          * 
          * @return builder
          * 
diff --git a/sdk/java/src/main/java/com/pulumi/azuread/GroupRoleManagementPolicy.java b/sdk/java/src/main/java/com/pulumi/azuread/GroupRoleManagementPolicy.java
new file mode 100644
index 000000000..f20eb7057
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/azuread/GroupRoleManagementPolicy.java
@@ -0,0 +1,273 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.azuread;
+
+import com.pulumi.azuread.GroupRoleManagementPolicyArgs;
+import com.pulumi.azuread.Utilities;
+import com.pulumi.azuread.inputs.GroupRoleManagementPolicyState;
+import com.pulumi.azuread.outputs.GroupRoleManagementPolicyActivationRules;
+import com.pulumi.azuread.outputs.GroupRoleManagementPolicyActiveAssignmentRules;
+import com.pulumi.azuread.outputs.GroupRoleManagementPolicyEligibleAssignmentRules;
+import com.pulumi.azuread.outputs.GroupRoleManagementPolicyNotificationRules;
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Export;
+import com.pulumi.core.annotations.ResourceType;
+import com.pulumi.core.internal.Codegen;
+import java.lang.String;
+import javax.annotation.Nullable;
+
+/**
+ * Manage a role policy for an Azure AD group.
+ * 
+ * ## API Permissions
+ * 
+ * The following API permissions are required in order to use this resource.
+ * 
+ * When authenticated with a service principal, this resource requires the `RoleManagementPolicy.ReadWrite.AzureADGroup` Microsoft Graph API permissions.
+ * 
+ * When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance.
+ * 
+ * ## Example Usage
+ * 
+ * <!--Start PulumiCodeChooser -->
+ * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.azuread.Group;
+ * import com.pulumi.azuread.GroupArgs;
+ * import com.pulumi.azuread.User;
+ * import com.pulumi.azuread.UserArgs;
+ * import com.pulumi.azuread.GroupRoleManagementPolicy;
+ * import com.pulumi.azuread.GroupRoleManagementPolicyArgs;
+ * import com.pulumi.azuread.inputs.GroupRoleManagementPolicyActiveAssignmentRulesArgs;
+ * import com.pulumi.azuread.inputs.GroupRoleManagementPolicyEligibleAssignmentRulesArgs;
+ * import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesArgs;
+ * import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs;
+ * import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var example = new Group("example", GroupArgs.builder()        
+ *             .displayName("group-name")
+ *             .securityEnabled(true)
+ *             .build());
+ * 
+ *         var member = new User("member", UserArgs.builder()        
+ *             .userPrincipalName("jdoe{@literal @}example.com")
+ *             .displayName("J. Doe")
+ *             .mailNickname("jdoe")
+ *             .password("SecretP{@literal @}sswd99!")
+ *             .build());
+ * 
+ *         var exampleGroupRoleManagementPolicy = new GroupRoleManagementPolicy("exampleGroupRoleManagementPolicy", GroupRoleManagementPolicyArgs.builder()        
+ *             .groupId(example.id())
+ *             .assignmentType("member")
+ *             .activeAssignmentRules(GroupRoleManagementPolicyActiveAssignmentRulesArgs.builder()
+ *                 .expireAfter("P365D")
+ *                 .build())
+ *             .eligibleAssignmentRules(GroupRoleManagementPolicyEligibleAssignmentRulesArgs.builder()
+ *                 .expirationRequired(false)
+ *                 .build())
+ *             .notificationRules(GroupRoleManagementPolicyNotificationRulesArgs.builder()
+ *                 .eligibleAssignments(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs.builder()
+ *                     .approverNotifications(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs.builder()
+ *                         .notificationLevel("Critical")
+ *                         .defaultRecipients(false)
+ *                         .additionalRecipients(                        
+ *                             "someone{@literal @}example.com",
+ *                             "someone.else{@literal @}example.com")
+ *                         .build())
+ *                     .build())
+ *                 .build())
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ * 
+ * <!--End PulumiCodeChooser --> + * + * ## Import + * + * Because these policies are created automatically by Entra ID, they will auto-import on first use. + * + */ +@ResourceType(type="azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy") +public class GroupRoleManagementPolicy extends com.pulumi.resources.CustomResource { + /** + * An `activation_rules` block as defined below. + * + */ + @Export(name="activationRules", refs={GroupRoleManagementPolicyActivationRules.class}, tree="[0]") + private Output activationRules; + + /** + * @return An `activation_rules` block as defined below. + * + */ + public Output activationRules() { + return this.activationRules; + } + /** + * An `active_assignment_rules` block as defined below. + * + */ + @Export(name="activeAssignmentRules", refs={GroupRoleManagementPolicyActiveAssignmentRules.class}, tree="[0]") + private Output activeAssignmentRules; + + /** + * @return An `active_assignment_rules` block as defined below. + * + */ + public Output activeAssignmentRules() { + return this.activeAssignmentRules; + } + /** + * (String) The description of this policy. + * + */ + @Export(name="description", refs={String.class}, tree="[0]") + private Output description; + + /** + * @return (String) The description of this policy. + * + */ + public Output description() { + return this.description; + } + /** + * (String) The display name of this policy. + * + */ + @Export(name="displayName", refs={String.class}, tree="[0]") + private Output displayName; + + /** + * @return (String) The display name of this policy. + * + */ + public Output displayName() { + return this.displayName; + } + /** + * An `eligible_assignment_rules` block as defined below. + * + */ + @Export(name="eligibleAssignmentRules", refs={GroupRoleManagementPolicyEligibleAssignmentRules.class}, tree="[0]") + private Output eligibleAssignmentRules; + + /** + * @return An `eligible_assignment_rules` block as defined below. + * + */ + public Output eligibleAssignmentRules() { + return this.eligibleAssignmentRules; + } + /** + * The ID of the Azure AD group for which the policy applies. + * + */ + @Export(name="groupId", refs={String.class}, tree="[0]") + private Output groupId; + + /** + * @return The ID of the Azure AD group for which the policy applies. + * + */ + public Output groupId() { + return this.groupId; + } + /** + * A `notification_rules` block as defined below. + * + */ + @Export(name="notificationRules", refs={GroupRoleManagementPolicyNotificationRules.class}, tree="[0]") + private Output notificationRules; + + /** + * @return A `notification_rules` block as defined below. + * + */ + public Output notificationRules() { + return this.notificationRules; + } + /** + * The type of assignment this policy coveres. Can be either `member` or `owner`. + * + */ + @Export(name="roleId", refs={String.class}, tree="[0]") + private Output roleId; + + /** + * @return The type of assignment this policy coveres. Can be either `member` or `owner`. + * + */ + public Output roleId() { + return this.roleId; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public GroupRoleManagementPolicy(String name) { + this(name, GroupRoleManagementPolicyArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public GroupRoleManagementPolicy(String name, GroupRoleManagementPolicyArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public GroupRoleManagementPolicy(String name, GroupRoleManagementPolicyArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy", name, args == null ? GroupRoleManagementPolicyArgs.Empty : args, makeResourceOptions(options, Codegen.empty())); + } + + private GroupRoleManagementPolicy(String name, Output id, @Nullable GroupRoleManagementPolicyState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy", name, state, makeResourceOptions(options, id)); + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static GroupRoleManagementPolicy get(String name, Output id, @Nullable GroupRoleManagementPolicyState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new GroupRoleManagementPolicy(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/GroupRoleManagementPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/GroupRoleManagementPolicyArgs.java new file mode 100644 index 000000000..dab5ad0e2 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/GroupRoleManagementPolicyArgs.java @@ -0,0 +1,279 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread; + +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyActivationRulesArgs; +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyActiveAssignmentRulesArgs; +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyEligibleAssignmentRulesArgs; +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesArgs; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyArgs Empty = new GroupRoleManagementPolicyArgs(); + + /** + * An `activation_rules` block as defined below. + * + */ + @Import(name="activationRules") + private @Nullable Output activationRules; + + /** + * @return An `activation_rules` block as defined below. + * + */ + public Optional> activationRules() { + return Optional.ofNullable(this.activationRules); + } + + /** + * An `active_assignment_rules` block as defined below. + * + */ + @Import(name="activeAssignmentRules") + private @Nullable Output activeAssignmentRules; + + /** + * @return An `active_assignment_rules` block as defined below. + * + */ + public Optional> activeAssignmentRules() { + return Optional.ofNullable(this.activeAssignmentRules); + } + + /** + * An `eligible_assignment_rules` block as defined below. + * + */ + @Import(name="eligibleAssignmentRules") + private @Nullable Output eligibleAssignmentRules; + + /** + * @return An `eligible_assignment_rules` block as defined below. + * + */ + public Optional> eligibleAssignmentRules() { + return Optional.ofNullable(this.eligibleAssignmentRules); + } + + /** + * The ID of the Azure AD group for which the policy applies. + * + */ + @Import(name="groupId", required=true) + private Output groupId; + + /** + * @return The ID of the Azure AD group for which the policy applies. + * + */ + public Output groupId() { + return this.groupId; + } + + /** + * A `notification_rules` block as defined below. + * + */ + @Import(name="notificationRules") + private @Nullable Output notificationRules; + + /** + * @return A `notification_rules` block as defined below. + * + */ + public Optional> notificationRules() { + return Optional.ofNullable(this.notificationRules); + } + + /** + * The type of assignment this policy coveres. Can be either `member` or `owner`. + * + */ + @Import(name="roleId", required=true) + private Output roleId; + + /** + * @return The type of assignment this policy coveres. Can be either `member` or `owner`. + * + */ + public Output roleId() { + return this.roleId; + } + + private GroupRoleManagementPolicyArgs() {} + + private GroupRoleManagementPolicyArgs(GroupRoleManagementPolicyArgs $) { + this.activationRules = $.activationRules; + this.activeAssignmentRules = $.activeAssignmentRules; + this.eligibleAssignmentRules = $.eligibleAssignmentRules; + this.groupId = $.groupId; + this.notificationRules = $.notificationRules; + this.roleId = $.roleId; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyArgs(); + } + + public Builder(GroupRoleManagementPolicyArgs defaults) { + $ = new GroupRoleManagementPolicyArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param activationRules An `activation_rules` block as defined below. + * + * @return builder + * + */ + public Builder activationRules(@Nullable Output activationRules) { + $.activationRules = activationRules; + return this; + } + + /** + * @param activationRules An `activation_rules` block as defined below. + * + * @return builder + * + */ + public Builder activationRules(GroupRoleManagementPolicyActivationRulesArgs activationRules) { + return activationRules(Output.of(activationRules)); + } + + /** + * @param activeAssignmentRules An `active_assignment_rules` block as defined below. + * + * @return builder + * + */ + public Builder activeAssignmentRules(@Nullable Output activeAssignmentRules) { + $.activeAssignmentRules = activeAssignmentRules; + return this; + } + + /** + * @param activeAssignmentRules An `active_assignment_rules` block as defined below. + * + * @return builder + * + */ + public Builder activeAssignmentRules(GroupRoleManagementPolicyActiveAssignmentRulesArgs activeAssignmentRules) { + return activeAssignmentRules(Output.of(activeAssignmentRules)); + } + + /** + * @param eligibleAssignmentRules An `eligible_assignment_rules` block as defined below. + * + * @return builder + * + */ + public Builder eligibleAssignmentRules(@Nullable Output eligibleAssignmentRules) { + $.eligibleAssignmentRules = eligibleAssignmentRules; + return this; + } + + /** + * @param eligibleAssignmentRules An `eligible_assignment_rules` block as defined below. + * + * @return builder + * + */ + public Builder eligibleAssignmentRules(GroupRoleManagementPolicyEligibleAssignmentRulesArgs eligibleAssignmentRules) { + return eligibleAssignmentRules(Output.of(eligibleAssignmentRules)); + } + + /** + * @param groupId The ID of the Azure AD group for which the policy applies. + * + * @return builder + * + */ + public Builder groupId(Output groupId) { + $.groupId = groupId; + return this; + } + + /** + * @param groupId The ID of the Azure AD group for which the policy applies. + * + * @return builder + * + */ + public Builder groupId(String groupId) { + return groupId(Output.of(groupId)); + } + + /** + * @param notificationRules A `notification_rules` block as defined below. + * + * @return builder + * + */ + public Builder notificationRules(@Nullable Output notificationRules) { + $.notificationRules = notificationRules; + return this; + } + + /** + * @param notificationRules A `notification_rules` block as defined below. + * + * @return builder + * + */ + public Builder notificationRules(GroupRoleManagementPolicyNotificationRulesArgs notificationRules) { + return notificationRules(Output.of(notificationRules)); + } + + /** + * @param roleId The type of assignment this policy coveres. Can be either `member` or `owner`. + * + * @return builder + * + */ + public Builder roleId(Output roleId) { + $.roleId = roleId; + return this; + } + + /** + * @param roleId The type of assignment this policy coveres. Can be either `member` or `owner`. + * + * @return builder + * + */ + public Builder roleId(String roleId) { + return roleId(Output.of(roleId)); + } + + public GroupRoleManagementPolicyArgs build() { + if ($.groupId == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyArgs", "groupId"); + } + if ($.roleId == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyArgs", "roleId"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/PrivilegedAccessGroupAssignmentSchedule.java b/sdk/java/src/main/java/com/pulumi/azuread/PrivilegedAccessGroupAssignmentSchedule.java new file mode 100644 index 000000000..241ef5c35 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/PrivilegedAccessGroupAssignmentSchedule.java @@ -0,0 +1,302 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread; + +import com.pulumi.azuread.PrivilegedAccessGroupAssignmentScheduleArgs; +import com.pulumi.azuread.Utilities; +import com.pulumi.azuread.inputs.PrivilegedAccessGroupAssignmentScheduleState; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import java.lang.Boolean; +import java.lang.String; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * Manages an active assignment to a privileged access group. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires the `PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup` Microsoft Graph API permissions. + * + * When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + *
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.azuread.Group;
+ * import com.pulumi.azuread.GroupArgs;
+ * import com.pulumi.azuread.User;
+ * import com.pulumi.azuread.UserArgs;
+ * import com.pulumi.azuread.PrivilegedAccessGroupAssignmentSchedule;
+ * import com.pulumi.azuread.PrivilegedAccessGroupAssignmentScheduleArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var example = new Group("example", GroupArgs.builder()        
+ *             .displayName("group-name")
+ *             .securityEnabled(true)
+ *             .build());
+ * 
+ *         var member = new User("member", UserArgs.builder()        
+ *             .userPrincipalName("jdoe{@literal @}example.com")
+ *             .displayName("J. Doe")
+ *             .mailNickname("jdoe")
+ *             .password("SecretP{@literal @}sswd99!")
+ *             .build());
+ * 
+ *         var examplePrivilegedAccessGroupAssignmentSchedule = new PrivilegedAccessGroupAssignmentSchedule("examplePrivilegedAccessGroupAssignmentSchedule", PrivilegedAccessGroupAssignmentScheduleArgs.builder()        
+ *             .groupId(pim.id())
+ *             .principalId(member.id())
+ *             .assignmentType("member")
+ *             .duration("P30D")
+ *             .justification("as requested")
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ * 
+ * <!--End PulumiCodeChooser --> + * + * ## Import + * + * An assignment schedule can be imported using the schedule ID, e.g. + * + * ```sh + * $ pulumi import azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000 + * ``` + * + */ +@ResourceType(type="azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule") +public class PrivilegedAccessGroupAssignmentSchedule extends com.pulumi.resources.CustomResource { + /** + * The type of assignment to the group. Can be either `member` or `owner`. + * + */ + @Export(name="assignmentType", refs={String.class}, tree="[0]") + private Output assignmentType; + + /** + * @return The type of assignment to the group. Can be either `member` or `owner`. + * + */ + public Output assignmentType() { + return this.assignmentType; + } + /** + * The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + */ + @Export(name="duration", refs={String.class}, tree="[0]") + private Output duration; + + /** + * @return The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + */ + public Output> duration() { + return Codegen.optional(this.duration); + } + /** + * The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + */ + @Export(name="expirationDate", refs={String.class}, tree="[0]") + private Output expirationDate; + + /** + * @return The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + */ + public Output expirationDate() { + return this.expirationDate; + } + /** + * The Object ID of the Azure AD group to which the principal will be assigned. + * + */ + @Export(name="groupId", refs={String.class}, tree="[0]") + private Output groupId; + + /** + * @return The Object ID of the Azure AD group to which the principal will be assigned. + * + */ + public Output groupId() { + return this.groupId; + } + /** + * The justification for this assignment. May be required by the role policy. + * + */ + @Export(name="justification", refs={String.class}, tree="[0]") + private Output justification; + + /** + * @return The justification for this assignment. May be required by the role policy. + * + */ + public Output> justification() { + return Codegen.optional(this.justification); + } + /** + * Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + */ + @Export(name="permanentAssignment", refs={Boolean.class}, tree="[0]") + private Output permanentAssignment; + + /** + * @return Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + */ + public Output permanentAssignment() { + return this.permanentAssignment; + } + /** + * The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + */ + @Export(name="principalId", refs={String.class}, tree="[0]") + private Output principalId; + + /** + * @return The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + */ + public Output principalId() { + return this.principalId; + } + /** + * The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + */ + @Export(name="startDate", refs={String.class}, tree="[0]") + private Output startDate; + + /** + * @return The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + */ + public Output startDate() { + return this.startDate; + } + /** + * (String) The provisioning status of this request. + * + */ + @Export(name="status", refs={String.class}, tree="[0]") + private Output status; + + /** + * @return (String) The provisioning status of this request. + * + */ + public Output status() { + return this.status; + } + /** + * The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + */ + @Export(name="ticketNumber", refs={String.class}, tree="[0]") + private Output ticketNumber; + + /** + * @return The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + */ + public Output> ticketNumber() { + return Codegen.optional(this.ticketNumber); + } + /** + * The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + */ + @Export(name="ticketSystem", refs={String.class}, tree="[0]") + private Output ticketSystem; + + /** + * @return The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + */ + public Output> ticketSystem() { + return Codegen.optional(this.ticketSystem); + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public PrivilegedAccessGroupAssignmentSchedule(String name) { + this(name, PrivilegedAccessGroupAssignmentScheduleArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public PrivilegedAccessGroupAssignmentSchedule(String name, PrivilegedAccessGroupAssignmentScheduleArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public PrivilegedAccessGroupAssignmentSchedule(String name, PrivilegedAccessGroupAssignmentScheduleArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule", name, args == null ? PrivilegedAccessGroupAssignmentScheduleArgs.Empty : args, makeResourceOptions(options, Codegen.empty())); + } + + private PrivilegedAccessGroupAssignmentSchedule(String name, Output id, @Nullable PrivilegedAccessGroupAssignmentScheduleState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule", name, state, makeResourceOptions(options, id)); + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static PrivilegedAccessGroupAssignmentSchedule get(String name, Output id, @Nullable PrivilegedAccessGroupAssignmentScheduleState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new PrivilegedAccessGroupAssignmentSchedule(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/PrivilegedAccessGroupAssignmentScheduleArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/PrivilegedAccessGroupAssignmentScheduleArgs.java new file mode 100644 index 000000000..a02e4fc08 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/PrivilegedAccessGroupAssignmentScheduleArgs.java @@ -0,0 +1,435 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class PrivilegedAccessGroupAssignmentScheduleArgs extends com.pulumi.resources.ResourceArgs { + + public static final PrivilegedAccessGroupAssignmentScheduleArgs Empty = new PrivilegedAccessGroupAssignmentScheduleArgs(); + + /** + * The type of assignment to the group. Can be either `member` or `owner`. + * + */ + @Import(name="assignmentType", required=true) + private Output assignmentType; + + /** + * @return The type of assignment to the group. Can be either `member` or `owner`. + * + */ + public Output assignmentType() { + return this.assignmentType; + } + + /** + * The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + */ + @Import(name="duration") + private @Nullable Output duration; + + /** + * @return The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + */ + public Optional> duration() { + return Optional.ofNullable(this.duration); + } + + /** + * The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + */ + @Import(name="expirationDate") + private @Nullable Output expirationDate; + + /** + * @return The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + */ + public Optional> expirationDate() { + return Optional.ofNullable(this.expirationDate); + } + + /** + * The Object ID of the Azure AD group to which the principal will be assigned. + * + */ + @Import(name="groupId", required=true) + private Output groupId; + + /** + * @return The Object ID of the Azure AD group to which the principal will be assigned. + * + */ + public Output groupId() { + return this.groupId; + } + + /** + * The justification for this assignment. May be required by the role policy. + * + */ + @Import(name="justification") + private @Nullable Output justification; + + /** + * @return The justification for this assignment. May be required by the role policy. + * + */ + public Optional> justification() { + return Optional.ofNullable(this.justification); + } + + /** + * Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + */ + @Import(name="permanentAssignment") + private @Nullable Output permanentAssignment; + + /** + * @return Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + */ + public Optional> permanentAssignment() { + return Optional.ofNullable(this.permanentAssignment); + } + + /** + * The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + */ + @Import(name="principalId", required=true) + private Output principalId; + + /** + * @return The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + */ + public Output principalId() { + return this.principalId; + } + + /** + * The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + */ + @Import(name="startDate") + private @Nullable Output startDate; + + /** + * @return The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + */ + public Optional> startDate() { + return Optional.ofNullable(this.startDate); + } + + /** + * The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + */ + @Import(name="ticketNumber") + private @Nullable Output ticketNumber; + + /** + * @return The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + */ + public Optional> ticketNumber() { + return Optional.ofNullable(this.ticketNumber); + } + + /** + * The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + */ + @Import(name="ticketSystem") + private @Nullable Output ticketSystem; + + /** + * @return The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + */ + public Optional> ticketSystem() { + return Optional.ofNullable(this.ticketSystem); + } + + private PrivilegedAccessGroupAssignmentScheduleArgs() {} + + private PrivilegedAccessGroupAssignmentScheduleArgs(PrivilegedAccessGroupAssignmentScheduleArgs $) { + this.assignmentType = $.assignmentType; + this.duration = $.duration; + this.expirationDate = $.expirationDate; + this.groupId = $.groupId; + this.justification = $.justification; + this.permanentAssignment = $.permanentAssignment; + this.principalId = $.principalId; + this.startDate = $.startDate; + this.ticketNumber = $.ticketNumber; + this.ticketSystem = $.ticketSystem; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(PrivilegedAccessGroupAssignmentScheduleArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private PrivilegedAccessGroupAssignmentScheduleArgs $; + + public Builder() { + $ = new PrivilegedAccessGroupAssignmentScheduleArgs(); + } + + public Builder(PrivilegedAccessGroupAssignmentScheduleArgs defaults) { + $ = new PrivilegedAccessGroupAssignmentScheduleArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param assignmentType The type of assignment to the group. Can be either `member` or `owner`. + * + * @return builder + * + */ + public Builder assignmentType(Output assignmentType) { + $.assignmentType = assignmentType; + return this; + } + + /** + * @param assignmentType The type of assignment to the group. Can be either `member` or `owner`. + * + * @return builder + * + */ + public Builder assignmentType(String assignmentType) { + return assignmentType(Output.of(assignmentType)); + } + + /** + * @param duration The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + * @return builder + * + */ + public Builder duration(@Nullable Output duration) { + $.duration = duration; + return this; + } + + /** + * @param duration The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + * @return builder + * + */ + public Builder duration(String duration) { + return duration(Output.of(duration)); + } + + /** + * @param expirationDate The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + * @return builder + * + */ + public Builder expirationDate(@Nullable Output expirationDate) { + $.expirationDate = expirationDate; + return this; + } + + /** + * @param expirationDate The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + * @return builder + * + */ + public Builder expirationDate(String expirationDate) { + return expirationDate(Output.of(expirationDate)); + } + + /** + * @param groupId The Object ID of the Azure AD group to which the principal will be assigned. + * + * @return builder + * + */ + public Builder groupId(Output groupId) { + $.groupId = groupId; + return this; + } + + /** + * @param groupId The Object ID of the Azure AD group to which the principal will be assigned. + * + * @return builder + * + */ + public Builder groupId(String groupId) { + return groupId(Output.of(groupId)); + } + + /** + * @param justification The justification for this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder justification(@Nullable Output justification) { + $.justification = justification; + return this; + } + + /** + * @param justification The justification for this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder justification(String justification) { + return justification(Output.of(justification)); + } + + /** + * @param permanentAssignment Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + * @return builder + * + */ + public Builder permanentAssignment(@Nullable Output permanentAssignment) { + $.permanentAssignment = permanentAssignment; + return this; + } + + /** + * @param permanentAssignment Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + * @return builder + * + */ + public Builder permanentAssignment(Boolean permanentAssignment) { + return permanentAssignment(Output.of(permanentAssignment)); + } + + /** + * @param principalId The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + * @return builder + * + */ + public Builder principalId(Output principalId) { + $.principalId = principalId; + return this; + } + + /** + * @param principalId The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + * @return builder + * + */ + public Builder principalId(String principalId) { + return principalId(Output.of(principalId)); + } + + /** + * @param startDate The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + * @return builder + * + */ + public Builder startDate(@Nullable Output startDate) { + $.startDate = startDate; + return this; + } + + /** + * @param startDate The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + * @return builder + * + */ + public Builder startDate(String startDate) { + return startDate(Output.of(startDate)); + } + + /** + * @param ticketNumber The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder ticketNumber(@Nullable Output ticketNumber) { + $.ticketNumber = ticketNumber; + return this; + } + + /** + * @param ticketNumber The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder ticketNumber(String ticketNumber) { + return ticketNumber(Output.of(ticketNumber)); + } + + /** + * @param ticketSystem The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder ticketSystem(@Nullable Output ticketSystem) { + $.ticketSystem = ticketSystem; + return this; + } + + /** + * @param ticketSystem The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder ticketSystem(String ticketSystem) { + return ticketSystem(Output.of(ticketSystem)); + } + + public PrivilegedAccessGroupAssignmentScheduleArgs build() { + if ($.assignmentType == null) { + throw new MissingRequiredPropertyException("PrivilegedAccessGroupAssignmentScheduleArgs", "assignmentType"); + } + if ($.groupId == null) { + throw new MissingRequiredPropertyException("PrivilegedAccessGroupAssignmentScheduleArgs", "groupId"); + } + if ($.principalId == null) { + throw new MissingRequiredPropertyException("PrivilegedAccessGroupAssignmentScheduleArgs", "principalId"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/PrivilegedAccessGroupEligibilitySchedule.java b/sdk/java/src/main/java/com/pulumi/azuread/PrivilegedAccessGroupEligibilitySchedule.java new file mode 100644 index 000000000..79e2e56ff --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/PrivilegedAccessGroupEligibilitySchedule.java @@ -0,0 +1,302 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread; + +import com.pulumi.azuread.PrivilegedAccessGroupEligibilityScheduleArgs; +import com.pulumi.azuread.Utilities; +import com.pulumi.azuread.inputs.PrivilegedAccessGroupEligibilityScheduleState; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import java.lang.Boolean; +import java.lang.String; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * Manages an eligible assignment to a privileged access group. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires the `PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup` Microsoft Graph API permissions. + * + * When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + *
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.azuread.Group;
+ * import com.pulumi.azuread.GroupArgs;
+ * import com.pulumi.azuread.User;
+ * import com.pulumi.azuread.UserArgs;
+ * import com.pulumi.azuread.PrivilegedAccessGroupEligibilitySchedule;
+ * import com.pulumi.azuread.PrivilegedAccessGroupEligibilityScheduleArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var example = new Group("example", GroupArgs.builder()        
+ *             .displayName("group-name")
+ *             .securityEnabled(true)
+ *             .build());
+ * 
+ *         var member = new User("member", UserArgs.builder()        
+ *             .userPrincipalName("jdoe{@literal @}example.com")
+ *             .displayName("J. Doe")
+ *             .mailNickname("jdoe")
+ *             .password("SecretP{@literal @}sswd99!")
+ *             .build());
+ * 
+ *         var examplePrivilegedAccessGroupEligibilitySchedule = new PrivilegedAccessGroupEligibilitySchedule("examplePrivilegedAccessGroupEligibilitySchedule", PrivilegedAccessGroupEligibilityScheduleArgs.builder()        
+ *             .groupId(pim.id())
+ *             .principalId(member.id())
+ *             .assignmentType("member")
+ *             .duration("P30D")
+ *             .justification("as requested")
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ * 
+ * <!--End PulumiCodeChooser --> + * + * ## Import + * + * An assignment schedule can be imported using the schedule ID, e.g. + * + * ```sh + * $ pulumi import azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000 + * ``` + * + */ +@ResourceType(type="azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule") +public class PrivilegedAccessGroupEligibilitySchedule extends com.pulumi.resources.CustomResource { + /** + * The type of assignment to the group. Can be either `member` or `owner`. + * + */ + @Export(name="assignmentType", refs={String.class}, tree="[0]") + private Output assignmentType; + + /** + * @return The type of assignment to the group. Can be either `member` or `owner`. + * + */ + public Output assignmentType() { + return this.assignmentType; + } + /** + * The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + */ + @Export(name="duration", refs={String.class}, tree="[0]") + private Output duration; + + /** + * @return The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + */ + public Output> duration() { + return Codegen.optional(this.duration); + } + /** + * The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + */ + @Export(name="expirationDate", refs={String.class}, tree="[0]") + private Output expirationDate; + + /** + * @return The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + */ + public Output expirationDate() { + return this.expirationDate; + } + /** + * The Object ID of the Azure AD group to which the principal will be assigned. + * + */ + @Export(name="groupId", refs={String.class}, tree="[0]") + private Output groupId; + + /** + * @return The Object ID of the Azure AD group to which the principal will be assigned. + * + */ + public Output groupId() { + return this.groupId; + } + /** + * The justification for this assignment. May be required by the role policy. + * + */ + @Export(name="justification", refs={String.class}, tree="[0]") + private Output justification; + + /** + * @return The justification for this assignment. May be required by the role policy. + * + */ + public Output> justification() { + return Codegen.optional(this.justification); + } + /** + * Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + */ + @Export(name="permanentAssignment", refs={Boolean.class}, tree="[0]") + private Output permanentAssignment; + + /** + * @return Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + */ + public Output permanentAssignment() { + return this.permanentAssignment; + } + /** + * The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + */ + @Export(name="principalId", refs={String.class}, tree="[0]") + private Output principalId; + + /** + * @return The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + */ + public Output principalId() { + return this.principalId; + } + /** + * The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + */ + @Export(name="startDate", refs={String.class}, tree="[0]") + private Output startDate; + + /** + * @return The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + */ + public Output startDate() { + return this.startDate; + } + /** + * (String) The provisioning status of this request. + * + */ + @Export(name="status", refs={String.class}, tree="[0]") + private Output status; + + /** + * @return (String) The provisioning status of this request. + * + */ + public Output status() { + return this.status; + } + /** + * The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + */ + @Export(name="ticketNumber", refs={String.class}, tree="[0]") + private Output ticketNumber; + + /** + * @return The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + */ + public Output> ticketNumber() { + return Codegen.optional(this.ticketNumber); + } + /** + * The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + */ + @Export(name="ticketSystem", refs={String.class}, tree="[0]") + private Output ticketSystem; + + /** + * @return The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + */ + public Output> ticketSystem() { + return Codegen.optional(this.ticketSystem); + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public PrivilegedAccessGroupEligibilitySchedule(String name) { + this(name, PrivilegedAccessGroupEligibilityScheduleArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public PrivilegedAccessGroupEligibilitySchedule(String name, PrivilegedAccessGroupEligibilityScheduleArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public PrivilegedAccessGroupEligibilitySchedule(String name, PrivilegedAccessGroupEligibilityScheduleArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule", name, args == null ? PrivilegedAccessGroupEligibilityScheduleArgs.Empty : args, makeResourceOptions(options, Codegen.empty())); + } + + private PrivilegedAccessGroupEligibilitySchedule(String name, Output id, @Nullable PrivilegedAccessGroupEligibilityScheduleState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule", name, state, makeResourceOptions(options, id)); + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static PrivilegedAccessGroupEligibilitySchedule get(String name, Output id, @Nullable PrivilegedAccessGroupEligibilityScheduleState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new PrivilegedAccessGroupEligibilitySchedule(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/PrivilegedAccessGroupEligibilityScheduleArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/PrivilegedAccessGroupEligibilityScheduleArgs.java new file mode 100644 index 000000000..e26914462 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/PrivilegedAccessGroupEligibilityScheduleArgs.java @@ -0,0 +1,435 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class PrivilegedAccessGroupEligibilityScheduleArgs extends com.pulumi.resources.ResourceArgs { + + public static final PrivilegedAccessGroupEligibilityScheduleArgs Empty = new PrivilegedAccessGroupEligibilityScheduleArgs(); + + /** + * The type of assignment to the group. Can be either `member` or `owner`. + * + */ + @Import(name="assignmentType", required=true) + private Output assignmentType; + + /** + * @return The type of assignment to the group. Can be either `member` or `owner`. + * + */ + public Output assignmentType() { + return this.assignmentType; + } + + /** + * The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + */ + @Import(name="duration") + private @Nullable Output duration; + + /** + * @return The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + */ + public Optional> duration() { + return Optional.ofNullable(this.duration); + } + + /** + * The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + */ + @Import(name="expirationDate") + private @Nullable Output expirationDate; + + /** + * @return The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + */ + public Optional> expirationDate() { + return Optional.ofNullable(this.expirationDate); + } + + /** + * The Object ID of the Azure AD group to which the principal will be assigned. + * + */ + @Import(name="groupId", required=true) + private Output groupId; + + /** + * @return The Object ID of the Azure AD group to which the principal will be assigned. + * + */ + public Output groupId() { + return this.groupId; + } + + /** + * The justification for this assignment. May be required by the role policy. + * + */ + @Import(name="justification") + private @Nullable Output justification; + + /** + * @return The justification for this assignment. May be required by the role policy. + * + */ + public Optional> justification() { + return Optional.ofNullable(this.justification); + } + + /** + * Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + */ + @Import(name="permanentAssignment") + private @Nullable Output permanentAssignment; + + /** + * @return Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + */ + public Optional> permanentAssignment() { + return Optional.ofNullable(this.permanentAssignment); + } + + /** + * The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + */ + @Import(name="principalId", required=true) + private Output principalId; + + /** + * @return The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + */ + public Output principalId() { + return this.principalId; + } + + /** + * The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + */ + @Import(name="startDate") + private @Nullable Output startDate; + + /** + * @return The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + */ + public Optional> startDate() { + return Optional.ofNullable(this.startDate); + } + + /** + * The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + */ + @Import(name="ticketNumber") + private @Nullable Output ticketNumber; + + /** + * @return The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + */ + public Optional> ticketNumber() { + return Optional.ofNullable(this.ticketNumber); + } + + /** + * The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + */ + @Import(name="ticketSystem") + private @Nullable Output ticketSystem; + + /** + * @return The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + */ + public Optional> ticketSystem() { + return Optional.ofNullable(this.ticketSystem); + } + + private PrivilegedAccessGroupEligibilityScheduleArgs() {} + + private PrivilegedAccessGroupEligibilityScheduleArgs(PrivilegedAccessGroupEligibilityScheduleArgs $) { + this.assignmentType = $.assignmentType; + this.duration = $.duration; + this.expirationDate = $.expirationDate; + this.groupId = $.groupId; + this.justification = $.justification; + this.permanentAssignment = $.permanentAssignment; + this.principalId = $.principalId; + this.startDate = $.startDate; + this.ticketNumber = $.ticketNumber; + this.ticketSystem = $.ticketSystem; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(PrivilegedAccessGroupEligibilityScheduleArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private PrivilegedAccessGroupEligibilityScheduleArgs $; + + public Builder() { + $ = new PrivilegedAccessGroupEligibilityScheduleArgs(); + } + + public Builder(PrivilegedAccessGroupEligibilityScheduleArgs defaults) { + $ = new PrivilegedAccessGroupEligibilityScheduleArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param assignmentType The type of assignment to the group. Can be either `member` or `owner`. + * + * @return builder + * + */ + public Builder assignmentType(Output assignmentType) { + $.assignmentType = assignmentType; + return this; + } + + /** + * @param assignmentType The type of assignment to the group. Can be either `member` or `owner`. + * + * @return builder + * + */ + public Builder assignmentType(String assignmentType) { + return assignmentType(Output.of(assignmentType)); + } + + /** + * @param duration The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + * @return builder + * + */ + public Builder duration(@Nullable Output duration) { + $.duration = duration; + return this; + } + + /** + * @param duration The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + * @return builder + * + */ + public Builder duration(String duration) { + return duration(Output.of(duration)); + } + + /** + * @param expirationDate The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + * @return builder + * + */ + public Builder expirationDate(@Nullable Output expirationDate) { + $.expirationDate = expirationDate; + return this; + } + + /** + * @param expirationDate The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + * @return builder + * + */ + public Builder expirationDate(String expirationDate) { + return expirationDate(Output.of(expirationDate)); + } + + /** + * @param groupId The Object ID of the Azure AD group to which the principal will be assigned. + * + * @return builder + * + */ + public Builder groupId(Output groupId) { + $.groupId = groupId; + return this; + } + + /** + * @param groupId The Object ID of the Azure AD group to which the principal will be assigned. + * + * @return builder + * + */ + public Builder groupId(String groupId) { + return groupId(Output.of(groupId)); + } + + /** + * @param justification The justification for this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder justification(@Nullable Output justification) { + $.justification = justification; + return this; + } + + /** + * @param justification The justification for this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder justification(String justification) { + return justification(Output.of(justification)); + } + + /** + * @param permanentAssignment Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + * @return builder + * + */ + public Builder permanentAssignment(@Nullable Output permanentAssignment) { + $.permanentAssignment = permanentAssignment; + return this; + } + + /** + * @param permanentAssignment Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + * @return builder + * + */ + public Builder permanentAssignment(Boolean permanentAssignment) { + return permanentAssignment(Output.of(permanentAssignment)); + } + + /** + * @param principalId The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + * @return builder + * + */ + public Builder principalId(Output principalId) { + $.principalId = principalId; + return this; + } + + /** + * @param principalId The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + * @return builder + * + */ + public Builder principalId(String principalId) { + return principalId(Output.of(principalId)); + } + + /** + * @param startDate The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + * @return builder + * + */ + public Builder startDate(@Nullable Output startDate) { + $.startDate = startDate; + return this; + } + + /** + * @param startDate The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + * @return builder + * + */ + public Builder startDate(String startDate) { + return startDate(Output.of(startDate)); + } + + /** + * @param ticketNumber The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder ticketNumber(@Nullable Output ticketNumber) { + $.ticketNumber = ticketNumber; + return this; + } + + /** + * @param ticketNumber The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder ticketNumber(String ticketNumber) { + return ticketNumber(Output.of(ticketNumber)); + } + + /** + * @param ticketSystem The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder ticketSystem(@Nullable Output ticketSystem) { + $.ticketSystem = ticketSystem; + return this; + } + + /** + * @param ticketSystem The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder ticketSystem(String ticketSystem) { + return ticketSystem(Output.of(ticketSystem)); + } + + public PrivilegedAccessGroupEligibilityScheduleArgs build() { + if ($.assignmentType == null) { + throw new MissingRequiredPropertyException("PrivilegedAccessGroupEligibilityScheduleArgs", "assignmentType"); + } + if ($.groupId == null) { + throw new MissingRequiredPropertyException("PrivilegedAccessGroupEligibilityScheduleArgs", "groupId"); + } + if ($.principalId == null) { + throw new MissingRequiredPropertyException("PrivilegedAccessGroupEligibilityScheduleArgs", "principalId"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationJobProvisionOnDemand.java b/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationJobProvisionOnDemand.java new file mode 100644 index 000000000..4aeb6741d --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationJobProvisionOnDemand.java @@ -0,0 +1,238 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread; + +import com.pulumi.azuread.SynchronizationJobProvisionOnDemandArgs; +import com.pulumi.azuread.Utilities; +import com.pulumi.azuread.inputs.SynchronizationJobProvisionOnDemandState; +import com.pulumi.azuread.outputs.SynchronizationJobProvisionOnDemandParameter; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import java.lang.String; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * Manages synchronization job on demand provisioning associated with a service principal (enterprise application) within Azure Active Directory. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires one of the following application roles: `Synchronization.ReadWrite.All` + * + * ## Example Usage + * + * *Basic example* + * + * <!--Start PulumiCodeChooser --> + *
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.azuread.AzureadFunctions;
+ * import com.pulumi.azuread.Group;
+ * import com.pulumi.azuread.GroupArgs;
+ * import com.pulumi.azuread.inputs.GetApplicationTemplateArgs;
+ * import com.pulumi.azuread.Application;
+ * import com.pulumi.azuread.ApplicationArgs;
+ * import com.pulumi.azuread.inputs.ApplicationFeatureTagArgs;
+ * import com.pulumi.azuread.ServicePrincipal;
+ * import com.pulumi.azuread.ServicePrincipalArgs;
+ * import com.pulumi.azuread.SynchronizationSecret;
+ * import com.pulumi.azuread.SynchronizationSecretArgs;
+ * import com.pulumi.azuread.inputs.SynchronizationSecretCredentialArgs;
+ * import com.pulumi.azuread.SynchronizationJob;
+ * import com.pulumi.azuread.SynchronizationJobArgs;
+ * import com.pulumi.azuread.SynchronizationJobProvisionOnDemand;
+ * import com.pulumi.azuread.SynchronizationJobProvisionOnDemandArgs;
+ * import com.pulumi.azuread.inputs.SynchronizationJobProvisionOnDemandParameterArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         final var current = AzureadFunctions.getClientConfig();
+ * 
+ *         var exampleGroup = new Group("exampleGroup", GroupArgs.builder()        
+ *             .displayName("example")
+ *             .owners(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
+ *             .securityEnabled(true)
+ *             .build());
+ * 
+ *         final var example = AzureadFunctions.getApplicationTemplate(GetApplicationTemplateArgs.builder()
+ *             .displayName("Azure Databricks SCIM Provisioning Connector")
+ *             .build());
+ * 
+ *         var exampleApplication = new Application("exampleApplication", ApplicationArgs.builder()        
+ *             .displayName("example")
+ *             .templateId(example.applyValue(getApplicationTemplateResult -> getApplicationTemplateResult.templateId()))
+ *             .featureTags(ApplicationFeatureTagArgs.builder()
+ *                 .enterprise(true)
+ *                 .gallery(true)
+ *                 .build())
+ *             .build());
+ * 
+ *         var exampleServicePrincipal = new ServicePrincipal("exampleServicePrincipal", ServicePrincipalArgs.builder()        
+ *             .clientId(exampleApplication.clientId())
+ *             .useExisting(true)
+ *             .build());
+ * 
+ *         var exampleSynchronizationSecret = new SynchronizationSecret("exampleSynchronizationSecret", SynchronizationSecretArgs.builder()        
+ *             .servicePrincipalId(exampleServicePrincipal.id())
+ *             .credentials(            
+ *                 SynchronizationSecretCredentialArgs.builder()
+ *                     .key("BaseAddress")
+ *                     .value("https://adb-example.azuredatabricks.net/api/2.0/preview/scim")
+ *                     .build(),
+ *                 SynchronizationSecretCredentialArgs.builder()
+ *                     .key("SecretToken")
+ *                     .value("some-token")
+ *                     .build())
+ *             .build());
+ * 
+ *         var exampleSynchronizationJob = new SynchronizationJob("exampleSynchronizationJob", SynchronizationJobArgs.builder()        
+ *             .servicePrincipalId(exampleServicePrincipal.id())
+ *             .templateId("dataBricks")
+ *             .enabled(true)
+ *             .build());
+ * 
+ *         var exampleSynchronizationJobProvisionOnDemand = new SynchronizationJobProvisionOnDemand("exampleSynchronizationJobProvisionOnDemand", SynchronizationJobProvisionOnDemandArgs.builder()        
+ *             .servicePrincipalId(exampleServicePrincipal.id())
+ *             .synchronizationJobId(exampleSynchronizationJob.id())
+ *             .parameters(SynchronizationJobProvisionOnDemandParameterArgs.builder()
+ *                 .ruleId("")
+ *                 .subjects(SynchronizationJobProvisionOnDemandParameterSubjectArgs.builder()
+ *                     .objectId(exampleGroup.objectId())
+ *                     .objectTypeName("Group")
+ *                     .build())
+ *                 .build())
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ * 
+ * <!--End PulumiCodeChooser --> + * + * ## Import + * + * This resource does not support importing. + * + */ +@ResourceType(type="azuread:index/synchronizationJobProvisionOnDemand:SynchronizationJobProvisionOnDemand") +public class SynchronizationJobProvisionOnDemand extends com.pulumi.resources.CustomResource { + /** + * One or more `parameter` blocks as documented below. + * + */ + @Export(name="parameters", refs={List.class,SynchronizationJobProvisionOnDemandParameter.class}, tree="[0,1]") + private Output> parameters; + + /** + * @return One or more `parameter` blocks as documented below. + * + */ + public Output> parameters() { + return this.parameters; + } + /** + * The object ID of the service principal for the synchronization job. + * + */ + @Export(name="servicePrincipalId", refs={String.class}, tree="[0]") + private Output servicePrincipalId; + + /** + * @return The object ID of the service principal for the synchronization job. + * + */ + public Output servicePrincipalId() { + return this.servicePrincipalId; + } + /** + * Identifier of the synchronization template this job is based on. + * + */ + @Export(name="synchronizationJobId", refs={String.class}, tree="[0]") + private Output synchronizationJobId; + + /** + * @return Identifier of the synchronization template this job is based on. + * + */ + public Output synchronizationJobId() { + return this.synchronizationJobId; + } + @Export(name="triggers", refs={Map.class,String.class}, tree="[0,1,1]") + private Output> triggers; + + public Output>> triggers() { + return Codegen.optional(this.triggers); + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public SynchronizationJobProvisionOnDemand(String name) { + this(name, SynchronizationJobProvisionOnDemandArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public SynchronizationJobProvisionOnDemand(String name, SynchronizationJobProvisionOnDemandArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public SynchronizationJobProvisionOnDemand(String name, SynchronizationJobProvisionOnDemandArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("azuread:index/synchronizationJobProvisionOnDemand:SynchronizationJobProvisionOnDemand", name, args == null ? SynchronizationJobProvisionOnDemandArgs.Empty : args, makeResourceOptions(options, Codegen.empty())); + } + + private SynchronizationJobProvisionOnDemand(String name, Output id, @Nullable SynchronizationJobProvisionOnDemandState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("azuread:index/synchronizationJobProvisionOnDemand:SynchronizationJobProvisionOnDemand", name, state, makeResourceOptions(options, id)); + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static SynchronizationJobProvisionOnDemand get(String name, Output id, @Nullable SynchronizationJobProvisionOnDemandState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new SynchronizationJobProvisionOnDemand(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationJobProvisionOnDemandArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationJobProvisionOnDemandArgs.java new file mode 100644 index 000000000..ac7e4ac42 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/SynchronizationJobProvisionOnDemandArgs.java @@ -0,0 +1,197 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread; + +import com.pulumi.azuread.inputs.SynchronizationJobProvisionOnDemandParameterArgs; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SynchronizationJobProvisionOnDemandArgs extends com.pulumi.resources.ResourceArgs { + + public static final SynchronizationJobProvisionOnDemandArgs Empty = new SynchronizationJobProvisionOnDemandArgs(); + + /** + * One or more `parameter` blocks as documented below. + * + */ + @Import(name="parameters", required=true) + private Output> parameters; + + /** + * @return One or more `parameter` blocks as documented below. + * + */ + public Output> parameters() { + return this.parameters; + } + + /** + * The object ID of the service principal for the synchronization job. + * + */ + @Import(name="servicePrincipalId", required=true) + private Output servicePrincipalId; + + /** + * @return The object ID of the service principal for the synchronization job. + * + */ + public Output servicePrincipalId() { + return this.servicePrincipalId; + } + + /** + * Identifier of the synchronization template this job is based on. + * + */ + @Import(name="synchronizationJobId", required=true) + private Output synchronizationJobId; + + /** + * @return Identifier of the synchronization template this job is based on. + * + */ + public Output synchronizationJobId() { + return this.synchronizationJobId; + } + + @Import(name="triggers") + private @Nullable Output> triggers; + + public Optional>> triggers() { + return Optional.ofNullable(this.triggers); + } + + private SynchronizationJobProvisionOnDemandArgs() {} + + private SynchronizationJobProvisionOnDemandArgs(SynchronizationJobProvisionOnDemandArgs $) { + this.parameters = $.parameters; + this.servicePrincipalId = $.servicePrincipalId; + this.synchronizationJobId = $.synchronizationJobId; + this.triggers = $.triggers; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SynchronizationJobProvisionOnDemandArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SynchronizationJobProvisionOnDemandArgs $; + + public Builder() { + $ = new SynchronizationJobProvisionOnDemandArgs(); + } + + public Builder(SynchronizationJobProvisionOnDemandArgs defaults) { + $ = new SynchronizationJobProvisionOnDemandArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param parameters One or more `parameter` blocks as documented below. + * + * @return builder + * + */ + public Builder parameters(Output> parameters) { + $.parameters = parameters; + return this; + } + + /** + * @param parameters One or more `parameter` blocks as documented below. + * + * @return builder + * + */ + public Builder parameters(List parameters) { + return parameters(Output.of(parameters)); + } + + /** + * @param parameters One or more `parameter` blocks as documented below. + * + * @return builder + * + */ + public Builder parameters(SynchronizationJobProvisionOnDemandParameterArgs... parameters) { + return parameters(List.of(parameters)); + } + + /** + * @param servicePrincipalId The object ID of the service principal for the synchronization job. + * + * @return builder + * + */ + public Builder servicePrincipalId(Output servicePrincipalId) { + $.servicePrincipalId = servicePrincipalId; + return this; + } + + /** + * @param servicePrincipalId The object ID of the service principal for the synchronization job. + * + * @return builder + * + */ + public Builder servicePrincipalId(String servicePrincipalId) { + return servicePrincipalId(Output.of(servicePrincipalId)); + } + + /** + * @param synchronizationJobId Identifier of the synchronization template this job is based on. + * + * @return builder + * + */ + public Builder synchronizationJobId(Output synchronizationJobId) { + $.synchronizationJobId = synchronizationJobId; + return this; + } + + /** + * @param synchronizationJobId Identifier of the synchronization template this job is based on. + * + * @return builder + * + */ + public Builder synchronizationJobId(String synchronizationJobId) { + return synchronizationJobId(Output.of(synchronizationJobId)); + } + + public Builder triggers(@Nullable Output> triggers) { + $.triggers = triggers; + return this; + } + + public Builder triggers(Map triggers) { + return triggers(Output.of(triggers)); + } + + public SynchronizationJobProvisionOnDemandArgs build() { + if ($.parameters == null) { + throw new MissingRequiredPropertyException("SynchronizationJobProvisionOnDemandArgs", "parameters"); + } + if ($.servicePrincipalId == null) { + throw new MissingRequiredPropertyException("SynchronizationJobProvisionOnDemandArgs", "servicePrincipalId"); + } + if ($.synchronizationJobId == null) { + throw new MissingRequiredPropertyException("SynchronizationJobProvisionOnDemandArgs", "synchronizationJobId"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/ApplicationState.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/ApplicationState.java index f0c7ae898..37e96960a 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/inputs/ApplicationState.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/ApplicationState.java @@ -204,14 +204,14 @@ public Optional>> featureTags() { } /** - * Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + * A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. * */ @Import(name="groupMembershipClaims") private @Nullable Output> groupMembershipClaims; /** - * @return Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + * @return A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. * */ public Optional>> groupMembershipClaims() { @@ -903,7 +903,7 @@ public Builder featureTags(ApplicationFeatureTagArgs... featureTags) { } /** - * @param groupMembershipClaims Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + * @param groupMembershipClaims A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. * * @return builder * @@ -914,7 +914,7 @@ public Builder groupMembershipClaims(@Nullable Output> groupMembers } /** - * @param groupMembershipClaims Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + * @param groupMembershipClaims A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. * * @return builder * @@ -924,7 +924,7 @@ public Builder groupMembershipClaims(List groupMembershipClaims) { } /** - * @param groupMembershipClaims Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + * @param groupMembershipClaims A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GetGroupArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GetGroupArgs.java index ae8806ec1..0ec7ad8d4 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GetGroupArgs.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GetGroupArgs.java @@ -31,6 +31,21 @@ public Optional> displayName() { return Optional.ofNullable(this.displayName); } + /** + * Whether to include transitive members (a flat list of all nested members). Defaults to `false`. + * + */ + @Import(name="includeTransitiveMembers") + private @Nullable Output includeTransitiveMembers; + + /** + * @return Whether to include transitive members (a flat list of all nested members). Defaults to `false`. + * + */ + public Optional> includeTransitiveMembers() { + return Optional.ofNullable(this.includeTransitiveMembers); + } + /** * Whether the group is mail-enabled. * @@ -99,6 +114,7 @@ private GetGroupArgs() {} private GetGroupArgs(GetGroupArgs $) { this.displayName = $.displayName; + this.includeTransitiveMembers = $.includeTransitiveMembers; this.mailEnabled = $.mailEnabled; this.mailNickname = $.mailNickname; this.objectId = $.objectId; @@ -144,6 +160,27 @@ public Builder displayName(String displayName) { return displayName(Output.of(displayName)); } + /** + * @param includeTransitiveMembers Whether to include transitive members (a flat list of all nested members). Defaults to `false`. + * + * @return builder + * + */ + public Builder includeTransitiveMembers(@Nullable Output includeTransitiveMembers) { + $.includeTransitiveMembers = includeTransitiveMembers; + return this; + } + + /** + * @param includeTransitiveMembers Whether to include transitive members (a flat list of all nested members). Defaults to `false`. + * + * @return builder + * + */ + public Builder includeTransitiveMembers(Boolean includeTransitiveMembers) { + return includeTransitiveMembers(Output.of(includeTransitiveMembers)); + } + /** * @param mailEnabled Whether the group is mail-enabled. * diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GetGroupPlainArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GetGroupPlainArgs.java index dd9c5b50a..610fcc97e 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GetGroupPlainArgs.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GetGroupPlainArgs.java @@ -30,6 +30,21 @@ public Optional displayName() { return Optional.ofNullable(this.displayName); } + /** + * Whether to include transitive members (a flat list of all nested members). Defaults to `false`. + * + */ + @Import(name="includeTransitiveMembers") + private @Nullable Boolean includeTransitiveMembers; + + /** + * @return Whether to include transitive members (a flat list of all nested members). Defaults to `false`. + * + */ + public Optional includeTransitiveMembers() { + return Optional.ofNullable(this.includeTransitiveMembers); + } + /** * Whether the group is mail-enabled. * @@ -98,6 +113,7 @@ private GetGroupPlainArgs() {} private GetGroupPlainArgs(GetGroupPlainArgs $) { this.displayName = $.displayName; + this.includeTransitiveMembers = $.includeTransitiveMembers; this.mailEnabled = $.mailEnabled; this.mailNickname = $.mailNickname; this.objectId = $.objectId; @@ -133,6 +149,17 @@ public Builder displayName(@Nullable String displayName) { return this; } + /** + * @param includeTransitiveMembers Whether to include transitive members (a flat list of all nested members). Defaults to `false`. + * + * @return builder + * + */ + public Builder includeTransitiveMembers(@Nullable Boolean includeTransitiveMembers) { + $.includeTransitiveMembers = includeTransitiveMembers; + return this; + } + /** * @param mailEnabled Whether the group is mail-enabled. * diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GetGroupRoleManagementPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GetGroupRoleManagementPolicyArgs.java new file mode 100644 index 000000000..b96aa0eb2 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GetGroupRoleManagementPolicyArgs.java @@ -0,0 +1,125 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; + + +public final class GetGroupRoleManagementPolicyArgs extends com.pulumi.resources.InvokeArgs { + + public static final GetGroupRoleManagementPolicyArgs Empty = new GetGroupRoleManagementPolicyArgs(); + + /** + * The ID of the Azure AD group for which the policy applies. + * + */ + @Import(name="groupId", required=true) + private Output groupId; + + /** + * @return The ID of the Azure AD group for which the policy applies. + * + */ + public Output groupId() { + return this.groupId; + } + + /** + * The type of assignment this policy coveres. Can be either `member` or `owner`. + * + */ + @Import(name="roleId", required=true) + private Output roleId; + + /** + * @return The type of assignment this policy coveres. Can be either `member` or `owner`. + * + */ + public Output roleId() { + return this.roleId; + } + + private GetGroupRoleManagementPolicyArgs() {} + + private GetGroupRoleManagementPolicyArgs(GetGroupRoleManagementPolicyArgs $) { + this.groupId = $.groupId; + this.roleId = $.roleId; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GetGroupRoleManagementPolicyArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GetGroupRoleManagementPolicyArgs $; + + public Builder() { + $ = new GetGroupRoleManagementPolicyArgs(); + } + + public Builder(GetGroupRoleManagementPolicyArgs defaults) { + $ = new GetGroupRoleManagementPolicyArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param groupId The ID of the Azure AD group for which the policy applies. + * + * @return builder + * + */ + public Builder groupId(Output groupId) { + $.groupId = groupId; + return this; + } + + /** + * @param groupId The ID of the Azure AD group for which the policy applies. + * + * @return builder + * + */ + public Builder groupId(String groupId) { + return groupId(Output.of(groupId)); + } + + /** + * @param roleId The type of assignment this policy coveres. Can be either `member` or `owner`. + * + * @return builder + * + */ + public Builder roleId(Output roleId) { + $.roleId = roleId; + return this; + } + + /** + * @param roleId The type of assignment this policy coveres. Can be either `member` or `owner`. + * + * @return builder + * + */ + public Builder roleId(String roleId) { + return roleId(Output.of(roleId)); + } + + public GetGroupRoleManagementPolicyArgs build() { + if ($.groupId == null) { + throw new MissingRequiredPropertyException("GetGroupRoleManagementPolicyArgs", "groupId"); + } + if ($.roleId == null) { + throw new MissingRequiredPropertyException("GetGroupRoleManagementPolicyArgs", "roleId"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GetGroupRoleManagementPolicyPlainArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GetGroupRoleManagementPolicyPlainArgs.java new file mode 100644 index 000000000..52b3d4fd7 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GetGroupRoleManagementPolicyPlainArgs.java @@ -0,0 +1,104 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; + + +public final class GetGroupRoleManagementPolicyPlainArgs extends com.pulumi.resources.InvokeArgs { + + public static final GetGroupRoleManagementPolicyPlainArgs Empty = new GetGroupRoleManagementPolicyPlainArgs(); + + /** + * The ID of the Azure AD group for which the policy applies. + * + */ + @Import(name="groupId", required=true) + private String groupId; + + /** + * @return The ID of the Azure AD group for which the policy applies. + * + */ + public String groupId() { + return this.groupId; + } + + /** + * The type of assignment this policy coveres. Can be either `member` or `owner`. + * + */ + @Import(name="roleId", required=true) + private String roleId; + + /** + * @return The type of assignment this policy coveres. Can be either `member` or `owner`. + * + */ + public String roleId() { + return this.roleId; + } + + private GetGroupRoleManagementPolicyPlainArgs() {} + + private GetGroupRoleManagementPolicyPlainArgs(GetGroupRoleManagementPolicyPlainArgs $) { + this.groupId = $.groupId; + this.roleId = $.roleId; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GetGroupRoleManagementPolicyPlainArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GetGroupRoleManagementPolicyPlainArgs $; + + public Builder() { + $ = new GetGroupRoleManagementPolicyPlainArgs(); + } + + public Builder(GetGroupRoleManagementPolicyPlainArgs defaults) { + $ = new GetGroupRoleManagementPolicyPlainArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param groupId The ID of the Azure AD group for which the policy applies. + * + * @return builder + * + */ + public Builder groupId(String groupId) { + $.groupId = groupId; + return this; + } + + /** + * @param roleId The type of assignment this policy coveres. Can be either `member` or `owner`. + * + * @return builder + * + */ + public Builder roleId(String roleId) { + $.roleId = roleId; + return this; + } + + public GetGroupRoleManagementPolicyPlainArgs build() { + if ($.groupId == null) { + throw new MissingRequiredPropertyException("GetGroupRoleManagementPolicyPlainArgs", "groupId"); + } + if ($.roleId == null) { + throw new MissingRequiredPropertyException("GetGroupRoleManagementPolicyPlainArgs", "roleId"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyActivationRulesApprovalStageArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyActivationRulesApprovalStageArgs.java new file mode 100644 index 000000000..3ee6d7b6b --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyActivationRulesApprovalStageArgs.java @@ -0,0 +1,96 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.util.List; +import java.util.Objects; + + +public final class GroupRoleManagementPolicyActivationRulesApprovalStageArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyActivationRulesApprovalStageArgs Empty = new GroupRoleManagementPolicyActivationRulesApprovalStageArgs(); + + /** + * The IDs of the users or groups who can approve the activation + * + */ + @Import(name="primaryApprovers", required=true) + private Output> primaryApprovers; + + /** + * @return The IDs of the users or groups who can approve the activation + * + */ + public Output> primaryApprovers() { + return this.primaryApprovers; + } + + private GroupRoleManagementPolicyActivationRulesApprovalStageArgs() {} + + private GroupRoleManagementPolicyActivationRulesApprovalStageArgs(GroupRoleManagementPolicyActivationRulesApprovalStageArgs $) { + this.primaryApprovers = $.primaryApprovers; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyActivationRulesApprovalStageArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyActivationRulesApprovalStageArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyActivationRulesApprovalStageArgs(); + } + + public Builder(GroupRoleManagementPolicyActivationRulesApprovalStageArgs defaults) { + $ = new GroupRoleManagementPolicyActivationRulesApprovalStageArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param primaryApprovers The IDs of the users or groups who can approve the activation + * + * @return builder + * + */ + public Builder primaryApprovers(Output> primaryApprovers) { + $.primaryApprovers = primaryApprovers; + return this; + } + + /** + * @param primaryApprovers The IDs of the users or groups who can approve the activation + * + * @return builder + * + */ + public Builder primaryApprovers(List primaryApprovers) { + return primaryApprovers(Output.of(primaryApprovers)); + } + + /** + * @param primaryApprovers The IDs of the users or groups who can approve the activation + * + * @return builder + * + */ + public Builder primaryApprovers(GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs... primaryApprovers) { + return primaryApprovers(List.of(primaryApprovers)); + } + + public GroupRoleManagementPolicyActivationRulesApprovalStageArgs build() { + if ($.primaryApprovers == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyActivationRulesApprovalStageArgs", "primaryApprovers"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs.java new file mode 100644 index 000000000..a6920f42e --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs.java @@ -0,0 +1,124 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs Empty = new GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs(); + + /** + * The ID of the object which will act as an approver. + * + */ + @Import(name="objectId", required=true) + private Output objectId; + + /** + * @return The ID of the object which will act as an approver. + * + */ + public Output objectId() { + return this.objectId; + } + + /** + * The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + * + */ + @Import(name="type") + private @Nullable Output type; + + /** + * @return The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + * + */ + public Optional> type() { + return Optional.ofNullable(this.type); + } + + private GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs() {} + + private GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs(GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs $) { + this.objectId = $.objectId; + this.type = $.type; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs(); + } + + public Builder(GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs defaults) { + $ = new GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param objectId The ID of the object which will act as an approver. + * + * @return builder + * + */ + public Builder objectId(Output objectId) { + $.objectId = objectId; + return this; + } + + /** + * @param objectId The ID of the object which will act as an approver. + * + * @return builder + * + */ + public Builder objectId(String objectId) { + return objectId(Output.of(objectId)); + } + + /** + * @param type The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + * + * @return builder + * + */ + public Builder type(@Nullable Output type) { + $.type = type; + return this; + } + + /** + * @param type The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + * + * @return builder + * + */ + public Builder type(String type) { + return type(Output.of(type)); + } + + public GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs build() { + if ($.objectId == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs", "objectId"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyActivationRulesArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyActivationRulesArgs.java new file mode 100644 index 000000000..a57e90c68 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyActivationRulesArgs.java @@ -0,0 +1,307 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyActivationRulesApprovalStageArgs; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyActivationRulesArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyActivationRulesArgs Empty = new GroupRoleManagementPolicyActivationRulesArgs(); + + /** + * An `approval_stage` block as defined below. + * + */ + @Import(name="approvalStage") + private @Nullable Output approvalStage; + + /** + * @return An `approval_stage` block as defined below. + * + */ + public Optional> approvalStage() { + return Optional.ofNullable(this.approvalStage); + } + + /** + * The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + * + */ + @Import(name="maximumDuration") + private @Nullable Output maximumDuration; + + /** + * @return The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + * + */ + public Optional> maximumDuration() { + return Optional.ofNullable(this.maximumDuration); + } + + /** + * Is approval required for activation. If `true` an `approval_stage` block must be provided. + * + */ + @Import(name="requireApproval") + private @Nullable Output requireApproval; + + /** + * @return Is approval required for activation. If `true` an `approval_stage` block must be provided. + * + */ + public Optional> requireApproval() { + return Optional.ofNullable(this.requireApproval); + } + + /** + * Is a justification required during activation of the role. + * + */ + @Import(name="requireJustification") + private @Nullable Output requireJustification; + + /** + * @return Is a justification required during activation of the role. + * + */ + public Optional> requireJustification() { + return Optional.ofNullable(this.requireJustification); + } + + /** + * Is multi-factor authentication required to activate the role. Conflicts with `required_conditional_access_authentication_context`. + * + */ + @Import(name="requireMultifactorAuthentication") + private @Nullable Output requireMultifactorAuthentication; + + /** + * @return Is multi-factor authentication required to activate the role. Conflicts with `required_conditional_access_authentication_context`. + * + */ + public Optional> requireMultifactorAuthentication() { + return Optional.ofNullable(this.requireMultifactorAuthentication); + } + + /** + * Is ticket information requrired during activation of the role. + * + */ + @Import(name="requireTicketInfo") + private @Nullable Output requireTicketInfo; + + /** + * @return Is ticket information requrired during activation of the role. + * + */ + public Optional> requireTicketInfo() { + return Optional.ofNullable(this.requireTicketInfo); + } + + /** + * The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + * + */ + @Import(name="requiredConditionalAccessAuthenticationContext") + private @Nullable Output requiredConditionalAccessAuthenticationContext; + + /** + * @return The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + * + */ + public Optional> requiredConditionalAccessAuthenticationContext() { + return Optional.ofNullable(this.requiredConditionalAccessAuthenticationContext); + } + + private GroupRoleManagementPolicyActivationRulesArgs() {} + + private GroupRoleManagementPolicyActivationRulesArgs(GroupRoleManagementPolicyActivationRulesArgs $) { + this.approvalStage = $.approvalStage; + this.maximumDuration = $.maximumDuration; + this.requireApproval = $.requireApproval; + this.requireJustification = $.requireJustification; + this.requireMultifactorAuthentication = $.requireMultifactorAuthentication; + this.requireTicketInfo = $.requireTicketInfo; + this.requiredConditionalAccessAuthenticationContext = $.requiredConditionalAccessAuthenticationContext; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyActivationRulesArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyActivationRulesArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyActivationRulesArgs(); + } + + public Builder(GroupRoleManagementPolicyActivationRulesArgs defaults) { + $ = new GroupRoleManagementPolicyActivationRulesArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param approvalStage An `approval_stage` block as defined below. + * + * @return builder + * + */ + public Builder approvalStage(@Nullable Output approvalStage) { + $.approvalStage = approvalStage; + return this; + } + + /** + * @param approvalStage An `approval_stage` block as defined below. + * + * @return builder + * + */ + public Builder approvalStage(GroupRoleManagementPolicyActivationRulesApprovalStageArgs approvalStage) { + return approvalStage(Output.of(approvalStage)); + } + + /** + * @param maximumDuration The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + * + * @return builder + * + */ + public Builder maximumDuration(@Nullable Output maximumDuration) { + $.maximumDuration = maximumDuration; + return this; + } + + /** + * @param maximumDuration The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + * + * @return builder + * + */ + public Builder maximumDuration(String maximumDuration) { + return maximumDuration(Output.of(maximumDuration)); + } + + /** + * @param requireApproval Is approval required for activation. If `true` an `approval_stage` block must be provided. + * + * @return builder + * + */ + public Builder requireApproval(@Nullable Output requireApproval) { + $.requireApproval = requireApproval; + return this; + } + + /** + * @param requireApproval Is approval required for activation. If `true` an `approval_stage` block must be provided. + * + * @return builder + * + */ + public Builder requireApproval(Boolean requireApproval) { + return requireApproval(Output.of(requireApproval)); + } + + /** + * @param requireJustification Is a justification required during activation of the role. + * + * @return builder + * + */ + public Builder requireJustification(@Nullable Output requireJustification) { + $.requireJustification = requireJustification; + return this; + } + + /** + * @param requireJustification Is a justification required during activation of the role. + * + * @return builder + * + */ + public Builder requireJustification(Boolean requireJustification) { + return requireJustification(Output.of(requireJustification)); + } + + /** + * @param requireMultifactorAuthentication Is multi-factor authentication required to activate the role. Conflicts with `required_conditional_access_authentication_context`. + * + * @return builder + * + */ + public Builder requireMultifactorAuthentication(@Nullable Output requireMultifactorAuthentication) { + $.requireMultifactorAuthentication = requireMultifactorAuthentication; + return this; + } + + /** + * @param requireMultifactorAuthentication Is multi-factor authentication required to activate the role. Conflicts with `required_conditional_access_authentication_context`. + * + * @return builder + * + */ + public Builder requireMultifactorAuthentication(Boolean requireMultifactorAuthentication) { + return requireMultifactorAuthentication(Output.of(requireMultifactorAuthentication)); + } + + /** + * @param requireTicketInfo Is ticket information requrired during activation of the role. + * + * @return builder + * + */ + public Builder requireTicketInfo(@Nullable Output requireTicketInfo) { + $.requireTicketInfo = requireTicketInfo; + return this; + } + + /** + * @param requireTicketInfo Is ticket information requrired during activation of the role. + * + * @return builder + * + */ + public Builder requireTicketInfo(Boolean requireTicketInfo) { + return requireTicketInfo(Output.of(requireTicketInfo)); + } + + /** + * @param requiredConditionalAccessAuthenticationContext The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + * + * @return builder + * + */ + public Builder requiredConditionalAccessAuthenticationContext(@Nullable Output requiredConditionalAccessAuthenticationContext) { + $.requiredConditionalAccessAuthenticationContext = requiredConditionalAccessAuthenticationContext; + return this; + } + + /** + * @param requiredConditionalAccessAuthenticationContext The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + * + * @return builder + * + */ + public Builder requiredConditionalAccessAuthenticationContext(String requiredConditionalAccessAuthenticationContext) { + return requiredConditionalAccessAuthenticationContext(Output.of(requiredConditionalAccessAuthenticationContext)); + } + + public GroupRoleManagementPolicyActivationRulesArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyActiveAssignmentRulesArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyActiveAssignmentRulesArgs.java new file mode 100644 index 000000000..b4c52c909 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyActiveAssignmentRulesArgs.java @@ -0,0 +1,240 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyActiveAssignmentRulesArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyActiveAssignmentRulesArgs Empty = new GroupRoleManagementPolicyActiveAssignmentRulesArgs(); + + /** + * Must an assignment have an expiry date. `false` allows permanent assignment. + * + */ + @Import(name="expirationRequired") + private @Nullable Output expirationRequired; + + /** + * @return Must an assignment have an expiry date. `false` allows permanent assignment. + * + */ + public Optional> expirationRequired() { + return Optional.ofNullable(this.expirationRequired); + } + + /** + * The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + * + */ + @Import(name="expireAfter") + private @Nullable Output expireAfter; + + /** + * @return The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + * + */ + public Optional> expireAfter() { + return Optional.ofNullable(this.expireAfter); + } + + /** + * Is a justification required to create new assignments. + * + */ + @Import(name="requireJustification") + private @Nullable Output requireJustification; + + /** + * @return Is a justification required to create new assignments. + * + */ + public Optional> requireJustification() { + return Optional.ofNullable(this.requireJustification); + } + + /** + * Is multi-factor authentication required to create new assignments. + * + */ + @Import(name="requireMultifactorAuthentication") + private @Nullable Output requireMultifactorAuthentication; + + /** + * @return Is multi-factor authentication required to create new assignments. + * + */ + public Optional> requireMultifactorAuthentication() { + return Optional.ofNullable(this.requireMultifactorAuthentication); + } + + /** + * Is ticket information required to create new assignments. + * + * One of `expiration_required` or `expire_after` must be provided. + * + */ + @Import(name="requireTicketInfo") + private @Nullable Output requireTicketInfo; + + /** + * @return Is ticket information required to create new assignments. + * + * One of `expiration_required` or `expire_after` must be provided. + * + */ + public Optional> requireTicketInfo() { + return Optional.ofNullable(this.requireTicketInfo); + } + + private GroupRoleManagementPolicyActiveAssignmentRulesArgs() {} + + private GroupRoleManagementPolicyActiveAssignmentRulesArgs(GroupRoleManagementPolicyActiveAssignmentRulesArgs $) { + this.expirationRequired = $.expirationRequired; + this.expireAfter = $.expireAfter; + this.requireJustification = $.requireJustification; + this.requireMultifactorAuthentication = $.requireMultifactorAuthentication; + this.requireTicketInfo = $.requireTicketInfo; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyActiveAssignmentRulesArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyActiveAssignmentRulesArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyActiveAssignmentRulesArgs(); + } + + public Builder(GroupRoleManagementPolicyActiveAssignmentRulesArgs defaults) { + $ = new GroupRoleManagementPolicyActiveAssignmentRulesArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param expirationRequired Must an assignment have an expiry date. `false` allows permanent assignment. + * + * @return builder + * + */ + public Builder expirationRequired(@Nullable Output expirationRequired) { + $.expirationRequired = expirationRequired; + return this; + } + + /** + * @param expirationRequired Must an assignment have an expiry date. `false` allows permanent assignment. + * + * @return builder + * + */ + public Builder expirationRequired(Boolean expirationRequired) { + return expirationRequired(Output.of(expirationRequired)); + } + + /** + * @param expireAfter The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + * + * @return builder + * + */ + public Builder expireAfter(@Nullable Output expireAfter) { + $.expireAfter = expireAfter; + return this; + } + + /** + * @param expireAfter The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + * + * @return builder + * + */ + public Builder expireAfter(String expireAfter) { + return expireAfter(Output.of(expireAfter)); + } + + /** + * @param requireJustification Is a justification required to create new assignments. + * + * @return builder + * + */ + public Builder requireJustification(@Nullable Output requireJustification) { + $.requireJustification = requireJustification; + return this; + } + + /** + * @param requireJustification Is a justification required to create new assignments. + * + * @return builder + * + */ + public Builder requireJustification(Boolean requireJustification) { + return requireJustification(Output.of(requireJustification)); + } + + /** + * @param requireMultifactorAuthentication Is multi-factor authentication required to create new assignments. + * + * @return builder + * + */ + public Builder requireMultifactorAuthentication(@Nullable Output requireMultifactorAuthentication) { + $.requireMultifactorAuthentication = requireMultifactorAuthentication; + return this; + } + + /** + * @param requireMultifactorAuthentication Is multi-factor authentication required to create new assignments. + * + * @return builder + * + */ + public Builder requireMultifactorAuthentication(Boolean requireMultifactorAuthentication) { + return requireMultifactorAuthentication(Output.of(requireMultifactorAuthentication)); + } + + /** + * @param requireTicketInfo Is ticket information required to create new assignments. + * + * One of `expiration_required` or `expire_after` must be provided. + * + * @return builder + * + */ + public Builder requireTicketInfo(@Nullable Output requireTicketInfo) { + $.requireTicketInfo = requireTicketInfo; + return this; + } + + /** + * @param requireTicketInfo Is ticket information required to create new assignments. + * + * One of `expiration_required` or `expire_after` must be provided. + * + * @return builder + * + */ + public Builder requireTicketInfo(Boolean requireTicketInfo) { + return requireTicketInfo(Output.of(requireTicketInfo)); + } + + public GroupRoleManagementPolicyActiveAssignmentRulesArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyEligibleAssignmentRulesArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyEligibleAssignmentRulesArgs.java new file mode 100644 index 000000000..8b6b1fafb --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyEligibleAssignmentRulesArgs.java @@ -0,0 +1,129 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyEligibleAssignmentRulesArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyEligibleAssignmentRulesArgs Empty = new GroupRoleManagementPolicyEligibleAssignmentRulesArgs(); + + /** + * Must an assignment have an expiry date. `false` allows permanent assignment. + * + */ + @Import(name="expirationRequired") + private @Nullable Output expirationRequired; + + /** + * @return Must an assignment have an expiry date. `false` allows permanent assignment. + * + */ + public Optional> expirationRequired() { + return Optional.ofNullable(this.expirationRequired); + } + + /** + * The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + * + * One of `expiration_required` or `expire_after` must be provided. + * + */ + @Import(name="expireAfter") + private @Nullable Output expireAfter; + + /** + * @return The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + * + * One of `expiration_required` or `expire_after` must be provided. + * + */ + public Optional> expireAfter() { + return Optional.ofNullable(this.expireAfter); + } + + private GroupRoleManagementPolicyEligibleAssignmentRulesArgs() {} + + private GroupRoleManagementPolicyEligibleAssignmentRulesArgs(GroupRoleManagementPolicyEligibleAssignmentRulesArgs $) { + this.expirationRequired = $.expirationRequired; + this.expireAfter = $.expireAfter; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyEligibleAssignmentRulesArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyEligibleAssignmentRulesArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyEligibleAssignmentRulesArgs(); + } + + public Builder(GroupRoleManagementPolicyEligibleAssignmentRulesArgs defaults) { + $ = new GroupRoleManagementPolicyEligibleAssignmentRulesArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param expirationRequired Must an assignment have an expiry date. `false` allows permanent assignment. + * + * @return builder + * + */ + public Builder expirationRequired(@Nullable Output expirationRequired) { + $.expirationRequired = expirationRequired; + return this; + } + + /** + * @param expirationRequired Must an assignment have an expiry date. `false` allows permanent assignment. + * + * @return builder + * + */ + public Builder expirationRequired(Boolean expirationRequired) { + return expirationRequired(Output.of(expirationRequired)); + } + + /** + * @param expireAfter The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + * + * One of `expiration_required` or `expire_after` must be provided. + * + * @return builder + * + */ + public Builder expireAfter(@Nullable Output expireAfter) { + $.expireAfter = expireAfter; + return this; + } + + /** + * @param expireAfter The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + * + * One of `expiration_required` or `expire_after` must be provided. + * + * @return builder + * + */ + public Builder expireAfter(String expireAfter) { + return expireAfter(Output.of(expireAfter)); + } + + public GroupRoleManagementPolicyEligibleAssignmentRulesArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs.java new file mode 100644 index 000000000..bdd8d895b --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs.java @@ -0,0 +1,176 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs Empty = new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs(); + + /** + * The additional recipients to notify + * + */ + @Import(name="additionalRecipients") + private @Nullable Output> additionalRecipients; + + /** + * @return The additional recipients to notify + * + */ + public Optional>> additionalRecipients() { + return Optional.ofNullable(this.additionalRecipients); + } + + /** + * Whether the default recipients are notified + * + */ + @Import(name="defaultRecipients", required=true) + private Output defaultRecipients; + + /** + * @return Whether the default recipients are notified + * + */ + public Output defaultRecipients() { + return this.defaultRecipients; + } + + /** + * What level of notifications are sent + * + */ + @Import(name="notificationLevel", required=true) + private Output notificationLevel; + + /** + * @return What level of notifications are sent + * + */ + public Output notificationLevel() { + return this.notificationLevel; + } + + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs() {} + + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs $) { + this.additionalRecipients = $.additionalRecipients; + this.defaultRecipients = $.defaultRecipients; + this.notificationLevel = $.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs(); + } + + public Builder(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs defaults) { + $ = new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(@Nullable Output> additionalRecipients) { + $.additionalRecipients = additionalRecipients; + return this; + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(List additionalRecipients) { + return additionalRecipients(Output.of(additionalRecipients)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Output defaultRecipients) { + $.defaultRecipients = defaultRecipients; + return this; + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Boolean defaultRecipients) { + return defaultRecipients(Output.of(defaultRecipients)); + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(Output notificationLevel) { + $.notificationLevel = notificationLevel; + return this; + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(String notificationLevel) { + return notificationLevel(Output.of(notificationLevel)); + } + + public GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs build() { + if ($.defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs", "defaultRecipients"); + } + if ($.notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs", "notificationLevel"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs.java new file mode 100644 index 000000000..348c91df9 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs.java @@ -0,0 +1,176 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs Empty = new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs(); + + /** + * The additional recipients to notify + * + */ + @Import(name="additionalRecipients") + private @Nullable Output> additionalRecipients; + + /** + * @return The additional recipients to notify + * + */ + public Optional>> additionalRecipients() { + return Optional.ofNullable(this.additionalRecipients); + } + + /** + * Whether the default recipients are notified + * + */ + @Import(name="defaultRecipients", required=true) + private Output defaultRecipients; + + /** + * @return Whether the default recipients are notified + * + */ + public Output defaultRecipients() { + return this.defaultRecipients; + } + + /** + * What level of notifications are sent + * + */ + @Import(name="notificationLevel", required=true) + private Output notificationLevel; + + /** + * @return What level of notifications are sent + * + */ + public Output notificationLevel() { + return this.notificationLevel; + } + + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs() {} + + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs $) { + this.additionalRecipients = $.additionalRecipients; + this.defaultRecipients = $.defaultRecipients; + this.notificationLevel = $.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs(); + } + + public Builder(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs defaults) { + $ = new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(@Nullable Output> additionalRecipients) { + $.additionalRecipients = additionalRecipients; + return this; + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(List additionalRecipients) { + return additionalRecipients(Output.of(additionalRecipients)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Output defaultRecipients) { + $.defaultRecipients = defaultRecipients; + return this; + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Boolean defaultRecipients) { + return defaultRecipients(Output.of(defaultRecipients)); + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(Output notificationLevel) { + $.notificationLevel = notificationLevel; + return this; + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(String notificationLevel) { + return notificationLevel(Output.of(notificationLevel)); + } + + public GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs build() { + if ($.defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs", "defaultRecipients"); + } + if ($.notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs", "notificationLevel"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs.java new file mode 100644 index 000000000..8b13dd94f --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs.java @@ -0,0 +1,159 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs; +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs; +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs Empty = new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs(); + + /** + * Admin notification settings + * + */ + @Import(name="adminNotifications") + private @Nullable Output adminNotifications; + + /** + * @return Admin notification settings + * + */ + public Optional> adminNotifications() { + return Optional.ofNullable(this.adminNotifications); + } + + /** + * Approver notification settings + * + */ + @Import(name="approverNotifications") + private @Nullable Output approverNotifications; + + /** + * @return Approver notification settings + * + */ + public Optional> approverNotifications() { + return Optional.ofNullable(this.approverNotifications); + } + + /** + * Assignee notification settings + * + */ + @Import(name="assigneeNotifications") + private @Nullable Output assigneeNotifications; + + /** + * @return Assignee notification settings + * + */ + public Optional> assigneeNotifications() { + return Optional.ofNullable(this.assigneeNotifications); + } + + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs() {} + + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs $) { + this.adminNotifications = $.adminNotifications; + this.approverNotifications = $.approverNotifications; + this.assigneeNotifications = $.assigneeNotifications; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs(); + } + + public Builder(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs defaults) { + $ = new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param adminNotifications Admin notification settings + * + * @return builder + * + */ + public Builder adminNotifications(@Nullable Output adminNotifications) { + $.adminNotifications = adminNotifications; + return this; + } + + /** + * @param adminNotifications Admin notification settings + * + * @return builder + * + */ + public Builder adminNotifications(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs adminNotifications) { + return adminNotifications(Output.of(adminNotifications)); + } + + /** + * @param approverNotifications Approver notification settings + * + * @return builder + * + */ + public Builder approverNotifications(@Nullable Output approverNotifications) { + $.approverNotifications = approverNotifications; + return this; + } + + /** + * @param approverNotifications Approver notification settings + * + * @return builder + * + */ + public Builder approverNotifications(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs approverNotifications) { + return approverNotifications(Output.of(approverNotifications)); + } + + /** + * @param assigneeNotifications Assignee notification settings + * + * @return builder + * + */ + public Builder assigneeNotifications(@Nullable Output assigneeNotifications) { + $.assigneeNotifications = assigneeNotifications; + return this; + } + + /** + * @param assigneeNotifications Assignee notification settings + * + * @return builder + * + */ + public Builder assigneeNotifications(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs assigneeNotifications) { + return assigneeNotifications(Output.of(assigneeNotifications)); + } + + public GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs.java new file mode 100644 index 000000000..8c05b65e5 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs.java @@ -0,0 +1,176 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs Empty = new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs(); + + /** + * The additional recipients to notify + * + */ + @Import(name="additionalRecipients") + private @Nullable Output> additionalRecipients; + + /** + * @return The additional recipients to notify + * + */ + public Optional>> additionalRecipients() { + return Optional.ofNullable(this.additionalRecipients); + } + + /** + * Whether the default recipients are notified + * + */ + @Import(name="defaultRecipients", required=true) + private Output defaultRecipients; + + /** + * @return Whether the default recipients are notified + * + */ + public Output defaultRecipients() { + return this.defaultRecipients; + } + + /** + * What level of notifications are sent + * + */ + @Import(name="notificationLevel", required=true) + private Output notificationLevel; + + /** + * @return What level of notifications are sent + * + */ + public Output notificationLevel() { + return this.notificationLevel; + } + + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs() {} + + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs $) { + this.additionalRecipients = $.additionalRecipients; + this.defaultRecipients = $.defaultRecipients; + this.notificationLevel = $.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs(); + } + + public Builder(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs defaults) { + $ = new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(@Nullable Output> additionalRecipients) { + $.additionalRecipients = additionalRecipients; + return this; + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(List additionalRecipients) { + return additionalRecipients(Output.of(additionalRecipients)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Output defaultRecipients) { + $.defaultRecipients = defaultRecipients; + return this; + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Boolean defaultRecipients) { + return defaultRecipients(Output.of(defaultRecipients)); + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(Output notificationLevel) { + $.notificationLevel = notificationLevel; + return this; + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(String notificationLevel) { + return notificationLevel(Output.of(notificationLevel)); + } + + public GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs build() { + if ($.defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs", "defaultRecipients"); + } + if ($.notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs", "notificationLevel"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesArgs.java new file mode 100644 index 000000000..343ccd1c6 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesArgs.java @@ -0,0 +1,167 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs; +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs; +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyNotificationRulesArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyNotificationRulesArgs Empty = new GroupRoleManagementPolicyNotificationRulesArgs(); + + /** + * A `notification_target` block as defined below to configure notfications on active role assignments. + * + */ + @Import(name="activeAssignments") + private @Nullable Output activeAssignments; + + /** + * @return A `notification_target` block as defined below to configure notfications on active role assignments. + * + */ + public Optional> activeAssignments() { + return Optional.ofNullable(this.activeAssignments); + } + + /** + * A `notification_target` block as defined below for configuring notifications on activation of eligible role. + * + */ + @Import(name="eligibleActivations") + private @Nullable Output eligibleActivations; + + /** + * @return A `notification_target` block as defined below for configuring notifications on activation of eligible role. + * + */ + public Optional> eligibleActivations() { + return Optional.ofNullable(this.eligibleActivations); + } + + /** + * A `notification_target` block as defined below to configure notification on eligible role assignments. + * + * At least one `notification_target` block must be provided. + * + */ + @Import(name="eligibleAssignments") + private @Nullable Output eligibleAssignments; + + /** + * @return A `notification_target` block as defined below to configure notification on eligible role assignments. + * + * At least one `notification_target` block must be provided. + * + */ + public Optional> eligibleAssignments() { + return Optional.ofNullable(this.eligibleAssignments); + } + + private GroupRoleManagementPolicyNotificationRulesArgs() {} + + private GroupRoleManagementPolicyNotificationRulesArgs(GroupRoleManagementPolicyNotificationRulesArgs $) { + this.activeAssignments = $.activeAssignments; + this.eligibleActivations = $.eligibleActivations; + this.eligibleAssignments = $.eligibleAssignments; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyNotificationRulesArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyNotificationRulesArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyNotificationRulesArgs(); + } + + public Builder(GroupRoleManagementPolicyNotificationRulesArgs defaults) { + $ = new GroupRoleManagementPolicyNotificationRulesArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param activeAssignments A `notification_target` block as defined below to configure notfications on active role assignments. + * + * @return builder + * + */ + public Builder activeAssignments(@Nullable Output activeAssignments) { + $.activeAssignments = activeAssignments; + return this; + } + + /** + * @param activeAssignments A `notification_target` block as defined below to configure notfications on active role assignments. + * + * @return builder + * + */ + public Builder activeAssignments(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs activeAssignments) { + return activeAssignments(Output.of(activeAssignments)); + } + + /** + * @param eligibleActivations A `notification_target` block as defined below for configuring notifications on activation of eligible role. + * + * @return builder + * + */ + public Builder eligibleActivations(@Nullable Output eligibleActivations) { + $.eligibleActivations = eligibleActivations; + return this; + } + + /** + * @param eligibleActivations A `notification_target` block as defined below for configuring notifications on activation of eligible role. + * + * @return builder + * + */ + public Builder eligibleActivations(GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs eligibleActivations) { + return eligibleActivations(Output.of(eligibleActivations)); + } + + /** + * @param eligibleAssignments A `notification_target` block as defined below to configure notification on eligible role assignments. + * + * At least one `notification_target` block must be provided. + * + * @return builder + * + */ + public Builder eligibleAssignments(@Nullable Output eligibleAssignments) { + $.eligibleAssignments = eligibleAssignments; + return this; + } + + /** + * @param eligibleAssignments A `notification_target` block as defined below to configure notification on eligible role assignments. + * + * At least one `notification_target` block must be provided. + * + * @return builder + * + */ + public Builder eligibleAssignments(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs eligibleAssignments) { + return eligibleAssignments(Output.of(eligibleAssignments)); + } + + public GroupRoleManagementPolicyNotificationRulesArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs.java new file mode 100644 index 000000000..7ae04d95f --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs.java @@ -0,0 +1,176 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs Empty = new GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs(); + + /** + * The additional recipients to notify + * + */ + @Import(name="additionalRecipients") + private @Nullable Output> additionalRecipients; + + /** + * @return The additional recipients to notify + * + */ + public Optional>> additionalRecipients() { + return Optional.ofNullable(this.additionalRecipients); + } + + /** + * Whether the default recipients are notified + * + */ + @Import(name="defaultRecipients", required=true) + private Output defaultRecipients; + + /** + * @return Whether the default recipients are notified + * + */ + public Output defaultRecipients() { + return this.defaultRecipients; + } + + /** + * What level of notifications are sent + * + */ + @Import(name="notificationLevel", required=true) + private Output notificationLevel; + + /** + * @return What level of notifications are sent + * + */ + public Output notificationLevel() { + return this.notificationLevel; + } + + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs() {} + + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs $) { + this.additionalRecipients = $.additionalRecipients; + this.defaultRecipients = $.defaultRecipients; + this.notificationLevel = $.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs(); + } + + public Builder(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs defaults) { + $ = new GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(@Nullable Output> additionalRecipients) { + $.additionalRecipients = additionalRecipients; + return this; + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(List additionalRecipients) { + return additionalRecipients(Output.of(additionalRecipients)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Output defaultRecipients) { + $.defaultRecipients = defaultRecipients; + return this; + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Boolean defaultRecipients) { + return defaultRecipients(Output.of(defaultRecipients)); + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(Output notificationLevel) { + $.notificationLevel = notificationLevel; + return this; + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(String notificationLevel) { + return notificationLevel(Output.of(notificationLevel)); + } + + public GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs build() { + if ($.defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs", "defaultRecipients"); + } + if ($.notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs", "notificationLevel"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs.java new file mode 100644 index 000000000..b87164da9 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs.java @@ -0,0 +1,176 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs Empty = new GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs(); + + /** + * The additional recipients to notify + * + */ + @Import(name="additionalRecipients") + private @Nullable Output> additionalRecipients; + + /** + * @return The additional recipients to notify + * + */ + public Optional>> additionalRecipients() { + return Optional.ofNullable(this.additionalRecipients); + } + + /** + * Whether the default recipients are notified + * + */ + @Import(name="defaultRecipients", required=true) + private Output defaultRecipients; + + /** + * @return Whether the default recipients are notified + * + */ + public Output defaultRecipients() { + return this.defaultRecipients; + } + + /** + * What level of notifications are sent + * + */ + @Import(name="notificationLevel", required=true) + private Output notificationLevel; + + /** + * @return What level of notifications are sent + * + */ + public Output notificationLevel() { + return this.notificationLevel; + } + + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs() {} + + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs(GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs $) { + this.additionalRecipients = $.additionalRecipients; + this.defaultRecipients = $.defaultRecipients; + this.notificationLevel = $.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs(); + } + + public Builder(GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs defaults) { + $ = new GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(@Nullable Output> additionalRecipients) { + $.additionalRecipients = additionalRecipients; + return this; + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(List additionalRecipients) { + return additionalRecipients(Output.of(additionalRecipients)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Output defaultRecipients) { + $.defaultRecipients = defaultRecipients; + return this; + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Boolean defaultRecipients) { + return defaultRecipients(Output.of(defaultRecipients)); + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(Output notificationLevel) { + $.notificationLevel = notificationLevel; + return this; + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(String notificationLevel) { + return notificationLevel(Output.of(notificationLevel)); + } + + public GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs build() { + if ($.defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs", "defaultRecipients"); + } + if ($.notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs", "notificationLevel"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs.java new file mode 100644 index 000000000..ffe0943bd --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs.java @@ -0,0 +1,159 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs; +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs; +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs Empty = new GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs(); + + /** + * Admin notification settings + * + */ + @Import(name="adminNotifications") + private @Nullable Output adminNotifications; + + /** + * @return Admin notification settings + * + */ + public Optional> adminNotifications() { + return Optional.ofNullable(this.adminNotifications); + } + + /** + * Approver notification settings + * + */ + @Import(name="approverNotifications") + private @Nullable Output approverNotifications; + + /** + * @return Approver notification settings + * + */ + public Optional> approverNotifications() { + return Optional.ofNullable(this.approverNotifications); + } + + /** + * Assignee notification settings + * + */ + @Import(name="assigneeNotifications") + private @Nullable Output assigneeNotifications; + + /** + * @return Assignee notification settings + * + */ + public Optional> assigneeNotifications() { + return Optional.ofNullable(this.assigneeNotifications); + } + + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs() {} + + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs(GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs $) { + this.adminNotifications = $.adminNotifications; + this.approverNotifications = $.approverNotifications; + this.assigneeNotifications = $.assigneeNotifications; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs(); + } + + public Builder(GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs defaults) { + $ = new GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param adminNotifications Admin notification settings + * + * @return builder + * + */ + public Builder adminNotifications(@Nullable Output adminNotifications) { + $.adminNotifications = adminNotifications; + return this; + } + + /** + * @param adminNotifications Admin notification settings + * + * @return builder + * + */ + public Builder adminNotifications(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs adminNotifications) { + return adminNotifications(Output.of(adminNotifications)); + } + + /** + * @param approverNotifications Approver notification settings + * + * @return builder + * + */ + public Builder approverNotifications(@Nullable Output approverNotifications) { + $.approverNotifications = approverNotifications; + return this; + } + + /** + * @param approverNotifications Approver notification settings + * + * @return builder + * + */ + public Builder approverNotifications(GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs approverNotifications) { + return approverNotifications(Output.of(approverNotifications)); + } + + /** + * @param assigneeNotifications Assignee notification settings + * + * @return builder + * + */ + public Builder assigneeNotifications(@Nullable Output assigneeNotifications) { + $.assigneeNotifications = assigneeNotifications; + return this; + } + + /** + * @param assigneeNotifications Assignee notification settings + * + * @return builder + * + */ + public Builder assigneeNotifications(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs assigneeNotifications) { + return assigneeNotifications(Output.of(assigneeNotifications)); + } + + public GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs.java new file mode 100644 index 000000000..7d1328e91 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs.java @@ -0,0 +1,176 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs Empty = new GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs(); + + /** + * The additional recipients to notify + * + */ + @Import(name="additionalRecipients") + private @Nullable Output> additionalRecipients; + + /** + * @return The additional recipients to notify + * + */ + public Optional>> additionalRecipients() { + return Optional.ofNullable(this.additionalRecipients); + } + + /** + * Whether the default recipients are notified + * + */ + @Import(name="defaultRecipients", required=true) + private Output defaultRecipients; + + /** + * @return Whether the default recipients are notified + * + */ + public Output defaultRecipients() { + return this.defaultRecipients; + } + + /** + * What level of notifications are sent + * + */ + @Import(name="notificationLevel", required=true) + private Output notificationLevel; + + /** + * @return What level of notifications are sent + * + */ + public Output notificationLevel() { + return this.notificationLevel; + } + + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs() {} + + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs $) { + this.additionalRecipients = $.additionalRecipients; + this.defaultRecipients = $.defaultRecipients; + this.notificationLevel = $.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs(); + } + + public Builder(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs defaults) { + $ = new GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(@Nullable Output> additionalRecipients) { + $.additionalRecipients = additionalRecipients; + return this; + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(List additionalRecipients) { + return additionalRecipients(Output.of(additionalRecipients)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Output defaultRecipients) { + $.defaultRecipients = defaultRecipients; + return this; + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Boolean defaultRecipients) { + return defaultRecipients(Output.of(defaultRecipients)); + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(Output notificationLevel) { + $.notificationLevel = notificationLevel; + return this; + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(String notificationLevel) { + return notificationLevel(Output.of(notificationLevel)); + } + + public GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs build() { + if ($.defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs", "defaultRecipients"); + } + if ($.notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs", "notificationLevel"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs.java new file mode 100644 index 000000000..e2d8f0e7f --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs.java @@ -0,0 +1,176 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs Empty = new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs(); + + /** + * The additional recipients to notify + * + */ + @Import(name="additionalRecipients") + private @Nullable Output> additionalRecipients; + + /** + * @return The additional recipients to notify + * + */ + public Optional>> additionalRecipients() { + return Optional.ofNullable(this.additionalRecipients); + } + + /** + * Whether the default recipients are notified + * + */ + @Import(name="defaultRecipients", required=true) + private Output defaultRecipients; + + /** + * @return Whether the default recipients are notified + * + */ + public Output defaultRecipients() { + return this.defaultRecipients; + } + + /** + * What level of notifications are sent + * + */ + @Import(name="notificationLevel", required=true) + private Output notificationLevel; + + /** + * @return What level of notifications are sent + * + */ + public Output notificationLevel() { + return this.notificationLevel; + } + + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs() {} + + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs $) { + this.additionalRecipients = $.additionalRecipients; + this.defaultRecipients = $.defaultRecipients; + this.notificationLevel = $.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs(); + } + + public Builder(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs defaults) { + $ = new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(@Nullable Output> additionalRecipients) { + $.additionalRecipients = additionalRecipients; + return this; + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(List additionalRecipients) { + return additionalRecipients(Output.of(additionalRecipients)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Output defaultRecipients) { + $.defaultRecipients = defaultRecipients; + return this; + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Boolean defaultRecipients) { + return defaultRecipients(Output.of(defaultRecipients)); + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(Output notificationLevel) { + $.notificationLevel = notificationLevel; + return this; + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(String notificationLevel) { + return notificationLevel(Output.of(notificationLevel)); + } + + public GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs build() { + if ($.defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs", "defaultRecipients"); + } + if ($.notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs", "notificationLevel"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs.java new file mode 100644 index 000000000..6a21ad8e2 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs.java @@ -0,0 +1,176 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs Empty = new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs(); + + /** + * The additional recipients to notify + * + */ + @Import(name="additionalRecipients") + private @Nullable Output> additionalRecipients; + + /** + * @return The additional recipients to notify + * + */ + public Optional>> additionalRecipients() { + return Optional.ofNullable(this.additionalRecipients); + } + + /** + * Whether the default recipients are notified + * + */ + @Import(name="defaultRecipients", required=true) + private Output defaultRecipients; + + /** + * @return Whether the default recipients are notified + * + */ + public Output defaultRecipients() { + return this.defaultRecipients; + } + + /** + * What level of notifications are sent + * + */ + @Import(name="notificationLevel", required=true) + private Output notificationLevel; + + /** + * @return What level of notifications are sent + * + */ + public Output notificationLevel() { + return this.notificationLevel; + } + + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs() {} + + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs $) { + this.additionalRecipients = $.additionalRecipients; + this.defaultRecipients = $.defaultRecipients; + this.notificationLevel = $.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs(); + } + + public Builder(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs defaults) { + $ = new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(@Nullable Output> additionalRecipients) { + $.additionalRecipients = additionalRecipients; + return this; + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(List additionalRecipients) { + return additionalRecipients(Output.of(additionalRecipients)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Output defaultRecipients) { + $.defaultRecipients = defaultRecipients; + return this; + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Boolean defaultRecipients) { + return defaultRecipients(Output.of(defaultRecipients)); + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(Output notificationLevel) { + $.notificationLevel = notificationLevel; + return this; + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(String notificationLevel) { + return notificationLevel(Output.of(notificationLevel)); + } + + public GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs build() { + if ($.defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs", "defaultRecipients"); + } + if ($.notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs", "notificationLevel"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs.java new file mode 100644 index 000000000..1bb645604 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs.java @@ -0,0 +1,159 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs; +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs; +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs Empty = new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs(); + + /** + * Admin notification settings + * + */ + @Import(name="adminNotifications") + private @Nullable Output adminNotifications; + + /** + * @return Admin notification settings + * + */ + public Optional> adminNotifications() { + return Optional.ofNullable(this.adminNotifications); + } + + /** + * Approver notification settings + * + */ + @Import(name="approverNotifications") + private @Nullable Output approverNotifications; + + /** + * @return Approver notification settings + * + */ + public Optional> approverNotifications() { + return Optional.ofNullable(this.approverNotifications); + } + + /** + * Assignee notification settings + * + */ + @Import(name="assigneeNotifications") + private @Nullable Output assigneeNotifications; + + /** + * @return Assignee notification settings + * + */ + public Optional> assigneeNotifications() { + return Optional.ofNullable(this.assigneeNotifications); + } + + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs() {} + + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs $) { + this.adminNotifications = $.adminNotifications; + this.approverNotifications = $.approverNotifications; + this.assigneeNotifications = $.assigneeNotifications; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs(); + } + + public Builder(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs defaults) { + $ = new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param adminNotifications Admin notification settings + * + * @return builder + * + */ + public Builder adminNotifications(@Nullable Output adminNotifications) { + $.adminNotifications = adminNotifications; + return this; + } + + /** + * @param adminNotifications Admin notification settings + * + * @return builder + * + */ + public Builder adminNotifications(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs adminNotifications) { + return adminNotifications(Output.of(adminNotifications)); + } + + /** + * @param approverNotifications Approver notification settings + * + * @return builder + * + */ + public Builder approverNotifications(@Nullable Output approverNotifications) { + $.approverNotifications = approverNotifications; + return this; + } + + /** + * @param approverNotifications Approver notification settings + * + * @return builder + * + */ + public Builder approverNotifications(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs approverNotifications) { + return approverNotifications(Output.of(approverNotifications)); + } + + /** + * @param assigneeNotifications Assignee notification settings + * + * @return builder + * + */ + public Builder assigneeNotifications(@Nullable Output assigneeNotifications) { + $.assigneeNotifications = assigneeNotifications; + return this; + } + + /** + * @param assigneeNotifications Assignee notification settings + * + * @return builder + * + */ + public Builder assigneeNotifications(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs assigneeNotifications) { + return assigneeNotifications(Output.of(assigneeNotifications)); + } + + public GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs.java new file mode 100644 index 000000000..57be5df14 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs.java @@ -0,0 +1,176 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs Empty = new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs(); + + /** + * The additional recipients to notify + * + */ + @Import(name="additionalRecipients") + private @Nullable Output> additionalRecipients; + + /** + * @return The additional recipients to notify + * + */ + public Optional>> additionalRecipients() { + return Optional.ofNullable(this.additionalRecipients); + } + + /** + * Whether the default recipients are notified + * + */ + @Import(name="defaultRecipients", required=true) + private Output defaultRecipients; + + /** + * @return Whether the default recipients are notified + * + */ + public Output defaultRecipients() { + return this.defaultRecipients; + } + + /** + * What level of notifications are sent + * + */ + @Import(name="notificationLevel", required=true) + private Output notificationLevel; + + /** + * @return What level of notifications are sent + * + */ + public Output notificationLevel() { + return this.notificationLevel; + } + + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs() {} + + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs $) { + this.additionalRecipients = $.additionalRecipients; + this.defaultRecipients = $.defaultRecipients; + this.notificationLevel = $.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs $; + + public Builder() { + $ = new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs(); + } + + public Builder(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs defaults) { + $ = new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(@Nullable Output> additionalRecipients) { + $.additionalRecipients = additionalRecipients; + return this; + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(List additionalRecipients) { + return additionalRecipients(Output.of(additionalRecipients)); + } + + /** + * @param additionalRecipients The additional recipients to notify + * + * @return builder + * + */ + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Output defaultRecipients) { + $.defaultRecipients = defaultRecipients; + return this; + } + + /** + * @param defaultRecipients Whether the default recipients are notified + * + * @return builder + * + */ + public Builder defaultRecipients(Boolean defaultRecipients) { + return defaultRecipients(Output.of(defaultRecipients)); + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(Output notificationLevel) { + $.notificationLevel = notificationLevel; + return this; + } + + /** + * @param notificationLevel What level of notifications are sent + * + * @return builder + * + */ + public Builder notificationLevel(String notificationLevel) { + return notificationLevel(Output.of(notificationLevel)); + } + + public GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs build() { + if ($.defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs", "defaultRecipients"); + } + if ($.notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs", "notificationLevel"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyState.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyState.java new file mode 100644 index 000000000..ec02fc253 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupRoleManagementPolicyState.java @@ -0,0 +1,346 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyActivationRulesArgs; +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyActiveAssignmentRulesArgs; +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyEligibleAssignmentRulesArgs; +import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesArgs; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class GroupRoleManagementPolicyState extends com.pulumi.resources.ResourceArgs { + + public static final GroupRoleManagementPolicyState Empty = new GroupRoleManagementPolicyState(); + + /** + * An `activation_rules` block as defined below. + * + */ + @Import(name="activationRules") + private @Nullable Output activationRules; + + /** + * @return An `activation_rules` block as defined below. + * + */ + public Optional> activationRules() { + return Optional.ofNullable(this.activationRules); + } + + /** + * An `active_assignment_rules` block as defined below. + * + */ + @Import(name="activeAssignmentRules") + private @Nullable Output activeAssignmentRules; + + /** + * @return An `active_assignment_rules` block as defined below. + * + */ + public Optional> activeAssignmentRules() { + return Optional.ofNullable(this.activeAssignmentRules); + } + + /** + * (String) The description of this policy. + * + */ + @Import(name="description") + private @Nullable Output description; + + /** + * @return (String) The description of this policy. + * + */ + public Optional> description() { + return Optional.ofNullable(this.description); + } + + /** + * (String) The display name of this policy. + * + */ + @Import(name="displayName") + private @Nullable Output displayName; + + /** + * @return (String) The display name of this policy. + * + */ + public Optional> displayName() { + return Optional.ofNullable(this.displayName); + } + + /** + * An `eligible_assignment_rules` block as defined below. + * + */ + @Import(name="eligibleAssignmentRules") + private @Nullable Output eligibleAssignmentRules; + + /** + * @return An `eligible_assignment_rules` block as defined below. + * + */ + public Optional> eligibleAssignmentRules() { + return Optional.ofNullable(this.eligibleAssignmentRules); + } + + /** + * The ID of the Azure AD group for which the policy applies. + * + */ + @Import(name="groupId") + private @Nullable Output groupId; + + /** + * @return The ID of the Azure AD group for which the policy applies. + * + */ + public Optional> groupId() { + return Optional.ofNullable(this.groupId); + } + + /** + * A `notification_rules` block as defined below. + * + */ + @Import(name="notificationRules") + private @Nullable Output notificationRules; + + /** + * @return A `notification_rules` block as defined below. + * + */ + public Optional> notificationRules() { + return Optional.ofNullable(this.notificationRules); + } + + /** + * The type of assignment this policy coveres. Can be either `member` or `owner`. + * + */ + @Import(name="roleId") + private @Nullable Output roleId; + + /** + * @return The type of assignment this policy coveres. Can be either `member` or `owner`. + * + */ + public Optional> roleId() { + return Optional.ofNullable(this.roleId); + } + + private GroupRoleManagementPolicyState() {} + + private GroupRoleManagementPolicyState(GroupRoleManagementPolicyState $) { + this.activationRules = $.activationRules; + this.activeAssignmentRules = $.activeAssignmentRules; + this.description = $.description; + this.displayName = $.displayName; + this.eligibleAssignmentRules = $.eligibleAssignmentRules; + this.groupId = $.groupId; + this.notificationRules = $.notificationRules; + this.roleId = $.roleId; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(GroupRoleManagementPolicyState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private GroupRoleManagementPolicyState $; + + public Builder() { + $ = new GroupRoleManagementPolicyState(); + } + + public Builder(GroupRoleManagementPolicyState defaults) { + $ = new GroupRoleManagementPolicyState(Objects.requireNonNull(defaults)); + } + + /** + * @param activationRules An `activation_rules` block as defined below. + * + * @return builder + * + */ + public Builder activationRules(@Nullable Output activationRules) { + $.activationRules = activationRules; + return this; + } + + /** + * @param activationRules An `activation_rules` block as defined below. + * + * @return builder + * + */ + public Builder activationRules(GroupRoleManagementPolicyActivationRulesArgs activationRules) { + return activationRules(Output.of(activationRules)); + } + + /** + * @param activeAssignmentRules An `active_assignment_rules` block as defined below. + * + * @return builder + * + */ + public Builder activeAssignmentRules(@Nullable Output activeAssignmentRules) { + $.activeAssignmentRules = activeAssignmentRules; + return this; + } + + /** + * @param activeAssignmentRules An `active_assignment_rules` block as defined below. + * + * @return builder + * + */ + public Builder activeAssignmentRules(GroupRoleManagementPolicyActiveAssignmentRulesArgs activeAssignmentRules) { + return activeAssignmentRules(Output.of(activeAssignmentRules)); + } + + /** + * @param description (String) The description of this policy. + * + * @return builder + * + */ + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + /** + * @param description (String) The description of this policy. + * + * @return builder + * + */ + public Builder description(String description) { + return description(Output.of(description)); + } + + /** + * @param displayName (String) The display name of this policy. + * + * @return builder + * + */ + public Builder displayName(@Nullable Output displayName) { + $.displayName = displayName; + return this; + } + + /** + * @param displayName (String) The display name of this policy. + * + * @return builder + * + */ + public Builder displayName(String displayName) { + return displayName(Output.of(displayName)); + } + + /** + * @param eligibleAssignmentRules An `eligible_assignment_rules` block as defined below. + * + * @return builder + * + */ + public Builder eligibleAssignmentRules(@Nullable Output eligibleAssignmentRules) { + $.eligibleAssignmentRules = eligibleAssignmentRules; + return this; + } + + /** + * @param eligibleAssignmentRules An `eligible_assignment_rules` block as defined below. + * + * @return builder + * + */ + public Builder eligibleAssignmentRules(GroupRoleManagementPolicyEligibleAssignmentRulesArgs eligibleAssignmentRules) { + return eligibleAssignmentRules(Output.of(eligibleAssignmentRules)); + } + + /** + * @param groupId The ID of the Azure AD group for which the policy applies. + * + * @return builder + * + */ + public Builder groupId(@Nullable Output groupId) { + $.groupId = groupId; + return this; + } + + /** + * @param groupId The ID of the Azure AD group for which the policy applies. + * + * @return builder + * + */ + public Builder groupId(String groupId) { + return groupId(Output.of(groupId)); + } + + /** + * @param notificationRules A `notification_rules` block as defined below. + * + * @return builder + * + */ + public Builder notificationRules(@Nullable Output notificationRules) { + $.notificationRules = notificationRules; + return this; + } + + /** + * @param notificationRules A `notification_rules` block as defined below. + * + * @return builder + * + */ + public Builder notificationRules(GroupRoleManagementPolicyNotificationRulesArgs notificationRules) { + return notificationRules(Output.of(notificationRules)); + } + + /** + * @param roleId The type of assignment this policy coveres. Can be either `member` or `owner`. + * + * @return builder + * + */ + public Builder roleId(@Nullable Output roleId) { + $.roleId = roleId; + return this; + } + + /** + * @param roleId The type of assignment this policy coveres. Can be either `member` or `owner`. + * + * @return builder + * + */ + public Builder roleId(String roleId) { + return roleId(Output.of(roleId)); + } + + public GroupRoleManagementPolicyState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupState.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupState.java index e25c4a547..ec2b19e5d 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupState.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/GroupState.java @@ -72,14 +72,14 @@ public Optional> autoSubscribeNewMembers() { } /** - * A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + * A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. * */ @Import(name="behaviors") private @Nullable Output> behaviors; /** - * @return A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + * @return A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. * */ public Optional>> behaviors() { @@ -653,7 +653,7 @@ public Builder autoSubscribeNewMembers(Boolean autoSubscribeNewMembers) { } /** - * @param behaviors A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + * @param behaviors A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. * * @return builder * @@ -664,7 +664,7 @@ public Builder behaviors(@Nullable Output> behaviors) { } /** - * @param behaviors A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + * @param behaviors A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. * * @return builder * @@ -674,7 +674,7 @@ public Builder behaviors(List behaviors) { } /** - * @param behaviors A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + * @param behaviors A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/PrivilegedAccessGroupAssignmentScheduleState.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/PrivilegedAccessGroupAssignmentScheduleState.java new file mode 100644 index 000000000..b1d32e82f --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/PrivilegedAccessGroupAssignmentScheduleState.java @@ -0,0 +1,462 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class PrivilegedAccessGroupAssignmentScheduleState extends com.pulumi.resources.ResourceArgs { + + public static final PrivilegedAccessGroupAssignmentScheduleState Empty = new PrivilegedAccessGroupAssignmentScheduleState(); + + /** + * The type of assignment to the group. Can be either `member` or `owner`. + * + */ + @Import(name="assignmentType") + private @Nullable Output assignmentType; + + /** + * @return The type of assignment to the group. Can be either `member` or `owner`. + * + */ + public Optional> assignmentType() { + return Optional.ofNullable(this.assignmentType); + } + + /** + * The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + */ + @Import(name="duration") + private @Nullable Output duration; + + /** + * @return The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + */ + public Optional> duration() { + return Optional.ofNullable(this.duration); + } + + /** + * The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + */ + @Import(name="expirationDate") + private @Nullable Output expirationDate; + + /** + * @return The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + */ + public Optional> expirationDate() { + return Optional.ofNullable(this.expirationDate); + } + + /** + * The Object ID of the Azure AD group to which the principal will be assigned. + * + */ + @Import(name="groupId") + private @Nullable Output groupId; + + /** + * @return The Object ID of the Azure AD group to which the principal will be assigned. + * + */ + public Optional> groupId() { + return Optional.ofNullable(this.groupId); + } + + /** + * The justification for this assignment. May be required by the role policy. + * + */ + @Import(name="justification") + private @Nullable Output justification; + + /** + * @return The justification for this assignment. May be required by the role policy. + * + */ + public Optional> justification() { + return Optional.ofNullable(this.justification); + } + + /** + * Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + */ + @Import(name="permanentAssignment") + private @Nullable Output permanentAssignment; + + /** + * @return Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + */ + public Optional> permanentAssignment() { + return Optional.ofNullable(this.permanentAssignment); + } + + /** + * The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + */ + @Import(name="principalId") + private @Nullable Output principalId; + + /** + * @return The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + */ + public Optional> principalId() { + return Optional.ofNullable(this.principalId); + } + + /** + * The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + */ + @Import(name="startDate") + private @Nullable Output startDate; + + /** + * @return The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + */ + public Optional> startDate() { + return Optional.ofNullable(this.startDate); + } + + /** + * (String) The provisioning status of this request. + * + */ + @Import(name="status") + private @Nullable Output status; + + /** + * @return (String) The provisioning status of this request. + * + */ + public Optional> status() { + return Optional.ofNullable(this.status); + } + + /** + * The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + */ + @Import(name="ticketNumber") + private @Nullable Output ticketNumber; + + /** + * @return The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + */ + public Optional> ticketNumber() { + return Optional.ofNullable(this.ticketNumber); + } + + /** + * The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + */ + @Import(name="ticketSystem") + private @Nullable Output ticketSystem; + + /** + * @return The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + */ + public Optional> ticketSystem() { + return Optional.ofNullable(this.ticketSystem); + } + + private PrivilegedAccessGroupAssignmentScheduleState() {} + + private PrivilegedAccessGroupAssignmentScheduleState(PrivilegedAccessGroupAssignmentScheduleState $) { + this.assignmentType = $.assignmentType; + this.duration = $.duration; + this.expirationDate = $.expirationDate; + this.groupId = $.groupId; + this.justification = $.justification; + this.permanentAssignment = $.permanentAssignment; + this.principalId = $.principalId; + this.startDate = $.startDate; + this.status = $.status; + this.ticketNumber = $.ticketNumber; + this.ticketSystem = $.ticketSystem; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(PrivilegedAccessGroupAssignmentScheduleState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private PrivilegedAccessGroupAssignmentScheduleState $; + + public Builder() { + $ = new PrivilegedAccessGroupAssignmentScheduleState(); + } + + public Builder(PrivilegedAccessGroupAssignmentScheduleState defaults) { + $ = new PrivilegedAccessGroupAssignmentScheduleState(Objects.requireNonNull(defaults)); + } + + /** + * @param assignmentType The type of assignment to the group. Can be either `member` or `owner`. + * + * @return builder + * + */ + public Builder assignmentType(@Nullable Output assignmentType) { + $.assignmentType = assignmentType; + return this; + } + + /** + * @param assignmentType The type of assignment to the group. Can be either `member` or `owner`. + * + * @return builder + * + */ + public Builder assignmentType(String assignmentType) { + return assignmentType(Output.of(assignmentType)); + } + + /** + * @param duration The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + * @return builder + * + */ + public Builder duration(@Nullable Output duration) { + $.duration = duration; + return this; + } + + /** + * @param duration The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + * @return builder + * + */ + public Builder duration(String duration) { + return duration(Output.of(duration)); + } + + /** + * @param expirationDate The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + * @return builder + * + */ + public Builder expirationDate(@Nullable Output expirationDate) { + $.expirationDate = expirationDate; + return this; + } + + /** + * @param expirationDate The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + * @return builder + * + */ + public Builder expirationDate(String expirationDate) { + return expirationDate(Output.of(expirationDate)); + } + + /** + * @param groupId The Object ID of the Azure AD group to which the principal will be assigned. + * + * @return builder + * + */ + public Builder groupId(@Nullable Output groupId) { + $.groupId = groupId; + return this; + } + + /** + * @param groupId The Object ID of the Azure AD group to which the principal will be assigned. + * + * @return builder + * + */ + public Builder groupId(String groupId) { + return groupId(Output.of(groupId)); + } + + /** + * @param justification The justification for this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder justification(@Nullable Output justification) { + $.justification = justification; + return this; + } + + /** + * @param justification The justification for this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder justification(String justification) { + return justification(Output.of(justification)); + } + + /** + * @param permanentAssignment Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + * @return builder + * + */ + public Builder permanentAssignment(@Nullable Output permanentAssignment) { + $.permanentAssignment = permanentAssignment; + return this; + } + + /** + * @param permanentAssignment Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + * @return builder + * + */ + public Builder permanentAssignment(Boolean permanentAssignment) { + return permanentAssignment(Output.of(permanentAssignment)); + } + + /** + * @param principalId The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + * @return builder + * + */ + public Builder principalId(@Nullable Output principalId) { + $.principalId = principalId; + return this; + } + + /** + * @param principalId The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + * @return builder + * + */ + public Builder principalId(String principalId) { + return principalId(Output.of(principalId)); + } + + /** + * @param startDate The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + * @return builder + * + */ + public Builder startDate(@Nullable Output startDate) { + $.startDate = startDate; + return this; + } + + /** + * @param startDate The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + * @return builder + * + */ + public Builder startDate(String startDate) { + return startDate(Output.of(startDate)); + } + + /** + * @param status (String) The provisioning status of this request. + * + * @return builder + * + */ + public Builder status(@Nullable Output status) { + $.status = status; + return this; + } + + /** + * @param status (String) The provisioning status of this request. + * + * @return builder + * + */ + public Builder status(String status) { + return status(Output.of(status)); + } + + /** + * @param ticketNumber The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder ticketNumber(@Nullable Output ticketNumber) { + $.ticketNumber = ticketNumber; + return this; + } + + /** + * @param ticketNumber The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder ticketNumber(String ticketNumber) { + return ticketNumber(Output.of(ticketNumber)); + } + + /** + * @param ticketSystem The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder ticketSystem(@Nullable Output ticketSystem) { + $.ticketSystem = ticketSystem; + return this; + } + + /** + * @param ticketSystem The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder ticketSystem(String ticketSystem) { + return ticketSystem(Output.of(ticketSystem)); + } + + public PrivilegedAccessGroupAssignmentScheduleState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/PrivilegedAccessGroupEligibilityScheduleState.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/PrivilegedAccessGroupEligibilityScheduleState.java new file mode 100644 index 000000000..c24ec5280 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/PrivilegedAccessGroupEligibilityScheduleState.java @@ -0,0 +1,462 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class PrivilegedAccessGroupEligibilityScheduleState extends com.pulumi.resources.ResourceArgs { + + public static final PrivilegedAccessGroupEligibilityScheduleState Empty = new PrivilegedAccessGroupEligibilityScheduleState(); + + /** + * The type of assignment to the group. Can be either `member` or `owner`. + * + */ + @Import(name="assignmentType") + private @Nullable Output assignmentType; + + /** + * @return The type of assignment to the group. Can be either `member` or `owner`. + * + */ + public Optional> assignmentType() { + return Optional.ofNullable(this.assignmentType); + } + + /** + * The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + */ + @Import(name="duration") + private @Nullable Output duration; + + /** + * @return The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + */ + public Optional> duration() { + return Optional.ofNullable(this.duration); + } + + /** + * The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + */ + @Import(name="expirationDate") + private @Nullable Output expirationDate; + + /** + * @return The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + */ + public Optional> expirationDate() { + return Optional.ofNullable(this.expirationDate); + } + + /** + * The Object ID of the Azure AD group to which the principal will be assigned. + * + */ + @Import(name="groupId") + private @Nullable Output groupId; + + /** + * @return The Object ID of the Azure AD group to which the principal will be assigned. + * + */ + public Optional> groupId() { + return Optional.ofNullable(this.groupId); + } + + /** + * The justification for this assignment. May be required by the role policy. + * + */ + @Import(name="justification") + private @Nullable Output justification; + + /** + * @return The justification for this assignment. May be required by the role policy. + * + */ + public Optional> justification() { + return Optional.ofNullable(this.justification); + } + + /** + * Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + */ + @Import(name="permanentAssignment") + private @Nullable Output permanentAssignment; + + /** + * @return Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + */ + public Optional> permanentAssignment() { + return Optional.ofNullable(this.permanentAssignment); + } + + /** + * The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + */ + @Import(name="principalId") + private @Nullable Output principalId; + + /** + * @return The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + */ + public Optional> principalId() { + return Optional.ofNullable(this.principalId); + } + + /** + * The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + */ + @Import(name="startDate") + private @Nullable Output startDate; + + /** + * @return The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + */ + public Optional> startDate() { + return Optional.ofNullable(this.startDate); + } + + /** + * (String) The provisioning status of this request. + * + */ + @Import(name="status") + private @Nullable Output status; + + /** + * @return (String) The provisioning status of this request. + * + */ + public Optional> status() { + return Optional.ofNullable(this.status); + } + + /** + * The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + */ + @Import(name="ticketNumber") + private @Nullable Output ticketNumber; + + /** + * @return The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + */ + public Optional> ticketNumber() { + return Optional.ofNullable(this.ticketNumber); + } + + /** + * The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + */ + @Import(name="ticketSystem") + private @Nullable Output ticketSystem; + + /** + * @return The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + */ + public Optional> ticketSystem() { + return Optional.ofNullable(this.ticketSystem); + } + + private PrivilegedAccessGroupEligibilityScheduleState() {} + + private PrivilegedAccessGroupEligibilityScheduleState(PrivilegedAccessGroupEligibilityScheduleState $) { + this.assignmentType = $.assignmentType; + this.duration = $.duration; + this.expirationDate = $.expirationDate; + this.groupId = $.groupId; + this.justification = $.justification; + this.permanentAssignment = $.permanentAssignment; + this.principalId = $.principalId; + this.startDate = $.startDate; + this.status = $.status; + this.ticketNumber = $.ticketNumber; + this.ticketSystem = $.ticketSystem; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(PrivilegedAccessGroupEligibilityScheduleState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private PrivilegedAccessGroupEligibilityScheduleState $; + + public Builder() { + $ = new PrivilegedAccessGroupEligibilityScheduleState(); + } + + public Builder(PrivilegedAccessGroupEligibilityScheduleState defaults) { + $ = new PrivilegedAccessGroupEligibilityScheduleState(Objects.requireNonNull(defaults)); + } + + /** + * @param assignmentType The type of assignment to the group. Can be either `member` or `owner`. + * + * @return builder + * + */ + public Builder assignmentType(@Nullable Output assignmentType) { + $.assignmentType = assignmentType; + return this; + } + + /** + * @param assignmentType The type of assignment to the group. Can be either `member` or `owner`. + * + * @return builder + * + */ + public Builder assignmentType(String assignmentType) { + return assignmentType(Output.of(assignmentType)); + } + + /** + * @param duration The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + * @return builder + * + */ + public Builder duration(@Nullable Output duration) { + $.duration = duration; + return this; + } + + /** + * @param duration The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + * + * @return builder + * + */ + public Builder duration(String duration) { + return duration(Output.of(duration)); + } + + /** + * @param expirationDate The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + * @return builder + * + */ + public Builder expirationDate(@Nullable Output expirationDate) { + $.expirationDate = expirationDate; + return this; + } + + /** + * @param expirationDate The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + * + * @return builder + * + */ + public Builder expirationDate(String expirationDate) { + return expirationDate(Output.of(expirationDate)); + } + + /** + * @param groupId The Object ID of the Azure AD group to which the principal will be assigned. + * + * @return builder + * + */ + public Builder groupId(@Nullable Output groupId) { + $.groupId = groupId; + return this; + } + + /** + * @param groupId The Object ID of the Azure AD group to which the principal will be assigned. + * + * @return builder + * + */ + public Builder groupId(String groupId) { + return groupId(Output.of(groupId)); + } + + /** + * @param justification The justification for this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder justification(@Nullable Output justification) { + $.justification = justification; + return this; + } + + /** + * @param justification The justification for this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder justification(String justification) { + return justification(Output.of(justification)); + } + + /** + * @param permanentAssignment Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + * @return builder + * + */ + public Builder permanentAssignment(@Nullable Output permanentAssignment) { + $.permanentAssignment = permanentAssignment; + return this; + } + + /** + * @param permanentAssignment Is this assigment permanently valid. + * + * At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + * + * @return builder + * + */ + public Builder permanentAssignment(Boolean permanentAssignment) { + return permanentAssignment(Output.of(permanentAssignment)); + } + + /** + * @param principalId The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + * @return builder + * + */ + public Builder principalId(@Nullable Output principalId) { + $.principalId = principalId; + return this; + } + + /** + * @param principalId The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + * + * @return builder + * + */ + public Builder principalId(String principalId) { + return principalId(Output.of(principalId)); + } + + /** + * @param startDate The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + * @return builder + * + */ + public Builder startDate(@Nullable Output startDate) { + $.startDate = startDate; + return this; + } + + /** + * @param startDate The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + * + * @return builder + * + */ + public Builder startDate(String startDate) { + return startDate(Output.of(startDate)); + } + + /** + * @param status (String) The provisioning status of this request. + * + * @return builder + * + */ + public Builder status(@Nullable Output status) { + $.status = status; + return this; + } + + /** + * @param status (String) The provisioning status of this request. + * + * @return builder + * + */ + public Builder status(String status) { + return status(Output.of(status)); + } + + /** + * @param ticketNumber The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder ticketNumber(@Nullable Output ticketNumber) { + $.ticketNumber = ticketNumber; + return this; + } + + /** + * @param ticketNumber The ticket number in the ticket system approving this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder ticketNumber(String ticketNumber) { + return ticketNumber(Output.of(ticketNumber)); + } + + /** + * @param ticketSystem The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder ticketSystem(@Nullable Output ticketSystem) { + $.ticketSystem = ticketSystem; + return this; + } + + /** + * @param ticketSystem The ticket system containing the ticket number approving this assignment. May be required by the role policy. + * + * @return builder + * + */ + public Builder ticketSystem(String ticketSystem) { + return ticketSystem(Output.of(ticketSystem)); + } + + public PrivilegedAccessGroupEligibilityScheduleState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobProvisionOnDemandParameterArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobProvisionOnDemandParameterArgs.java new file mode 100644 index 000000000..584fd8fb8 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobProvisionOnDemandParameterArgs.java @@ -0,0 +1,137 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.azuread.inputs.SynchronizationJobProvisionOnDemandParameterSubjectArgs; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.List; +import java.util.Objects; + + +public final class SynchronizationJobProvisionOnDemandParameterArgs extends com.pulumi.resources.ResourceArgs { + + public static final SynchronizationJobProvisionOnDemandParameterArgs Empty = new SynchronizationJobProvisionOnDemandParameterArgs(); + + /** + * The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + * + */ + @Import(name="ruleId", required=true) + private Output ruleId; + + /** + * @return The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + * + */ + public Output ruleId() { + return this.ruleId; + } + + /** + * One or more `subject` blocks as documented below. + * + */ + @Import(name="subjects", required=true) + private Output> subjects; + + /** + * @return One or more `subject` blocks as documented below. + * + */ + public Output> subjects() { + return this.subjects; + } + + private SynchronizationJobProvisionOnDemandParameterArgs() {} + + private SynchronizationJobProvisionOnDemandParameterArgs(SynchronizationJobProvisionOnDemandParameterArgs $) { + this.ruleId = $.ruleId; + this.subjects = $.subjects; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SynchronizationJobProvisionOnDemandParameterArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SynchronizationJobProvisionOnDemandParameterArgs $; + + public Builder() { + $ = new SynchronizationJobProvisionOnDemandParameterArgs(); + } + + public Builder(SynchronizationJobProvisionOnDemandParameterArgs defaults) { + $ = new SynchronizationJobProvisionOnDemandParameterArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param ruleId The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + * + * @return builder + * + */ + public Builder ruleId(Output ruleId) { + $.ruleId = ruleId; + return this; + } + + /** + * @param ruleId The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + * + * @return builder + * + */ + public Builder ruleId(String ruleId) { + return ruleId(Output.of(ruleId)); + } + + /** + * @param subjects One or more `subject` blocks as documented below. + * + * @return builder + * + */ + public Builder subjects(Output> subjects) { + $.subjects = subjects; + return this; + } + + /** + * @param subjects One or more `subject` blocks as documented below. + * + * @return builder + * + */ + public Builder subjects(List subjects) { + return subjects(Output.of(subjects)); + } + + /** + * @param subjects One or more `subject` blocks as documented below. + * + * @return builder + * + */ + public Builder subjects(SynchronizationJobProvisionOnDemandParameterSubjectArgs... subjects) { + return subjects(List.of(subjects)); + } + + public SynchronizationJobProvisionOnDemandParameterArgs build() { + if ($.ruleId == null) { + throw new MissingRequiredPropertyException("SynchronizationJobProvisionOnDemandParameterArgs", "ruleId"); + } + if ($.subjects == null) { + throw new MissingRequiredPropertyException("SynchronizationJobProvisionOnDemandParameterArgs", "subjects"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobProvisionOnDemandParameterSubjectArgs.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobProvisionOnDemandParameterSubjectArgs.java new file mode 100644 index 000000000..d28279004 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobProvisionOnDemandParameterSubjectArgs.java @@ -0,0 +1,125 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; + + +public final class SynchronizationJobProvisionOnDemandParameterSubjectArgs extends com.pulumi.resources.ResourceArgs { + + public static final SynchronizationJobProvisionOnDemandParameterSubjectArgs Empty = new SynchronizationJobProvisionOnDemandParameterSubjectArgs(); + + /** + * The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + * + */ + @Import(name="objectId", required=true) + private Output objectId; + + /** + * @return The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + * + */ + public Output objectId() { + return this.objectId; + } + + /** + * The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + * + */ + @Import(name="objectTypeName", required=true) + private Output objectTypeName; + + /** + * @return The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + * + */ + public Output objectTypeName() { + return this.objectTypeName; + } + + private SynchronizationJobProvisionOnDemandParameterSubjectArgs() {} + + private SynchronizationJobProvisionOnDemandParameterSubjectArgs(SynchronizationJobProvisionOnDemandParameterSubjectArgs $) { + this.objectId = $.objectId; + this.objectTypeName = $.objectTypeName; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SynchronizationJobProvisionOnDemandParameterSubjectArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SynchronizationJobProvisionOnDemandParameterSubjectArgs $; + + public Builder() { + $ = new SynchronizationJobProvisionOnDemandParameterSubjectArgs(); + } + + public Builder(SynchronizationJobProvisionOnDemandParameterSubjectArgs defaults) { + $ = new SynchronizationJobProvisionOnDemandParameterSubjectArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param objectId The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + * + * @return builder + * + */ + public Builder objectId(Output objectId) { + $.objectId = objectId; + return this; + } + + /** + * @param objectId The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + * + * @return builder + * + */ + public Builder objectId(String objectId) { + return objectId(Output.of(objectId)); + } + + /** + * @param objectTypeName The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + * + * @return builder + * + */ + public Builder objectTypeName(Output objectTypeName) { + $.objectTypeName = objectTypeName; + return this; + } + + /** + * @param objectTypeName The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + * + * @return builder + * + */ + public Builder objectTypeName(String objectTypeName) { + return objectTypeName(Output.of(objectTypeName)); + } + + public SynchronizationJobProvisionOnDemandParameterSubjectArgs build() { + if ($.objectId == null) { + throw new MissingRequiredPropertyException("SynchronizationJobProvisionOnDemandParameterSubjectArgs", "objectId"); + } + if ($.objectTypeName == null) { + throw new MissingRequiredPropertyException("SynchronizationJobProvisionOnDemandParameterSubjectArgs", "objectTypeName"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobProvisionOnDemandState.java b/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobProvisionOnDemandState.java new file mode 100644 index 000000000..017b82bd3 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/inputs/SynchronizationJobProvisionOnDemandState.java @@ -0,0 +1,187 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.inputs; + +import com.pulumi.azuread.inputs.SynchronizationJobProvisionOnDemandParameterArgs; +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class SynchronizationJobProvisionOnDemandState extends com.pulumi.resources.ResourceArgs { + + public static final SynchronizationJobProvisionOnDemandState Empty = new SynchronizationJobProvisionOnDemandState(); + + /** + * One or more `parameter` blocks as documented below. + * + */ + @Import(name="parameters") + private @Nullable Output> parameters; + + /** + * @return One or more `parameter` blocks as documented below. + * + */ + public Optional>> parameters() { + return Optional.ofNullable(this.parameters); + } + + /** + * The object ID of the service principal for the synchronization job. + * + */ + @Import(name="servicePrincipalId") + private @Nullable Output servicePrincipalId; + + /** + * @return The object ID of the service principal for the synchronization job. + * + */ + public Optional> servicePrincipalId() { + return Optional.ofNullable(this.servicePrincipalId); + } + + /** + * Identifier of the synchronization template this job is based on. + * + */ + @Import(name="synchronizationJobId") + private @Nullable Output synchronizationJobId; + + /** + * @return Identifier of the synchronization template this job is based on. + * + */ + public Optional> synchronizationJobId() { + return Optional.ofNullable(this.synchronizationJobId); + } + + @Import(name="triggers") + private @Nullable Output> triggers; + + public Optional>> triggers() { + return Optional.ofNullable(this.triggers); + } + + private SynchronizationJobProvisionOnDemandState() {} + + private SynchronizationJobProvisionOnDemandState(SynchronizationJobProvisionOnDemandState $) { + this.parameters = $.parameters; + this.servicePrincipalId = $.servicePrincipalId; + this.synchronizationJobId = $.synchronizationJobId; + this.triggers = $.triggers; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(SynchronizationJobProvisionOnDemandState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private SynchronizationJobProvisionOnDemandState $; + + public Builder() { + $ = new SynchronizationJobProvisionOnDemandState(); + } + + public Builder(SynchronizationJobProvisionOnDemandState defaults) { + $ = new SynchronizationJobProvisionOnDemandState(Objects.requireNonNull(defaults)); + } + + /** + * @param parameters One or more `parameter` blocks as documented below. + * + * @return builder + * + */ + public Builder parameters(@Nullable Output> parameters) { + $.parameters = parameters; + return this; + } + + /** + * @param parameters One or more `parameter` blocks as documented below. + * + * @return builder + * + */ + public Builder parameters(List parameters) { + return parameters(Output.of(parameters)); + } + + /** + * @param parameters One or more `parameter` blocks as documented below. + * + * @return builder + * + */ + public Builder parameters(SynchronizationJobProvisionOnDemandParameterArgs... parameters) { + return parameters(List.of(parameters)); + } + + /** + * @param servicePrincipalId The object ID of the service principal for the synchronization job. + * + * @return builder + * + */ + public Builder servicePrincipalId(@Nullable Output servicePrincipalId) { + $.servicePrincipalId = servicePrincipalId; + return this; + } + + /** + * @param servicePrincipalId The object ID of the service principal for the synchronization job. + * + * @return builder + * + */ + public Builder servicePrincipalId(String servicePrincipalId) { + return servicePrincipalId(Output.of(servicePrincipalId)); + } + + /** + * @param synchronizationJobId Identifier of the synchronization template this job is based on. + * + * @return builder + * + */ + public Builder synchronizationJobId(@Nullable Output synchronizationJobId) { + $.synchronizationJobId = synchronizationJobId; + return this; + } + + /** + * @param synchronizationJobId Identifier of the synchronization template this job is based on. + * + * @return builder + * + */ + public Builder synchronizationJobId(String synchronizationJobId) { + return synchronizationJobId(Output.of(synchronizationJobId)); + } + + public Builder triggers(@Nullable Output> triggers) { + $.triggers = triggers; + return this; + } + + public Builder triggers(Map triggers) { + return triggers(Output.of(triggers)); + } + + public SynchronizationJobProvisionOnDemandState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GetGroupResult.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GetGroupResult.java index 6f6be920d..7ea53ab77 100644 --- a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GetGroupResult.java +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GetGroupResult.java @@ -10,6 +10,8 @@ import java.lang.String; import java.util.List; import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; @CustomType public final class GetGroupResult { @@ -63,6 +65,7 @@ public final class GetGroupResult { * */ private String id; + private @Nullable Boolean includeTransitiveMembers; /** * @return The SMTP address for the group. * @@ -79,7 +82,7 @@ public final class GetGroupResult { */ private String mailNickname; /** - * @return List of object IDs of the group members. + * @return List of object IDs of the group members. When `include_transitive_members` is `true`, contains a list of object IDs of all transitive group members. * */ private List members; @@ -235,6 +238,9 @@ public Boolean hideFromOutlookClients() { public String id() { return this.id; } + public Optional includeTransitiveMembers() { + return Optional.ofNullable(this.includeTransitiveMembers); + } /** * @return The SMTP address for the group. * @@ -257,7 +263,7 @@ public String mailNickname() { return this.mailNickname; } /** - * @return List of object IDs of the group members. + * @return List of object IDs of the group members. When `include_transitive_members` is `true`, contains a list of object IDs of all transitive group members. * */ public List members() { @@ -395,6 +401,7 @@ public static final class Builder { private Boolean hideFromAddressLists; private Boolean hideFromOutlookClients; private String id; + private @Nullable Boolean includeTransitiveMembers; private String mail; private Boolean mailEnabled; private String mailNickname; @@ -428,6 +435,7 @@ public Builder(GetGroupResult defaults) { this.hideFromAddressLists = defaults.hideFromAddressLists; this.hideFromOutlookClients = defaults.hideFromOutlookClients; this.id = defaults.id; + this.includeTransitiveMembers = defaults.includeTransitiveMembers; this.mail = defaults.mail; this.mailEnabled = defaults.mailEnabled; this.mailNickname = defaults.mailNickname; @@ -537,6 +545,12 @@ public Builder id(String id) { return this; } @CustomType.Setter + public Builder includeTransitiveMembers(@Nullable Boolean includeTransitiveMembers) { + + this.includeTransitiveMembers = includeTransitiveMembers; + return this; + } + @CustomType.Setter public Builder mail(String mail) { if (mail == null) { throw new MissingRequiredPropertyException("GetGroupResult", "mail"); @@ -723,6 +737,7 @@ public GetGroupResult build() { _resultValue.hideFromAddressLists = hideFromAddressLists; _resultValue.hideFromOutlookClients = hideFromOutlookClients; _resultValue.id = id; + _resultValue.includeTransitiveMembers = includeTransitiveMembers; _resultValue.mail = mail; _resultValue.mailEnabled = mailEnabled; _resultValue.mailNickname = mailNickname; diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GetGroupRoleManagementPolicyResult.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GetGroupRoleManagementPolicyResult.java new file mode 100644 index 000000000..35f18ed59 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GetGroupRoleManagementPolicyResult.java @@ -0,0 +1,134 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; + +@CustomType +public final class GetGroupRoleManagementPolicyResult { + /** + * @return (String) The description of this policy. + * + */ + private String description; + /** + * @return (String) The display name of this policy. + * + */ + private String displayName; + private String groupId; + /** + * @return The provider-assigned unique ID for this managed resource. + * + */ + private String id; + private String roleId; + + private GetGroupRoleManagementPolicyResult() {} + /** + * @return (String) The description of this policy. + * + */ + public String description() { + return this.description; + } + /** + * @return (String) The display name of this policy. + * + */ + public String displayName() { + return this.displayName; + } + public String groupId() { + return this.groupId; + } + /** + * @return The provider-assigned unique ID for this managed resource. + * + */ + public String id() { + return this.id; + } + public String roleId() { + return this.roleId; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GetGroupRoleManagementPolicyResult defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private String description; + private String displayName; + private String groupId; + private String id; + private String roleId; + public Builder() {} + public Builder(GetGroupRoleManagementPolicyResult defaults) { + Objects.requireNonNull(defaults); + this.description = defaults.description; + this.displayName = defaults.displayName; + this.groupId = defaults.groupId; + this.id = defaults.id; + this.roleId = defaults.roleId; + } + + @CustomType.Setter + public Builder description(String description) { + if (description == null) { + throw new MissingRequiredPropertyException("GetGroupRoleManagementPolicyResult", "description"); + } + this.description = description; + return this; + } + @CustomType.Setter + public Builder displayName(String displayName) { + if (displayName == null) { + throw new MissingRequiredPropertyException("GetGroupRoleManagementPolicyResult", "displayName"); + } + this.displayName = displayName; + return this; + } + @CustomType.Setter + public Builder groupId(String groupId) { + if (groupId == null) { + throw new MissingRequiredPropertyException("GetGroupRoleManagementPolicyResult", "groupId"); + } + this.groupId = groupId; + return this; + } + @CustomType.Setter + public Builder id(String id) { + if (id == null) { + throw new MissingRequiredPropertyException("GetGroupRoleManagementPolicyResult", "id"); + } + this.id = id; + return this; + } + @CustomType.Setter + public Builder roleId(String roleId) { + if (roleId == null) { + throw new MissingRequiredPropertyException("GetGroupRoleManagementPolicyResult", "roleId"); + } + this.roleId = roleId; + return this; + } + public GetGroupRoleManagementPolicyResult build() { + final var _resultValue = new GetGroupRoleManagementPolicyResult(); + _resultValue.description = description; + _resultValue.displayName = displayName; + _resultValue.groupId = groupId; + _resultValue.id = id; + _resultValue.roleId = roleId; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyActivationRules.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyActivationRules.java new file mode 100644 index 000000000..e868475d0 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyActivationRules.java @@ -0,0 +1,185 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.azuread.outputs.GroupRoleManagementPolicyActivationRulesApprovalStage; +import com.pulumi.core.annotations.CustomType; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyActivationRules { + /** + * @return An `approval_stage` block as defined below. + * + */ + private @Nullable GroupRoleManagementPolicyActivationRulesApprovalStage approvalStage; + /** + * @return The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + * + */ + private @Nullable String maximumDuration; + /** + * @return Is approval required for activation. If `true` an `approval_stage` block must be provided. + * + */ + private @Nullable Boolean requireApproval; + /** + * @return Is a justification required during activation of the role. + * + */ + private @Nullable Boolean requireJustification; + /** + * @return Is multi-factor authentication required to activate the role. Conflicts with `required_conditional_access_authentication_context`. + * + */ + private @Nullable Boolean requireMultifactorAuthentication; + /** + * @return Is ticket information requrired during activation of the role. + * + */ + private @Nullable Boolean requireTicketInfo; + /** + * @return The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + * + */ + private @Nullable String requiredConditionalAccessAuthenticationContext; + + private GroupRoleManagementPolicyActivationRules() {} + /** + * @return An `approval_stage` block as defined below. + * + */ + public Optional approvalStage() { + return Optional.ofNullable(this.approvalStage); + } + /** + * @return The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + * + */ + public Optional maximumDuration() { + return Optional.ofNullable(this.maximumDuration); + } + /** + * @return Is approval required for activation. If `true` an `approval_stage` block must be provided. + * + */ + public Optional requireApproval() { + return Optional.ofNullable(this.requireApproval); + } + /** + * @return Is a justification required during activation of the role. + * + */ + public Optional requireJustification() { + return Optional.ofNullable(this.requireJustification); + } + /** + * @return Is multi-factor authentication required to activate the role. Conflicts with `required_conditional_access_authentication_context`. + * + */ + public Optional requireMultifactorAuthentication() { + return Optional.ofNullable(this.requireMultifactorAuthentication); + } + /** + * @return Is ticket information requrired during activation of the role. + * + */ + public Optional requireTicketInfo() { + return Optional.ofNullable(this.requireTicketInfo); + } + /** + * @return The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + * + */ + public Optional requiredConditionalAccessAuthenticationContext() { + return Optional.ofNullable(this.requiredConditionalAccessAuthenticationContext); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyActivationRules defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable GroupRoleManagementPolicyActivationRulesApprovalStage approvalStage; + private @Nullable String maximumDuration; + private @Nullable Boolean requireApproval; + private @Nullable Boolean requireJustification; + private @Nullable Boolean requireMultifactorAuthentication; + private @Nullable Boolean requireTicketInfo; + private @Nullable String requiredConditionalAccessAuthenticationContext; + public Builder() {} + public Builder(GroupRoleManagementPolicyActivationRules defaults) { + Objects.requireNonNull(defaults); + this.approvalStage = defaults.approvalStage; + this.maximumDuration = defaults.maximumDuration; + this.requireApproval = defaults.requireApproval; + this.requireJustification = defaults.requireJustification; + this.requireMultifactorAuthentication = defaults.requireMultifactorAuthentication; + this.requireTicketInfo = defaults.requireTicketInfo; + this.requiredConditionalAccessAuthenticationContext = defaults.requiredConditionalAccessAuthenticationContext; + } + + @CustomType.Setter + public Builder approvalStage(@Nullable GroupRoleManagementPolicyActivationRulesApprovalStage approvalStage) { + + this.approvalStage = approvalStage; + return this; + } + @CustomType.Setter + public Builder maximumDuration(@Nullable String maximumDuration) { + + this.maximumDuration = maximumDuration; + return this; + } + @CustomType.Setter + public Builder requireApproval(@Nullable Boolean requireApproval) { + + this.requireApproval = requireApproval; + return this; + } + @CustomType.Setter + public Builder requireJustification(@Nullable Boolean requireJustification) { + + this.requireJustification = requireJustification; + return this; + } + @CustomType.Setter + public Builder requireMultifactorAuthentication(@Nullable Boolean requireMultifactorAuthentication) { + + this.requireMultifactorAuthentication = requireMultifactorAuthentication; + return this; + } + @CustomType.Setter + public Builder requireTicketInfo(@Nullable Boolean requireTicketInfo) { + + this.requireTicketInfo = requireTicketInfo; + return this; + } + @CustomType.Setter + public Builder requiredConditionalAccessAuthenticationContext(@Nullable String requiredConditionalAccessAuthenticationContext) { + + this.requiredConditionalAccessAuthenticationContext = requiredConditionalAccessAuthenticationContext; + return this; + } + public GroupRoleManagementPolicyActivationRules build() { + final var _resultValue = new GroupRoleManagementPolicyActivationRules(); + _resultValue.approvalStage = approvalStage; + _resultValue.maximumDuration = maximumDuration; + _resultValue.requireApproval = requireApproval; + _resultValue.requireJustification = requireJustification; + _resultValue.requireMultifactorAuthentication = requireMultifactorAuthentication; + _resultValue.requireTicketInfo = requireTicketInfo; + _resultValue.requiredConditionalAccessAuthenticationContext = requiredConditionalAccessAuthenticationContext; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyActivationRulesApprovalStage.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyActivationRulesApprovalStage.java new file mode 100644 index 000000000..14f79d4d8 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyActivationRulesApprovalStage.java @@ -0,0 +1,62 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.azuread.outputs.GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover; +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.util.List; +import java.util.Objects; + +@CustomType +public final class GroupRoleManagementPolicyActivationRulesApprovalStage { + /** + * @return The IDs of the users or groups who can approve the activation + * + */ + private List primaryApprovers; + + private GroupRoleManagementPolicyActivationRulesApprovalStage() {} + /** + * @return The IDs of the users or groups who can approve the activation + * + */ + public List primaryApprovers() { + return this.primaryApprovers; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyActivationRulesApprovalStage defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private List primaryApprovers; + public Builder() {} + public Builder(GroupRoleManagementPolicyActivationRulesApprovalStage defaults) { + Objects.requireNonNull(defaults); + this.primaryApprovers = defaults.primaryApprovers; + } + + @CustomType.Setter + public Builder primaryApprovers(List primaryApprovers) { + if (primaryApprovers == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyActivationRulesApprovalStage", "primaryApprovers"); + } + this.primaryApprovers = primaryApprovers; + return this; + } + public Builder primaryApprovers(GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover... primaryApprovers) { + return primaryApprovers(List.of(primaryApprovers)); + } + public GroupRoleManagementPolicyActivationRulesApprovalStage build() { + final var _resultValue = new GroupRoleManagementPolicyActivationRulesApprovalStage(); + _resultValue.primaryApprovers = primaryApprovers; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover.java new file mode 100644 index 000000000..c4bea61ef --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover.java @@ -0,0 +1,81 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover { + /** + * @return The ID of the object which will act as an approver. + * + */ + private String objectId; + /** + * @return The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + * + */ + private @Nullable String type; + + private GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover() {} + /** + * @return The ID of the object which will act as an approver. + * + */ + public String objectId() { + return this.objectId; + } + /** + * @return The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + * + */ + public Optional type() { + return Optional.ofNullable(this.type); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private String objectId; + private @Nullable String type; + public Builder() {} + public Builder(GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover defaults) { + Objects.requireNonNull(defaults); + this.objectId = defaults.objectId; + this.type = defaults.type; + } + + @CustomType.Setter + public Builder objectId(String objectId) { + if (objectId == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover", "objectId"); + } + this.objectId = objectId; + return this; + } + @CustomType.Setter + public Builder type(@Nullable String type) { + + this.type = type; + return this; + } + public GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover build() { + final var _resultValue = new GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover(); + _resultValue.objectId = objectId; + _resultValue.type = type; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyActiveAssignmentRules.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyActiveAssignmentRules.java new file mode 100644 index 000000000..f8f22756a --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyActiveAssignmentRules.java @@ -0,0 +1,146 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyActiveAssignmentRules { + /** + * @return Must an assignment have an expiry date. `false` allows permanent assignment. + * + */ + private @Nullable Boolean expirationRequired; + /** + * @return The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + * + */ + private @Nullable String expireAfter; + /** + * @return Is a justification required to create new assignments. + * + */ + private @Nullable Boolean requireJustification; + /** + * @return Is multi-factor authentication required to create new assignments. + * + */ + private @Nullable Boolean requireMultifactorAuthentication; + /** + * @return Is ticket information required to create new assignments. + * + * One of `expiration_required` or `expire_after` must be provided. + * + */ + private @Nullable Boolean requireTicketInfo; + + private GroupRoleManagementPolicyActiveAssignmentRules() {} + /** + * @return Must an assignment have an expiry date. `false` allows permanent assignment. + * + */ + public Optional expirationRequired() { + return Optional.ofNullable(this.expirationRequired); + } + /** + * @return The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + * + */ + public Optional expireAfter() { + return Optional.ofNullable(this.expireAfter); + } + /** + * @return Is a justification required to create new assignments. + * + */ + public Optional requireJustification() { + return Optional.ofNullable(this.requireJustification); + } + /** + * @return Is multi-factor authentication required to create new assignments. + * + */ + public Optional requireMultifactorAuthentication() { + return Optional.ofNullable(this.requireMultifactorAuthentication); + } + /** + * @return Is ticket information required to create new assignments. + * + * One of `expiration_required` or `expire_after` must be provided. + * + */ + public Optional requireTicketInfo() { + return Optional.ofNullable(this.requireTicketInfo); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyActiveAssignmentRules defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable Boolean expirationRequired; + private @Nullable String expireAfter; + private @Nullable Boolean requireJustification; + private @Nullable Boolean requireMultifactorAuthentication; + private @Nullable Boolean requireTicketInfo; + public Builder() {} + public Builder(GroupRoleManagementPolicyActiveAssignmentRules defaults) { + Objects.requireNonNull(defaults); + this.expirationRequired = defaults.expirationRequired; + this.expireAfter = defaults.expireAfter; + this.requireJustification = defaults.requireJustification; + this.requireMultifactorAuthentication = defaults.requireMultifactorAuthentication; + this.requireTicketInfo = defaults.requireTicketInfo; + } + + @CustomType.Setter + public Builder expirationRequired(@Nullable Boolean expirationRequired) { + + this.expirationRequired = expirationRequired; + return this; + } + @CustomType.Setter + public Builder expireAfter(@Nullable String expireAfter) { + + this.expireAfter = expireAfter; + return this; + } + @CustomType.Setter + public Builder requireJustification(@Nullable Boolean requireJustification) { + + this.requireJustification = requireJustification; + return this; + } + @CustomType.Setter + public Builder requireMultifactorAuthentication(@Nullable Boolean requireMultifactorAuthentication) { + + this.requireMultifactorAuthentication = requireMultifactorAuthentication; + return this; + } + @CustomType.Setter + public Builder requireTicketInfo(@Nullable Boolean requireTicketInfo) { + + this.requireTicketInfo = requireTicketInfo; + return this; + } + public GroupRoleManagementPolicyActiveAssignmentRules build() { + final var _resultValue = new GroupRoleManagementPolicyActiveAssignmentRules(); + _resultValue.expirationRequired = expirationRequired; + _resultValue.expireAfter = expireAfter; + _resultValue.requireJustification = requireJustification; + _resultValue.requireMultifactorAuthentication = requireMultifactorAuthentication; + _resultValue.requireTicketInfo = requireTicketInfo; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyEligibleAssignmentRules.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyEligibleAssignmentRules.java new file mode 100644 index 000000000..95d61228d --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyEligibleAssignmentRules.java @@ -0,0 +1,83 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyEligibleAssignmentRules { + /** + * @return Must an assignment have an expiry date. `false` allows permanent assignment. + * + */ + private @Nullable Boolean expirationRequired; + /** + * @return The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + * + * One of `expiration_required` or `expire_after` must be provided. + * + */ + private @Nullable String expireAfter; + + private GroupRoleManagementPolicyEligibleAssignmentRules() {} + /** + * @return Must an assignment have an expiry date. `false` allows permanent assignment. + * + */ + public Optional expirationRequired() { + return Optional.ofNullable(this.expirationRequired); + } + /** + * @return The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + * + * One of `expiration_required` or `expire_after` must be provided. + * + */ + public Optional expireAfter() { + return Optional.ofNullable(this.expireAfter); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyEligibleAssignmentRules defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable Boolean expirationRequired; + private @Nullable String expireAfter; + public Builder() {} + public Builder(GroupRoleManagementPolicyEligibleAssignmentRules defaults) { + Objects.requireNonNull(defaults); + this.expirationRequired = defaults.expirationRequired; + this.expireAfter = defaults.expireAfter; + } + + @CustomType.Setter + public Builder expirationRequired(@Nullable Boolean expirationRequired) { + + this.expirationRequired = expirationRequired; + return this; + } + @CustomType.Setter + public Builder expireAfter(@Nullable String expireAfter) { + + this.expireAfter = expireAfter; + return this; + } + public GroupRoleManagementPolicyEligibleAssignmentRules build() { + final var _resultValue = new GroupRoleManagementPolicyEligibleAssignmentRules(); + _resultValue.expirationRequired = expirationRequired; + _resultValue.expireAfter = expireAfter; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRules.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRules.java new file mode 100644 index 000000000..81e0c42b3 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRules.java @@ -0,0 +1,105 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.azuread.outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignments; +import com.pulumi.azuread.outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivations; +import com.pulumi.azuread.outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignments; +import com.pulumi.core.annotations.CustomType; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyNotificationRules { + /** + * @return A `notification_target` block as defined below to configure notfications on active role assignments. + * + */ + private @Nullable GroupRoleManagementPolicyNotificationRulesActiveAssignments activeAssignments; + /** + * @return A `notification_target` block as defined below for configuring notifications on activation of eligible role. + * + */ + private @Nullable GroupRoleManagementPolicyNotificationRulesEligibleActivations eligibleActivations; + /** + * @return A `notification_target` block as defined below to configure notification on eligible role assignments. + * + * At least one `notification_target` block must be provided. + * + */ + private @Nullable GroupRoleManagementPolicyNotificationRulesEligibleAssignments eligibleAssignments; + + private GroupRoleManagementPolicyNotificationRules() {} + /** + * @return A `notification_target` block as defined below to configure notfications on active role assignments. + * + */ + public Optional activeAssignments() { + return Optional.ofNullable(this.activeAssignments); + } + /** + * @return A `notification_target` block as defined below for configuring notifications on activation of eligible role. + * + */ + public Optional eligibleActivations() { + return Optional.ofNullable(this.eligibleActivations); + } + /** + * @return A `notification_target` block as defined below to configure notification on eligible role assignments. + * + * At least one `notification_target` block must be provided. + * + */ + public Optional eligibleAssignments() { + return Optional.ofNullable(this.eligibleAssignments); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyNotificationRules defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable GroupRoleManagementPolicyNotificationRulesActiveAssignments activeAssignments; + private @Nullable GroupRoleManagementPolicyNotificationRulesEligibleActivations eligibleActivations; + private @Nullable GroupRoleManagementPolicyNotificationRulesEligibleAssignments eligibleAssignments; + public Builder() {} + public Builder(GroupRoleManagementPolicyNotificationRules defaults) { + Objects.requireNonNull(defaults); + this.activeAssignments = defaults.activeAssignments; + this.eligibleActivations = defaults.eligibleActivations; + this.eligibleAssignments = defaults.eligibleAssignments; + } + + @CustomType.Setter + public Builder activeAssignments(@Nullable GroupRoleManagementPolicyNotificationRulesActiveAssignments activeAssignments) { + + this.activeAssignments = activeAssignments; + return this; + } + @CustomType.Setter + public Builder eligibleActivations(@Nullable GroupRoleManagementPolicyNotificationRulesEligibleActivations eligibleActivations) { + + this.eligibleActivations = eligibleActivations; + return this; + } + @CustomType.Setter + public Builder eligibleAssignments(@Nullable GroupRoleManagementPolicyNotificationRulesEligibleAssignments eligibleAssignments) { + + this.eligibleAssignments = eligibleAssignments; + return this; + } + public GroupRoleManagementPolicyNotificationRules build() { + final var _resultValue = new GroupRoleManagementPolicyNotificationRules(); + _resultValue.activeAssignments = activeAssignments; + _resultValue.eligibleActivations = eligibleActivations; + _resultValue.eligibleAssignments = eligibleAssignments; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignments.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignments.java new file mode 100644 index 000000000..3c034f3de --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignments.java @@ -0,0 +1,101 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.azuread.outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications; +import com.pulumi.azuread.outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications; +import com.pulumi.azuread.outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications; +import com.pulumi.core.annotations.CustomType; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyNotificationRulesActiveAssignments { + /** + * @return Admin notification settings + * + */ + private @Nullable GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications adminNotifications; + /** + * @return Approver notification settings + * + */ + private @Nullable GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications approverNotifications; + /** + * @return Assignee notification settings + * + */ + private @Nullable GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications assigneeNotifications; + + private GroupRoleManagementPolicyNotificationRulesActiveAssignments() {} + /** + * @return Admin notification settings + * + */ + public Optional adminNotifications() { + return Optional.ofNullable(this.adminNotifications); + } + /** + * @return Approver notification settings + * + */ + public Optional approverNotifications() { + return Optional.ofNullable(this.approverNotifications); + } + /** + * @return Assignee notification settings + * + */ + public Optional assigneeNotifications() { + return Optional.ofNullable(this.assigneeNotifications); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyNotificationRulesActiveAssignments defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications adminNotifications; + private @Nullable GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications approverNotifications; + private @Nullable GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications assigneeNotifications; + public Builder() {} + public Builder(GroupRoleManagementPolicyNotificationRulesActiveAssignments defaults) { + Objects.requireNonNull(defaults); + this.adminNotifications = defaults.adminNotifications; + this.approverNotifications = defaults.approverNotifications; + this.assigneeNotifications = defaults.assigneeNotifications; + } + + @CustomType.Setter + public Builder adminNotifications(@Nullable GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications adminNotifications) { + + this.adminNotifications = adminNotifications; + return this; + } + @CustomType.Setter + public Builder approverNotifications(@Nullable GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications approverNotifications) { + + this.approverNotifications = approverNotifications; + return this; + } + @CustomType.Setter + public Builder assigneeNotifications(@Nullable GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications assigneeNotifications) { + + this.assigneeNotifications = assigneeNotifications; + return this; + } + public GroupRoleManagementPolicyNotificationRulesActiveAssignments build() { + final var _resultValue = new GroupRoleManagementPolicyNotificationRulesActiveAssignments(); + _resultValue.adminNotifications = adminNotifications; + _resultValue.approverNotifications = approverNotifications; + _resultValue.assigneeNotifications = assigneeNotifications; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications.java new file mode 100644 index 000000000..3c635e618 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications.java @@ -0,0 +1,108 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications { + /** + * @return The additional recipients to notify + * + */ + private @Nullable List additionalRecipients; + /** + * @return Whether the default recipients are notified + * + */ + private Boolean defaultRecipients; + /** + * @return What level of notifications are sent + * + */ + private String notificationLevel; + + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications() {} + /** + * @return The additional recipients to notify + * + */ + public List additionalRecipients() { + return this.additionalRecipients == null ? List.of() : this.additionalRecipients; + } + /** + * @return Whether the default recipients are notified + * + */ + public Boolean defaultRecipients() { + return this.defaultRecipients; + } + /** + * @return What level of notifications are sent + * + */ + public String notificationLevel() { + return this.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List additionalRecipients; + private Boolean defaultRecipients; + private String notificationLevel; + public Builder() {} + public Builder(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications defaults) { + Objects.requireNonNull(defaults); + this.additionalRecipients = defaults.additionalRecipients; + this.defaultRecipients = defaults.defaultRecipients; + this.notificationLevel = defaults.notificationLevel; + } + + @CustomType.Setter + public Builder additionalRecipients(@Nullable List additionalRecipients) { + + this.additionalRecipients = additionalRecipients; + return this; + } + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + @CustomType.Setter + public Builder defaultRecipients(Boolean defaultRecipients) { + if (defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications", "defaultRecipients"); + } + this.defaultRecipients = defaultRecipients; + return this; + } + @CustomType.Setter + public Builder notificationLevel(String notificationLevel) { + if (notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications", "notificationLevel"); + } + this.notificationLevel = notificationLevel; + return this; + } + public GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications build() { + final var _resultValue = new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications(); + _resultValue.additionalRecipients = additionalRecipients; + _resultValue.defaultRecipients = defaultRecipients; + _resultValue.notificationLevel = notificationLevel; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications.java new file mode 100644 index 000000000..c5c59fd2b --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications.java @@ -0,0 +1,108 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications { + /** + * @return The additional recipients to notify + * + */ + private @Nullable List additionalRecipients; + /** + * @return Whether the default recipients are notified + * + */ + private Boolean defaultRecipients; + /** + * @return What level of notifications are sent + * + */ + private String notificationLevel; + + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications() {} + /** + * @return The additional recipients to notify + * + */ + public List additionalRecipients() { + return this.additionalRecipients == null ? List.of() : this.additionalRecipients; + } + /** + * @return Whether the default recipients are notified + * + */ + public Boolean defaultRecipients() { + return this.defaultRecipients; + } + /** + * @return What level of notifications are sent + * + */ + public String notificationLevel() { + return this.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List additionalRecipients; + private Boolean defaultRecipients; + private String notificationLevel; + public Builder() {} + public Builder(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications defaults) { + Objects.requireNonNull(defaults); + this.additionalRecipients = defaults.additionalRecipients; + this.defaultRecipients = defaults.defaultRecipients; + this.notificationLevel = defaults.notificationLevel; + } + + @CustomType.Setter + public Builder additionalRecipients(@Nullable List additionalRecipients) { + + this.additionalRecipients = additionalRecipients; + return this; + } + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + @CustomType.Setter + public Builder defaultRecipients(Boolean defaultRecipients) { + if (defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications", "defaultRecipients"); + } + this.defaultRecipients = defaultRecipients; + return this; + } + @CustomType.Setter + public Builder notificationLevel(String notificationLevel) { + if (notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications", "notificationLevel"); + } + this.notificationLevel = notificationLevel; + return this; + } + public GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications build() { + final var _resultValue = new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications(); + _resultValue.additionalRecipients = additionalRecipients; + _resultValue.defaultRecipients = defaultRecipients; + _resultValue.notificationLevel = notificationLevel; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications.java new file mode 100644 index 000000000..c0572372b --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications.java @@ -0,0 +1,108 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications { + /** + * @return The additional recipients to notify + * + */ + private @Nullable List additionalRecipients; + /** + * @return Whether the default recipients are notified + * + */ + private Boolean defaultRecipients; + /** + * @return What level of notifications are sent + * + */ + private String notificationLevel; + + private GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications() {} + /** + * @return The additional recipients to notify + * + */ + public List additionalRecipients() { + return this.additionalRecipients == null ? List.of() : this.additionalRecipients; + } + /** + * @return Whether the default recipients are notified + * + */ + public Boolean defaultRecipients() { + return this.defaultRecipients; + } + /** + * @return What level of notifications are sent + * + */ + public String notificationLevel() { + return this.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List additionalRecipients; + private Boolean defaultRecipients; + private String notificationLevel; + public Builder() {} + public Builder(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications defaults) { + Objects.requireNonNull(defaults); + this.additionalRecipients = defaults.additionalRecipients; + this.defaultRecipients = defaults.defaultRecipients; + this.notificationLevel = defaults.notificationLevel; + } + + @CustomType.Setter + public Builder additionalRecipients(@Nullable List additionalRecipients) { + + this.additionalRecipients = additionalRecipients; + return this; + } + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + @CustomType.Setter + public Builder defaultRecipients(Boolean defaultRecipients) { + if (defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications", "defaultRecipients"); + } + this.defaultRecipients = defaultRecipients; + return this; + } + @CustomType.Setter + public Builder notificationLevel(String notificationLevel) { + if (notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications", "notificationLevel"); + } + this.notificationLevel = notificationLevel; + return this; + } + public GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications build() { + final var _resultValue = new GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications(); + _resultValue.additionalRecipients = additionalRecipients; + _resultValue.defaultRecipients = defaultRecipients; + _resultValue.notificationLevel = notificationLevel; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivations.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivations.java new file mode 100644 index 000000000..ac30bc3e1 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivations.java @@ -0,0 +1,101 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.azuread.outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications; +import com.pulumi.azuread.outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications; +import com.pulumi.azuread.outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications; +import com.pulumi.core.annotations.CustomType; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyNotificationRulesEligibleActivations { + /** + * @return Admin notification settings + * + */ + private @Nullable GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications adminNotifications; + /** + * @return Approver notification settings + * + */ + private @Nullable GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications approverNotifications; + /** + * @return Assignee notification settings + * + */ + private @Nullable GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications assigneeNotifications; + + private GroupRoleManagementPolicyNotificationRulesEligibleActivations() {} + /** + * @return Admin notification settings + * + */ + public Optional adminNotifications() { + return Optional.ofNullable(this.adminNotifications); + } + /** + * @return Approver notification settings + * + */ + public Optional approverNotifications() { + return Optional.ofNullable(this.approverNotifications); + } + /** + * @return Assignee notification settings + * + */ + public Optional assigneeNotifications() { + return Optional.ofNullable(this.assigneeNotifications); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyNotificationRulesEligibleActivations defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications adminNotifications; + private @Nullable GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications approverNotifications; + private @Nullable GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications assigneeNotifications; + public Builder() {} + public Builder(GroupRoleManagementPolicyNotificationRulesEligibleActivations defaults) { + Objects.requireNonNull(defaults); + this.adminNotifications = defaults.adminNotifications; + this.approverNotifications = defaults.approverNotifications; + this.assigneeNotifications = defaults.assigneeNotifications; + } + + @CustomType.Setter + public Builder adminNotifications(@Nullable GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications adminNotifications) { + + this.adminNotifications = adminNotifications; + return this; + } + @CustomType.Setter + public Builder approverNotifications(@Nullable GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications approverNotifications) { + + this.approverNotifications = approverNotifications; + return this; + } + @CustomType.Setter + public Builder assigneeNotifications(@Nullable GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications assigneeNotifications) { + + this.assigneeNotifications = assigneeNotifications; + return this; + } + public GroupRoleManagementPolicyNotificationRulesEligibleActivations build() { + final var _resultValue = new GroupRoleManagementPolicyNotificationRulesEligibleActivations(); + _resultValue.adminNotifications = adminNotifications; + _resultValue.approverNotifications = approverNotifications; + _resultValue.assigneeNotifications = assigneeNotifications; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications.java new file mode 100644 index 000000000..e40dc2b0e --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications.java @@ -0,0 +1,108 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications { + /** + * @return The additional recipients to notify + * + */ + private @Nullable List additionalRecipients; + /** + * @return Whether the default recipients are notified + * + */ + private Boolean defaultRecipients; + /** + * @return What level of notifications are sent + * + */ + private String notificationLevel; + + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications() {} + /** + * @return The additional recipients to notify + * + */ + public List additionalRecipients() { + return this.additionalRecipients == null ? List.of() : this.additionalRecipients; + } + /** + * @return Whether the default recipients are notified + * + */ + public Boolean defaultRecipients() { + return this.defaultRecipients; + } + /** + * @return What level of notifications are sent + * + */ + public String notificationLevel() { + return this.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List additionalRecipients; + private Boolean defaultRecipients; + private String notificationLevel; + public Builder() {} + public Builder(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications defaults) { + Objects.requireNonNull(defaults); + this.additionalRecipients = defaults.additionalRecipients; + this.defaultRecipients = defaults.defaultRecipients; + this.notificationLevel = defaults.notificationLevel; + } + + @CustomType.Setter + public Builder additionalRecipients(@Nullable List additionalRecipients) { + + this.additionalRecipients = additionalRecipients; + return this; + } + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + @CustomType.Setter + public Builder defaultRecipients(Boolean defaultRecipients) { + if (defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications", "defaultRecipients"); + } + this.defaultRecipients = defaultRecipients; + return this; + } + @CustomType.Setter + public Builder notificationLevel(String notificationLevel) { + if (notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications", "notificationLevel"); + } + this.notificationLevel = notificationLevel; + return this; + } + public GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications build() { + final var _resultValue = new GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications(); + _resultValue.additionalRecipients = additionalRecipients; + _resultValue.defaultRecipients = defaultRecipients; + _resultValue.notificationLevel = notificationLevel; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications.java new file mode 100644 index 000000000..b3237be21 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications.java @@ -0,0 +1,108 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications { + /** + * @return The additional recipients to notify + * + */ + private @Nullable List additionalRecipients; + /** + * @return Whether the default recipients are notified + * + */ + private Boolean defaultRecipients; + /** + * @return What level of notifications are sent + * + */ + private String notificationLevel; + + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications() {} + /** + * @return The additional recipients to notify + * + */ + public List additionalRecipients() { + return this.additionalRecipients == null ? List.of() : this.additionalRecipients; + } + /** + * @return Whether the default recipients are notified + * + */ + public Boolean defaultRecipients() { + return this.defaultRecipients; + } + /** + * @return What level of notifications are sent + * + */ + public String notificationLevel() { + return this.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List additionalRecipients; + private Boolean defaultRecipients; + private String notificationLevel; + public Builder() {} + public Builder(GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications defaults) { + Objects.requireNonNull(defaults); + this.additionalRecipients = defaults.additionalRecipients; + this.defaultRecipients = defaults.defaultRecipients; + this.notificationLevel = defaults.notificationLevel; + } + + @CustomType.Setter + public Builder additionalRecipients(@Nullable List additionalRecipients) { + + this.additionalRecipients = additionalRecipients; + return this; + } + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + @CustomType.Setter + public Builder defaultRecipients(Boolean defaultRecipients) { + if (defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications", "defaultRecipients"); + } + this.defaultRecipients = defaultRecipients; + return this; + } + @CustomType.Setter + public Builder notificationLevel(String notificationLevel) { + if (notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications", "notificationLevel"); + } + this.notificationLevel = notificationLevel; + return this; + } + public GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications build() { + final var _resultValue = new GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications(); + _resultValue.additionalRecipients = additionalRecipients; + _resultValue.defaultRecipients = defaultRecipients; + _resultValue.notificationLevel = notificationLevel; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications.java new file mode 100644 index 000000000..2cee948ef --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications.java @@ -0,0 +1,108 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications { + /** + * @return The additional recipients to notify + * + */ + private @Nullable List additionalRecipients; + /** + * @return Whether the default recipients are notified + * + */ + private Boolean defaultRecipients; + /** + * @return What level of notifications are sent + * + */ + private String notificationLevel; + + private GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications() {} + /** + * @return The additional recipients to notify + * + */ + public List additionalRecipients() { + return this.additionalRecipients == null ? List.of() : this.additionalRecipients; + } + /** + * @return Whether the default recipients are notified + * + */ + public Boolean defaultRecipients() { + return this.defaultRecipients; + } + /** + * @return What level of notifications are sent + * + */ + public String notificationLevel() { + return this.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List additionalRecipients; + private Boolean defaultRecipients; + private String notificationLevel; + public Builder() {} + public Builder(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications defaults) { + Objects.requireNonNull(defaults); + this.additionalRecipients = defaults.additionalRecipients; + this.defaultRecipients = defaults.defaultRecipients; + this.notificationLevel = defaults.notificationLevel; + } + + @CustomType.Setter + public Builder additionalRecipients(@Nullable List additionalRecipients) { + + this.additionalRecipients = additionalRecipients; + return this; + } + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + @CustomType.Setter + public Builder defaultRecipients(Boolean defaultRecipients) { + if (defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications", "defaultRecipients"); + } + this.defaultRecipients = defaultRecipients; + return this; + } + @CustomType.Setter + public Builder notificationLevel(String notificationLevel) { + if (notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications", "notificationLevel"); + } + this.notificationLevel = notificationLevel; + return this; + } + public GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications build() { + final var _resultValue = new GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications(); + _resultValue.additionalRecipients = additionalRecipients; + _resultValue.defaultRecipients = defaultRecipients; + _resultValue.notificationLevel = notificationLevel; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignments.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignments.java new file mode 100644 index 000000000..2a885cc98 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignments.java @@ -0,0 +1,101 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.azuread.outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications; +import com.pulumi.azuread.outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications; +import com.pulumi.azuread.outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications; +import com.pulumi.core.annotations.CustomType; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyNotificationRulesEligibleAssignments { + /** + * @return Admin notification settings + * + */ + private @Nullable GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications adminNotifications; + /** + * @return Approver notification settings + * + */ + private @Nullable GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications approverNotifications; + /** + * @return Assignee notification settings + * + */ + private @Nullable GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications assigneeNotifications; + + private GroupRoleManagementPolicyNotificationRulesEligibleAssignments() {} + /** + * @return Admin notification settings + * + */ + public Optional adminNotifications() { + return Optional.ofNullable(this.adminNotifications); + } + /** + * @return Approver notification settings + * + */ + public Optional approverNotifications() { + return Optional.ofNullable(this.approverNotifications); + } + /** + * @return Assignee notification settings + * + */ + public Optional assigneeNotifications() { + return Optional.ofNullable(this.assigneeNotifications); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyNotificationRulesEligibleAssignments defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications adminNotifications; + private @Nullable GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications approverNotifications; + private @Nullable GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications assigneeNotifications; + public Builder() {} + public Builder(GroupRoleManagementPolicyNotificationRulesEligibleAssignments defaults) { + Objects.requireNonNull(defaults); + this.adminNotifications = defaults.adminNotifications; + this.approverNotifications = defaults.approverNotifications; + this.assigneeNotifications = defaults.assigneeNotifications; + } + + @CustomType.Setter + public Builder adminNotifications(@Nullable GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications adminNotifications) { + + this.adminNotifications = adminNotifications; + return this; + } + @CustomType.Setter + public Builder approverNotifications(@Nullable GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications approverNotifications) { + + this.approverNotifications = approverNotifications; + return this; + } + @CustomType.Setter + public Builder assigneeNotifications(@Nullable GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications assigneeNotifications) { + + this.assigneeNotifications = assigneeNotifications; + return this; + } + public GroupRoleManagementPolicyNotificationRulesEligibleAssignments build() { + final var _resultValue = new GroupRoleManagementPolicyNotificationRulesEligibleAssignments(); + _resultValue.adminNotifications = adminNotifications; + _resultValue.approverNotifications = approverNotifications; + _resultValue.assigneeNotifications = assigneeNotifications; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications.java new file mode 100644 index 000000000..bc76836b8 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications.java @@ -0,0 +1,108 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications { + /** + * @return The additional recipients to notify + * + */ + private @Nullable List additionalRecipients; + /** + * @return Whether the default recipients are notified + * + */ + private Boolean defaultRecipients; + /** + * @return What level of notifications are sent + * + */ + private String notificationLevel; + + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications() {} + /** + * @return The additional recipients to notify + * + */ + public List additionalRecipients() { + return this.additionalRecipients == null ? List.of() : this.additionalRecipients; + } + /** + * @return Whether the default recipients are notified + * + */ + public Boolean defaultRecipients() { + return this.defaultRecipients; + } + /** + * @return What level of notifications are sent + * + */ + public String notificationLevel() { + return this.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List additionalRecipients; + private Boolean defaultRecipients; + private String notificationLevel; + public Builder() {} + public Builder(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications defaults) { + Objects.requireNonNull(defaults); + this.additionalRecipients = defaults.additionalRecipients; + this.defaultRecipients = defaults.defaultRecipients; + this.notificationLevel = defaults.notificationLevel; + } + + @CustomType.Setter + public Builder additionalRecipients(@Nullable List additionalRecipients) { + + this.additionalRecipients = additionalRecipients; + return this; + } + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + @CustomType.Setter + public Builder defaultRecipients(Boolean defaultRecipients) { + if (defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications", "defaultRecipients"); + } + this.defaultRecipients = defaultRecipients; + return this; + } + @CustomType.Setter + public Builder notificationLevel(String notificationLevel) { + if (notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications", "notificationLevel"); + } + this.notificationLevel = notificationLevel; + return this; + } + public GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications build() { + final var _resultValue = new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications(); + _resultValue.additionalRecipients = additionalRecipients; + _resultValue.defaultRecipients = defaultRecipients; + _resultValue.notificationLevel = notificationLevel; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications.java new file mode 100644 index 000000000..cc295b087 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications.java @@ -0,0 +1,108 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications { + /** + * @return The additional recipients to notify + * + */ + private @Nullable List additionalRecipients; + /** + * @return Whether the default recipients are notified + * + */ + private Boolean defaultRecipients; + /** + * @return What level of notifications are sent + * + */ + private String notificationLevel; + + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications() {} + /** + * @return The additional recipients to notify + * + */ + public List additionalRecipients() { + return this.additionalRecipients == null ? List.of() : this.additionalRecipients; + } + /** + * @return Whether the default recipients are notified + * + */ + public Boolean defaultRecipients() { + return this.defaultRecipients; + } + /** + * @return What level of notifications are sent + * + */ + public String notificationLevel() { + return this.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List additionalRecipients; + private Boolean defaultRecipients; + private String notificationLevel; + public Builder() {} + public Builder(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications defaults) { + Objects.requireNonNull(defaults); + this.additionalRecipients = defaults.additionalRecipients; + this.defaultRecipients = defaults.defaultRecipients; + this.notificationLevel = defaults.notificationLevel; + } + + @CustomType.Setter + public Builder additionalRecipients(@Nullable List additionalRecipients) { + + this.additionalRecipients = additionalRecipients; + return this; + } + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + @CustomType.Setter + public Builder defaultRecipients(Boolean defaultRecipients) { + if (defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications", "defaultRecipients"); + } + this.defaultRecipients = defaultRecipients; + return this; + } + @CustomType.Setter + public Builder notificationLevel(String notificationLevel) { + if (notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications", "notificationLevel"); + } + this.notificationLevel = notificationLevel; + return this; + } + public GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications build() { + final var _resultValue = new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications(); + _resultValue.additionalRecipients = additionalRecipients; + _resultValue.defaultRecipients = defaultRecipients; + _resultValue.notificationLevel = notificationLevel; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications.java new file mode 100644 index 000000000..8da78f9a3 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications.java @@ -0,0 +1,108 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications { + /** + * @return The additional recipients to notify + * + */ + private @Nullable List additionalRecipients; + /** + * @return Whether the default recipients are notified + * + */ + private Boolean defaultRecipients; + /** + * @return What level of notifications are sent + * + */ + private String notificationLevel; + + private GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications() {} + /** + * @return The additional recipients to notify + * + */ + public List additionalRecipients() { + return this.additionalRecipients == null ? List.of() : this.additionalRecipients; + } + /** + * @return Whether the default recipients are notified + * + */ + public Boolean defaultRecipients() { + return this.defaultRecipients; + } + /** + * @return What level of notifications are sent + * + */ + public String notificationLevel() { + return this.notificationLevel; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List additionalRecipients; + private Boolean defaultRecipients; + private String notificationLevel; + public Builder() {} + public Builder(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications defaults) { + Objects.requireNonNull(defaults); + this.additionalRecipients = defaults.additionalRecipients; + this.defaultRecipients = defaults.defaultRecipients; + this.notificationLevel = defaults.notificationLevel; + } + + @CustomType.Setter + public Builder additionalRecipients(@Nullable List additionalRecipients) { + + this.additionalRecipients = additionalRecipients; + return this; + } + public Builder additionalRecipients(String... additionalRecipients) { + return additionalRecipients(List.of(additionalRecipients)); + } + @CustomType.Setter + public Builder defaultRecipients(Boolean defaultRecipients) { + if (defaultRecipients == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications", "defaultRecipients"); + } + this.defaultRecipients = defaultRecipients; + return this; + } + @CustomType.Setter + public Builder notificationLevel(String notificationLevel) { + if (notificationLevel == null) { + throw new MissingRequiredPropertyException("GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications", "notificationLevel"); + } + this.notificationLevel = notificationLevel; + return this; + } + public GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications build() { + final var _resultValue = new GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications(); + _resultValue.additionalRecipients = additionalRecipients; + _resultValue.defaultRecipients = defaultRecipients; + _resultValue.notificationLevel = notificationLevel; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/SynchronizationJobProvisionOnDemandParameter.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/SynchronizationJobProvisionOnDemandParameter.java new file mode 100644 index 000000000..df8692ce4 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/SynchronizationJobProvisionOnDemandParameter.java @@ -0,0 +1,86 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.azuread.outputs.SynchronizationJobProvisionOnDemandParameterSubject; +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.List; +import java.util.Objects; + +@CustomType +public final class SynchronizationJobProvisionOnDemandParameter { + /** + * @return The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + * + */ + private String ruleId; + /** + * @return One or more `subject` blocks as documented below. + * + */ + private List subjects; + + private SynchronizationJobProvisionOnDemandParameter() {} + /** + * @return The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + * + */ + public String ruleId() { + return this.ruleId; + } + /** + * @return One or more `subject` blocks as documented below. + * + */ + public List subjects() { + return this.subjects; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(SynchronizationJobProvisionOnDemandParameter defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private String ruleId; + private List subjects; + public Builder() {} + public Builder(SynchronizationJobProvisionOnDemandParameter defaults) { + Objects.requireNonNull(defaults); + this.ruleId = defaults.ruleId; + this.subjects = defaults.subjects; + } + + @CustomType.Setter + public Builder ruleId(String ruleId) { + if (ruleId == null) { + throw new MissingRequiredPropertyException("SynchronizationJobProvisionOnDemandParameter", "ruleId"); + } + this.ruleId = ruleId; + return this; + } + @CustomType.Setter + public Builder subjects(List subjects) { + if (subjects == null) { + throw new MissingRequiredPropertyException("SynchronizationJobProvisionOnDemandParameter", "subjects"); + } + this.subjects = subjects; + return this; + } + public Builder subjects(SynchronizationJobProvisionOnDemandParameterSubject... subjects) { + return subjects(List.of(subjects)); + } + public SynchronizationJobProvisionOnDemandParameter build() { + final var _resultValue = new SynchronizationJobProvisionOnDemandParameter(); + _resultValue.ruleId = ruleId; + _resultValue.subjects = subjects; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/azuread/outputs/SynchronizationJobProvisionOnDemandParameterSubject.java b/sdk/java/src/main/java/com/pulumi/azuread/outputs/SynchronizationJobProvisionOnDemandParameterSubject.java new file mode 100644 index 000000000..63789cecb --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/azuread/outputs/SynchronizationJobProvisionOnDemandParameterSubject.java @@ -0,0 +1,81 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.azuread.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; + +@CustomType +public final class SynchronizationJobProvisionOnDemandParameterSubject { + /** + * @return The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + * + */ + private String objectId; + /** + * @return The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + * + */ + private String objectTypeName; + + private SynchronizationJobProvisionOnDemandParameterSubject() {} + /** + * @return The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + * + */ + public String objectId() { + return this.objectId; + } + /** + * @return The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + * + */ + public String objectTypeName() { + return this.objectTypeName; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(SynchronizationJobProvisionOnDemandParameterSubject defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private String objectId; + private String objectTypeName; + public Builder() {} + public Builder(SynchronizationJobProvisionOnDemandParameterSubject defaults) { + Objects.requireNonNull(defaults); + this.objectId = defaults.objectId; + this.objectTypeName = defaults.objectTypeName; + } + + @CustomType.Setter + public Builder objectId(String objectId) { + if (objectId == null) { + throw new MissingRequiredPropertyException("SynchronizationJobProvisionOnDemandParameterSubject", "objectId"); + } + this.objectId = objectId; + return this; + } + @CustomType.Setter + public Builder objectTypeName(String objectTypeName) { + if (objectTypeName == null) { + throw new MissingRequiredPropertyException("SynchronizationJobProvisionOnDemandParameterSubject", "objectTypeName"); + } + this.objectTypeName = objectTypeName; + return this; + } + public SynchronizationJobProvisionOnDemandParameterSubject build() { + final var _resultValue = new SynchronizationJobProvisionOnDemandParameterSubject(); + _resultValue.objectId = objectId; + _resultValue.objectTypeName = objectTypeName; + return _resultValue; + } + } +} diff --git a/sdk/nodejs/application.ts b/sdk/nodejs/application.ts index 96520eac5..00dbbb18d 100644 --- a/sdk/nodejs/application.ts +++ b/sdk/nodejs/application.ts @@ -235,7 +235,7 @@ export class Application extends pulumi.CustomResource { */ public readonly featureTags!: pulumi.Output; /** - * Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + * A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. */ public readonly groupMembershipClaims!: pulumi.Output; /** @@ -486,7 +486,7 @@ export interface ApplicationState { */ featureTags?: pulumi.Input[]>; /** - * Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + * A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. */ groupMembershipClaims?: pulumi.Input[]>; /** @@ -626,7 +626,7 @@ export interface ApplicationArgs { */ featureTags?: pulumi.Input[]>; /** - * Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + * A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. */ groupMembershipClaims?: pulumi.Input[]>; /** diff --git a/sdk/nodejs/getGroup.ts b/sdk/nodejs/getGroup.ts index 3f71cbd1a..005abed48 100644 --- a/sdk/nodejs/getGroup.ts +++ b/sdk/nodejs/getGroup.ts @@ -37,6 +37,7 @@ export function getGroup(args?: GetGroupArgs, opts?: pulumi.InvokeOptions): Prom opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invoke("azuread:index/getGroup:getGroup", { "displayName": args.displayName, + "includeTransitiveMembers": args.includeTransitiveMembers, "mailEnabled": args.mailEnabled, "mailNickname": args.mailNickname, "objectId": args.objectId, @@ -52,6 +53,10 @@ export interface GetGroupArgs { * The display name for the group. */ displayName?: string; + /** + * Whether to include transitive members (a flat list of all nested members). Defaults to `false`. + */ + includeTransitiveMembers?: boolean; /** * Whether the group is mail-enabled. */ @@ -116,6 +121,7 @@ export interface GetGroupResult { * The provider-assigned unique ID for this managed resource. */ readonly id: string; + readonly includeTransitiveMembers?: boolean; /** * The SMTP address for the group. */ @@ -129,7 +135,7 @@ export interface GetGroupResult { */ readonly mailNickname: string; /** - * List of object IDs of the group members. + * List of object IDs of the group members. When `includeTransitiveMembers` is `true`, contains a list of object IDs of all transitive group members. */ readonly members: string[]; /** @@ -234,6 +240,10 @@ export interface GetGroupOutputArgs { * The display name for the group. */ displayName?: pulumi.Input; + /** + * Whether to include transitive members (a flat list of all nested members). Defaults to `false`. + */ + includeTransitiveMembers?: pulumi.Input; /** * Whether the group is mail-enabled. */ diff --git a/sdk/nodejs/getGroupRoleManagementPolicy.ts b/sdk/nodejs/getGroupRoleManagementPolicy.ts new file mode 100644 index 000000000..8a831850f --- /dev/null +++ b/sdk/nodejs/getGroupRoleManagementPolicy.ts @@ -0,0 +1,119 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "./utilities"; + +/** + * Use this data source to retrieve a role policy for an Azure AD group. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires the `RoleManagementPolicy.Read.AzureADGroup` Microsoft Graph API permissions. + * + * When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + * + * ## Example Usage + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as azuread from "@pulumi/azuread"; + * + * const example = new azuread.Group("example", { + * displayName: "group-name", + * securityEnabled: true, + * }); + * const ownersPolicy = azuread.getGroupRoleManagementPolicyOutput({ + * groupId: example.id, + * roleId: "owner", + * }); + * ``` + */ +export function getGroupRoleManagementPolicy(args: GetGroupRoleManagementPolicyArgs, opts?: pulumi.InvokeOptions): Promise { + + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invoke("azuread:index/getGroupRoleManagementPolicy:getGroupRoleManagementPolicy", { + "groupId": args.groupId, + "roleId": args.roleId, + }, opts); +} + +/** + * A collection of arguments for invoking getGroupRoleManagementPolicy. + */ +export interface GetGroupRoleManagementPolicyArgs { + /** + * The ID of the Azure AD group for which the policy applies. + */ + groupId: string; + /** + * The type of assignment this policy coveres. Can be either `member` or `owner`. + */ + roleId: string; +} + +/** + * A collection of values returned by getGroupRoleManagementPolicy. + */ +export interface GetGroupRoleManagementPolicyResult { + /** + * (String) The description of this policy. + */ + readonly description: string; + /** + * (String) The display name of this policy. + */ + readonly displayName: string; + readonly groupId: string; + /** + * The provider-assigned unique ID for this managed resource. + */ + readonly id: string; + readonly roleId: string; +} +/** + * Use this data source to retrieve a role policy for an Azure AD group. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires the `RoleManagementPolicy.Read.AzureADGroup` Microsoft Graph API permissions. + * + * When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + * + * ## Example Usage + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as azuread from "@pulumi/azuread"; + * + * const example = new azuread.Group("example", { + * displayName: "group-name", + * securityEnabled: true, + * }); + * const ownersPolicy = azuread.getGroupRoleManagementPolicyOutput({ + * groupId: example.id, + * roleId: "owner", + * }); + * ``` + */ +export function getGroupRoleManagementPolicyOutput(args: GetGroupRoleManagementPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { + return pulumi.output(args).apply((a: any) => getGroupRoleManagementPolicy(a, opts)) +} + +/** + * A collection of arguments for invoking getGroupRoleManagementPolicy. + */ +export interface GetGroupRoleManagementPolicyOutputArgs { + /** + * The ID of the Azure AD group for which the policy applies. + */ + groupId: pulumi.Input; + /** + * The type of assignment this policy coveres. Can be either `member` or `owner`. + */ + roleId: pulumi.Input; +} diff --git a/sdk/nodejs/getServicePrincipals.ts b/sdk/nodejs/getServicePrincipals.ts index a081df34b..3c5c58f1d 100644 --- a/sdk/nodejs/getServicePrincipals.ts +++ b/sdk/nodejs/getServicePrincipals.ts @@ -33,7 +33,7 @@ import * as utilities from "./utilities"; * }); * ``` * - * *Look up by application IDs (client IDs* + * *Look up by application IDs (client IDs)* * * ```typescript * import * as pulumi from "@pulumi/pulumi"; @@ -171,7 +171,7 @@ export interface GetServicePrincipalsResult { * }); * ``` * - * *Look up by application IDs (client IDs* + * *Look up by application IDs (client IDs)* * * ```typescript * import * as pulumi from "@pulumi/pulumi"; diff --git a/sdk/nodejs/group.ts b/sdk/nodejs/group.ts index cb4911ab8..7b69367f9 100644 --- a/sdk/nodejs/group.ts +++ b/sdk/nodejs/group.ts @@ -17,7 +17,7 @@ import * as utilities from "./utilities"; * * Alternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`. * - * If using the `assignableToRole` property, this resource additionally requires one of the following application roles: `RoleManagement.ReadWrite.Directory` or `Directory.ReadWrite.All` + * If using the `assignableToRole` property, this resource additionally requires the `RoleManagement.ReadWrite.Directory` application role. * * If specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All` * @@ -124,7 +124,7 @@ export class Group extends pulumi.CustomResource { */ public readonly autoSubscribeNewMembers!: pulumi.Output; /** - * A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + * A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. */ public readonly behaviors!: pulumi.Output; /** @@ -355,7 +355,7 @@ export interface GroupState { */ autoSubscribeNewMembers?: pulumi.Input; /** - * A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + * A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. */ behaviors?: pulumi.Input[]>; /** @@ -501,7 +501,7 @@ export interface GroupArgs { */ autoSubscribeNewMembers?: pulumi.Input; /** - * A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + * A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. */ behaviors?: pulumi.Input[]>; /** diff --git a/sdk/nodejs/groupRoleManagementPolicy.ts b/sdk/nodejs/groupRoleManagementPolicy.ts new file mode 100644 index 000000000..3bcbd684b --- /dev/null +++ b/sdk/nodejs/groupRoleManagementPolicy.ts @@ -0,0 +1,190 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "./types/input"; +import * as outputs from "./types/output"; +import * as utilities from "./utilities"; + +/** + * Manage a role policy for an Azure AD group. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires the `RoleManagementPolicy.ReadWrite.AzureADGroup` Microsoft Graph API permissions. + * + * When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + */ +export class GroupRoleManagementPolicy extends pulumi.CustomResource { + /** + * Get an existing GroupRoleManagementPolicy resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: GroupRoleManagementPolicyState, opts?: pulumi.CustomResourceOptions): GroupRoleManagementPolicy { + return new GroupRoleManagementPolicy(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy'; + + /** + * Returns true if the given object is an instance of GroupRoleManagementPolicy. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is GroupRoleManagementPolicy { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === GroupRoleManagementPolicy.__pulumiType; + } + + /** + * An `activationRules` block as defined below. + */ + public readonly activationRules!: pulumi.Output; + /** + * An `activeAssignmentRules` block as defined below. + */ + public readonly activeAssignmentRules!: pulumi.Output; + /** + * (String) The description of this policy. + */ + public /*out*/ readonly description!: pulumi.Output; + /** + * (String) The display name of this policy. + */ + public /*out*/ readonly displayName!: pulumi.Output; + /** + * An `eligibleAssignmentRules` block as defined below. + */ + public readonly eligibleAssignmentRules!: pulumi.Output; + /** + * The ID of the Azure AD group for which the policy applies. + */ + public readonly groupId!: pulumi.Output; + /** + * A `notificationRules` block as defined below. + */ + public readonly notificationRules!: pulumi.Output; + /** + * The type of assignment this policy coveres. Can be either `member` or `owner`. + */ + public readonly roleId!: pulumi.Output; + + /** + * Create a GroupRoleManagementPolicy resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: GroupRoleManagementPolicyArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: GroupRoleManagementPolicyArgs | GroupRoleManagementPolicyState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as GroupRoleManagementPolicyState | undefined; + resourceInputs["activationRules"] = state ? state.activationRules : undefined; + resourceInputs["activeAssignmentRules"] = state ? state.activeAssignmentRules : undefined; + resourceInputs["description"] = state ? state.description : undefined; + resourceInputs["displayName"] = state ? state.displayName : undefined; + resourceInputs["eligibleAssignmentRules"] = state ? state.eligibleAssignmentRules : undefined; + resourceInputs["groupId"] = state ? state.groupId : undefined; + resourceInputs["notificationRules"] = state ? state.notificationRules : undefined; + resourceInputs["roleId"] = state ? state.roleId : undefined; + } else { + const args = argsOrState as GroupRoleManagementPolicyArgs | undefined; + if ((!args || args.groupId === undefined) && !opts.urn) { + throw new Error("Missing required property 'groupId'"); + } + if ((!args || args.roleId === undefined) && !opts.urn) { + throw new Error("Missing required property 'roleId'"); + } + resourceInputs["activationRules"] = args ? args.activationRules : undefined; + resourceInputs["activeAssignmentRules"] = args ? args.activeAssignmentRules : undefined; + resourceInputs["eligibleAssignmentRules"] = args ? args.eligibleAssignmentRules : undefined; + resourceInputs["groupId"] = args ? args.groupId : undefined; + resourceInputs["notificationRules"] = args ? args.notificationRules : undefined; + resourceInputs["roleId"] = args ? args.roleId : undefined; + resourceInputs["description"] = undefined /*out*/; + resourceInputs["displayName"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(GroupRoleManagementPolicy.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering GroupRoleManagementPolicy resources. + */ +export interface GroupRoleManagementPolicyState { + /** + * An `activationRules` block as defined below. + */ + activationRules?: pulumi.Input; + /** + * An `activeAssignmentRules` block as defined below. + */ + activeAssignmentRules?: pulumi.Input; + /** + * (String) The description of this policy. + */ + description?: pulumi.Input; + /** + * (String) The display name of this policy. + */ + displayName?: pulumi.Input; + /** + * An `eligibleAssignmentRules` block as defined below. + */ + eligibleAssignmentRules?: pulumi.Input; + /** + * The ID of the Azure AD group for which the policy applies. + */ + groupId?: pulumi.Input; + /** + * A `notificationRules` block as defined below. + */ + notificationRules?: pulumi.Input; + /** + * The type of assignment this policy coveres. Can be either `member` or `owner`. + */ + roleId?: pulumi.Input; +} + +/** + * The set of arguments for constructing a GroupRoleManagementPolicy resource. + */ +export interface GroupRoleManagementPolicyArgs { + /** + * An `activationRules` block as defined below. + */ + activationRules?: pulumi.Input; + /** + * An `activeAssignmentRules` block as defined below. + */ + activeAssignmentRules?: pulumi.Input; + /** + * An `eligibleAssignmentRules` block as defined below. + */ + eligibleAssignmentRules?: pulumi.Input; + /** + * The ID of the Azure AD group for which the policy applies. + */ + groupId: pulumi.Input; + /** + * A `notificationRules` block as defined below. + */ + notificationRules?: pulumi.Input; + /** + * The type of assignment this policy coveres. Can be either `member` or `owner`. + */ + roleId: pulumi.Input; +} diff --git a/sdk/nodejs/index.ts b/sdk/nodejs/index.ts index bc7bae6c9..926289f4c 100644 --- a/sdk/nodejs/index.ts +++ b/sdk/nodejs/index.ts @@ -240,6 +240,11 @@ export const getGroup: typeof import("./getGroup").getGroup = null as any; export const getGroupOutput: typeof import("./getGroup").getGroupOutput = null as any; utilities.lazyLoad(exports, ["getGroup","getGroupOutput"], () => require("./getGroup")); +export { GetGroupRoleManagementPolicyArgs, GetGroupRoleManagementPolicyResult, GetGroupRoleManagementPolicyOutputArgs } from "./getGroupRoleManagementPolicy"; +export const getGroupRoleManagementPolicy: typeof import("./getGroupRoleManagementPolicy").getGroupRoleManagementPolicy = null as any; +export const getGroupRoleManagementPolicyOutput: typeof import("./getGroupRoleManagementPolicy").getGroupRoleManagementPolicyOutput = null as any; +utilities.lazyLoad(exports, ["getGroupRoleManagementPolicy","getGroupRoleManagementPolicyOutput"], () => require("./getGroupRoleManagementPolicy")); + export { GetGroupsArgs, GetGroupsResult, GetGroupsOutputArgs } from "./getGroups"; export const getGroups: typeof import("./getGroups").getGroups = null as any; export const getGroupsOutput: typeof import("./getGroups").getGroupsOutput = null as any; @@ -280,6 +285,11 @@ export type GroupMember = import("./groupMember").GroupMember; export const GroupMember: typeof import("./groupMember").GroupMember = null as any; utilities.lazyLoad(exports, ["GroupMember"], () => require("./groupMember")); +export { GroupRoleManagementPolicyArgs, GroupRoleManagementPolicyState } from "./groupRoleManagementPolicy"; +export type GroupRoleManagementPolicy = import("./groupRoleManagementPolicy").GroupRoleManagementPolicy; +export const GroupRoleManagementPolicy: typeof import("./groupRoleManagementPolicy").GroupRoleManagementPolicy = null as any; +utilities.lazyLoad(exports, ["GroupRoleManagementPolicy"], () => require("./groupRoleManagementPolicy")); + export { InvitationArgs, InvitationState } from "./invitation"; export type Invitation = import("./invitation").Invitation; export const Invitation: typeof import("./invitation").Invitation = null as any; @@ -290,6 +300,16 @@ export type NamedLocation = import("./namedLocation").NamedLocation; export const NamedLocation: typeof import("./namedLocation").NamedLocation = null as any; utilities.lazyLoad(exports, ["NamedLocation"], () => require("./namedLocation")); +export { PrivilegedAccessGroupAssignmentScheduleArgs, PrivilegedAccessGroupAssignmentScheduleState } from "./privilegedAccessGroupAssignmentSchedule"; +export type PrivilegedAccessGroupAssignmentSchedule = import("./privilegedAccessGroupAssignmentSchedule").PrivilegedAccessGroupAssignmentSchedule; +export const PrivilegedAccessGroupAssignmentSchedule: typeof import("./privilegedAccessGroupAssignmentSchedule").PrivilegedAccessGroupAssignmentSchedule = null as any; +utilities.lazyLoad(exports, ["PrivilegedAccessGroupAssignmentSchedule"], () => require("./privilegedAccessGroupAssignmentSchedule")); + +export { PrivilegedAccessGroupEligibilityScheduleArgs, PrivilegedAccessGroupEligibilityScheduleState } from "./privilegedAccessGroupEligibilitySchedule"; +export type PrivilegedAccessGroupEligibilitySchedule = import("./privilegedAccessGroupEligibilitySchedule").PrivilegedAccessGroupEligibilitySchedule; +export const PrivilegedAccessGroupEligibilitySchedule: typeof import("./privilegedAccessGroupEligibilitySchedule").PrivilegedAccessGroupEligibilitySchedule = null as any; +utilities.lazyLoad(exports, ["PrivilegedAccessGroupEligibilitySchedule"], () => require("./privilegedAccessGroupEligibilitySchedule")); + export { ProviderArgs } from "./provider"; export type Provider = import("./provider").Provider; export const Provider: typeof import("./provider").Provider = null as any; @@ -330,6 +350,11 @@ export type SynchronizationJob = import("./synchronizationJob").SynchronizationJ export const SynchronizationJob: typeof import("./synchronizationJob").SynchronizationJob = null as any; utilities.lazyLoad(exports, ["SynchronizationJob"], () => require("./synchronizationJob")); +export { SynchronizationJobProvisionOnDemandArgs, SynchronizationJobProvisionOnDemandState } from "./synchronizationJobProvisionOnDemand"; +export type SynchronizationJobProvisionOnDemand = import("./synchronizationJobProvisionOnDemand").SynchronizationJobProvisionOnDemand; +export const SynchronizationJobProvisionOnDemand: typeof import("./synchronizationJobProvisionOnDemand").SynchronizationJobProvisionOnDemand = null as any; +utilities.lazyLoad(exports, ["SynchronizationJobProvisionOnDemand"], () => require("./synchronizationJobProvisionOnDemand")); + export { SynchronizationSecretArgs, SynchronizationSecretState } from "./synchronizationSecret"; export type SynchronizationSecret = import("./synchronizationSecret").SynchronizationSecret; export const SynchronizationSecret: typeof import("./synchronizationSecret").SynchronizationSecret = null as any; @@ -431,10 +456,16 @@ const _module = { return new Group(name, undefined, { urn }) case "azuread:index/groupMember:GroupMember": return new GroupMember(name, undefined, { urn }) + case "azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy": + return new GroupRoleManagementPolicy(name, undefined, { urn }) case "azuread:index/invitation:Invitation": return new Invitation(name, undefined, { urn }) case "azuread:index/namedLocation:NamedLocation": return new NamedLocation(name, undefined, { urn }) + case "azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule": + return new PrivilegedAccessGroupAssignmentSchedule(name, undefined, { urn }) + case "azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule": + return new PrivilegedAccessGroupEligibilitySchedule(name, undefined, { urn }) case "azuread:index/servicePrincipal:ServicePrincipal": return new ServicePrincipal(name, undefined, { urn }) case "azuread:index/servicePrincipalCertificate:ServicePrincipalCertificate": @@ -449,6 +480,8 @@ const _module = { return new ServicePrincipalTokenSigningCertificate(name, undefined, { urn }) case "azuread:index/synchronizationJob:SynchronizationJob": return new SynchronizationJob(name, undefined, { urn }) + case "azuread:index/synchronizationJobProvisionOnDemand:SynchronizationJobProvisionOnDemand": + return new SynchronizationJobProvisionOnDemand(name, undefined, { urn }) case "azuread:index/synchronizationSecret:SynchronizationSecret": return new SynchronizationSecret(name, undefined, { urn }) case "azuread:index/user:User": @@ -496,8 +529,11 @@ pulumi.runtime.registerResourceModule("azuread", "index/directoryRoleEligibility pulumi.runtime.registerResourceModule("azuread", "index/directoryRoleMember", _module) pulumi.runtime.registerResourceModule("azuread", "index/group", _module) pulumi.runtime.registerResourceModule("azuread", "index/groupMember", _module) +pulumi.runtime.registerResourceModule("azuread", "index/groupRoleManagementPolicy", _module) pulumi.runtime.registerResourceModule("azuread", "index/invitation", _module) pulumi.runtime.registerResourceModule("azuread", "index/namedLocation", _module) +pulumi.runtime.registerResourceModule("azuread", "index/privilegedAccessGroupAssignmentSchedule", _module) +pulumi.runtime.registerResourceModule("azuread", "index/privilegedAccessGroupEligibilitySchedule", _module) pulumi.runtime.registerResourceModule("azuread", "index/servicePrincipal", _module) pulumi.runtime.registerResourceModule("azuread", "index/servicePrincipalCertificate", _module) pulumi.runtime.registerResourceModule("azuread", "index/servicePrincipalClaimsMappingPolicyAssignment", _module) @@ -505,6 +541,7 @@ pulumi.runtime.registerResourceModule("azuread", "index/servicePrincipalDelegate pulumi.runtime.registerResourceModule("azuread", "index/servicePrincipalPassword", _module) pulumi.runtime.registerResourceModule("azuread", "index/servicePrincipalTokenSigningCertificate", _module) pulumi.runtime.registerResourceModule("azuread", "index/synchronizationJob", _module) +pulumi.runtime.registerResourceModule("azuread", "index/synchronizationJobProvisionOnDemand", _module) pulumi.runtime.registerResourceModule("azuread", "index/synchronizationSecret", _module) pulumi.runtime.registerResourceModule("azuread", "index/user", _module) pulumi.runtime.registerResourceModule("azuread", "index/userFlowAttribute", _module) diff --git a/sdk/nodejs/privilegedAccessGroupAssignmentSchedule.ts b/sdk/nodejs/privilegedAccessGroupAssignmentSchedule.ts new file mode 100644 index 000000000..90182ab05 --- /dev/null +++ b/sdk/nodejs/privilegedAccessGroupAssignmentSchedule.ts @@ -0,0 +1,276 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "./utilities"; + +/** + * Manages an active assignment to a privileged access group. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires the `PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup` Microsoft Graph API permissions. + * + * When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + * + * ## Example Usage + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as azuread from "@pulumi/azuread"; + * + * const example = new azuread.Group("example", { + * displayName: "group-name", + * securityEnabled: true, + * }); + * const member = new azuread.User("member", { + * userPrincipalName: "jdoe@example.com", + * displayName: "J. Doe", + * mailNickname: "jdoe", + * password: "SecretP@sswd99!", + * }); + * const examplePrivilegedAccessGroupAssignmentSchedule = new azuread.PrivilegedAccessGroupAssignmentSchedule("example", { + * groupId: pim.id, + * principalId: member.id, + * assignmentType: "member", + * duration: "P30D", + * justification: "as requested", + * }); + * ``` + * + * ## Import + * + * An assignment schedule can be imported using the schedule ID, e.g. + * + * ```sh + * $ pulumi import azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000 + * ``` + */ +export class PrivilegedAccessGroupAssignmentSchedule extends pulumi.CustomResource { + /** + * Get an existing PrivilegedAccessGroupAssignmentSchedule resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: PrivilegedAccessGroupAssignmentScheduleState, opts?: pulumi.CustomResourceOptions): PrivilegedAccessGroupAssignmentSchedule { + return new PrivilegedAccessGroupAssignmentSchedule(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule'; + + /** + * Returns true if the given object is an instance of PrivilegedAccessGroupAssignmentSchedule. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is PrivilegedAccessGroupAssignmentSchedule { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === PrivilegedAccessGroupAssignmentSchedule.__pulumiType; + } + + /** + * The type of assignment to the group. Can be either `member` or `owner`. + */ + public readonly assignmentType!: pulumi.Output; + /** + * The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + */ + public readonly duration!: pulumi.Output; + /** + * The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + */ + public readonly expirationDate!: pulumi.Output; + /** + * The Object ID of the Azure AD group to which the principal will be assigned. + */ + public readonly groupId!: pulumi.Output; + /** + * The justification for this assignment. May be required by the role policy. + */ + public readonly justification!: pulumi.Output; + /** + * Is this assigment permanently valid. + * + * At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + */ + public readonly permanentAssignment!: pulumi.Output; + /** + * The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + */ + public readonly principalId!: pulumi.Output; + /** + * The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + */ + public readonly startDate!: pulumi.Output; + /** + * (String) The provisioning status of this request. + */ + public /*out*/ readonly status!: pulumi.Output; + /** + * The ticket number in the ticket system approving this assignment. May be required by the role policy. + */ + public readonly ticketNumber!: pulumi.Output; + /** + * The ticket system containing the ticket number approving this assignment. May be required by the role policy. + */ + public readonly ticketSystem!: pulumi.Output; + + /** + * Create a PrivilegedAccessGroupAssignmentSchedule resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: PrivilegedAccessGroupAssignmentScheduleArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: PrivilegedAccessGroupAssignmentScheduleArgs | PrivilegedAccessGroupAssignmentScheduleState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as PrivilegedAccessGroupAssignmentScheduleState | undefined; + resourceInputs["assignmentType"] = state ? state.assignmentType : undefined; + resourceInputs["duration"] = state ? state.duration : undefined; + resourceInputs["expirationDate"] = state ? state.expirationDate : undefined; + resourceInputs["groupId"] = state ? state.groupId : undefined; + resourceInputs["justification"] = state ? state.justification : undefined; + resourceInputs["permanentAssignment"] = state ? state.permanentAssignment : undefined; + resourceInputs["principalId"] = state ? state.principalId : undefined; + resourceInputs["startDate"] = state ? state.startDate : undefined; + resourceInputs["status"] = state ? state.status : undefined; + resourceInputs["ticketNumber"] = state ? state.ticketNumber : undefined; + resourceInputs["ticketSystem"] = state ? state.ticketSystem : undefined; + } else { + const args = argsOrState as PrivilegedAccessGroupAssignmentScheduleArgs | undefined; + if ((!args || args.assignmentType === undefined) && !opts.urn) { + throw new Error("Missing required property 'assignmentType'"); + } + if ((!args || args.groupId === undefined) && !opts.urn) { + throw new Error("Missing required property 'groupId'"); + } + if ((!args || args.principalId === undefined) && !opts.urn) { + throw new Error("Missing required property 'principalId'"); + } + resourceInputs["assignmentType"] = args ? args.assignmentType : undefined; + resourceInputs["duration"] = args ? args.duration : undefined; + resourceInputs["expirationDate"] = args ? args.expirationDate : undefined; + resourceInputs["groupId"] = args ? args.groupId : undefined; + resourceInputs["justification"] = args ? args.justification : undefined; + resourceInputs["permanentAssignment"] = args ? args.permanentAssignment : undefined; + resourceInputs["principalId"] = args ? args.principalId : undefined; + resourceInputs["startDate"] = args ? args.startDate : undefined; + resourceInputs["ticketNumber"] = args ? args.ticketNumber : undefined; + resourceInputs["ticketSystem"] = args ? args.ticketSystem : undefined; + resourceInputs["status"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(PrivilegedAccessGroupAssignmentSchedule.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering PrivilegedAccessGroupAssignmentSchedule resources. + */ +export interface PrivilegedAccessGroupAssignmentScheduleState { + /** + * The type of assignment to the group. Can be either `member` or `owner`. + */ + assignmentType?: pulumi.Input; + /** + * The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + */ + duration?: pulumi.Input; + /** + * The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + */ + expirationDate?: pulumi.Input; + /** + * The Object ID of the Azure AD group to which the principal will be assigned. + */ + groupId?: pulumi.Input; + /** + * The justification for this assignment. May be required by the role policy. + */ + justification?: pulumi.Input; + /** + * Is this assigment permanently valid. + * + * At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + */ + permanentAssignment?: pulumi.Input; + /** + * The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + */ + principalId?: pulumi.Input; + /** + * The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + */ + startDate?: pulumi.Input; + /** + * (String) The provisioning status of this request. + */ + status?: pulumi.Input; + /** + * The ticket number in the ticket system approving this assignment. May be required by the role policy. + */ + ticketNumber?: pulumi.Input; + /** + * The ticket system containing the ticket number approving this assignment. May be required by the role policy. + */ + ticketSystem?: pulumi.Input; +} + +/** + * The set of arguments for constructing a PrivilegedAccessGroupAssignmentSchedule resource. + */ +export interface PrivilegedAccessGroupAssignmentScheduleArgs { + /** + * The type of assignment to the group. Can be either `member` or `owner`. + */ + assignmentType: pulumi.Input; + /** + * The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + */ + duration?: pulumi.Input; + /** + * The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + */ + expirationDate?: pulumi.Input; + /** + * The Object ID of the Azure AD group to which the principal will be assigned. + */ + groupId: pulumi.Input; + /** + * The justification for this assignment. May be required by the role policy. + */ + justification?: pulumi.Input; + /** + * Is this assigment permanently valid. + * + * At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + */ + permanentAssignment?: pulumi.Input; + /** + * The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + */ + principalId: pulumi.Input; + /** + * The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + */ + startDate?: pulumi.Input; + /** + * The ticket number in the ticket system approving this assignment. May be required by the role policy. + */ + ticketNumber?: pulumi.Input; + /** + * The ticket system containing the ticket number approving this assignment. May be required by the role policy. + */ + ticketSystem?: pulumi.Input; +} diff --git a/sdk/nodejs/privilegedAccessGroupEligibilitySchedule.ts b/sdk/nodejs/privilegedAccessGroupEligibilitySchedule.ts new file mode 100644 index 000000000..9991f4bff --- /dev/null +++ b/sdk/nodejs/privilegedAccessGroupEligibilitySchedule.ts @@ -0,0 +1,276 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "./utilities"; + +/** + * Manages an eligible assignment to a privileged access group. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires the `PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup` Microsoft Graph API permissions. + * + * When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + * + * ## Example Usage + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as azuread from "@pulumi/azuread"; + * + * const example = new azuread.Group("example", { + * displayName: "group-name", + * securityEnabled: true, + * }); + * const member = new azuread.User("member", { + * userPrincipalName: "jdoe@example.com", + * displayName: "J. Doe", + * mailNickname: "jdoe", + * password: "SecretP@sswd99!", + * }); + * const examplePrivilegedAccessGroupEligibilitySchedule = new azuread.PrivilegedAccessGroupEligibilitySchedule("example", { + * groupId: pim.id, + * principalId: member.id, + * assignmentType: "member", + * duration: "P30D", + * justification: "as requested", + * }); + * ``` + * + * ## Import + * + * An assignment schedule can be imported using the schedule ID, e.g. + * + * ```sh + * $ pulumi import azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000 + * ``` + */ +export class PrivilegedAccessGroupEligibilitySchedule extends pulumi.CustomResource { + /** + * Get an existing PrivilegedAccessGroupEligibilitySchedule resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: PrivilegedAccessGroupEligibilityScheduleState, opts?: pulumi.CustomResourceOptions): PrivilegedAccessGroupEligibilitySchedule { + return new PrivilegedAccessGroupEligibilitySchedule(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule'; + + /** + * Returns true if the given object is an instance of PrivilegedAccessGroupEligibilitySchedule. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is PrivilegedAccessGroupEligibilitySchedule { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === PrivilegedAccessGroupEligibilitySchedule.__pulumiType; + } + + /** + * The type of assignment to the group. Can be either `member` or `owner`. + */ + public readonly assignmentType!: pulumi.Output; + /** + * The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + */ + public readonly duration!: pulumi.Output; + /** + * The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + */ + public readonly expirationDate!: pulumi.Output; + /** + * The Object ID of the Azure AD group to which the principal will be assigned. + */ + public readonly groupId!: pulumi.Output; + /** + * The justification for this assignment. May be required by the role policy. + */ + public readonly justification!: pulumi.Output; + /** + * Is this assigment permanently valid. + * + * At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + */ + public readonly permanentAssignment!: pulumi.Output; + /** + * The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + */ + public readonly principalId!: pulumi.Output; + /** + * The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + */ + public readonly startDate!: pulumi.Output; + /** + * (String) The provisioning status of this request. + */ + public /*out*/ readonly status!: pulumi.Output; + /** + * The ticket number in the ticket system approving this assignment. May be required by the role policy. + */ + public readonly ticketNumber!: pulumi.Output; + /** + * The ticket system containing the ticket number approving this assignment. May be required by the role policy. + */ + public readonly ticketSystem!: pulumi.Output; + + /** + * Create a PrivilegedAccessGroupEligibilitySchedule resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: PrivilegedAccessGroupEligibilityScheduleArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: PrivilegedAccessGroupEligibilityScheduleArgs | PrivilegedAccessGroupEligibilityScheduleState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as PrivilegedAccessGroupEligibilityScheduleState | undefined; + resourceInputs["assignmentType"] = state ? state.assignmentType : undefined; + resourceInputs["duration"] = state ? state.duration : undefined; + resourceInputs["expirationDate"] = state ? state.expirationDate : undefined; + resourceInputs["groupId"] = state ? state.groupId : undefined; + resourceInputs["justification"] = state ? state.justification : undefined; + resourceInputs["permanentAssignment"] = state ? state.permanentAssignment : undefined; + resourceInputs["principalId"] = state ? state.principalId : undefined; + resourceInputs["startDate"] = state ? state.startDate : undefined; + resourceInputs["status"] = state ? state.status : undefined; + resourceInputs["ticketNumber"] = state ? state.ticketNumber : undefined; + resourceInputs["ticketSystem"] = state ? state.ticketSystem : undefined; + } else { + const args = argsOrState as PrivilegedAccessGroupEligibilityScheduleArgs | undefined; + if ((!args || args.assignmentType === undefined) && !opts.urn) { + throw new Error("Missing required property 'assignmentType'"); + } + if ((!args || args.groupId === undefined) && !opts.urn) { + throw new Error("Missing required property 'groupId'"); + } + if ((!args || args.principalId === undefined) && !opts.urn) { + throw new Error("Missing required property 'principalId'"); + } + resourceInputs["assignmentType"] = args ? args.assignmentType : undefined; + resourceInputs["duration"] = args ? args.duration : undefined; + resourceInputs["expirationDate"] = args ? args.expirationDate : undefined; + resourceInputs["groupId"] = args ? args.groupId : undefined; + resourceInputs["justification"] = args ? args.justification : undefined; + resourceInputs["permanentAssignment"] = args ? args.permanentAssignment : undefined; + resourceInputs["principalId"] = args ? args.principalId : undefined; + resourceInputs["startDate"] = args ? args.startDate : undefined; + resourceInputs["ticketNumber"] = args ? args.ticketNumber : undefined; + resourceInputs["ticketSystem"] = args ? args.ticketSystem : undefined; + resourceInputs["status"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(PrivilegedAccessGroupEligibilitySchedule.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering PrivilegedAccessGroupEligibilitySchedule resources. + */ +export interface PrivilegedAccessGroupEligibilityScheduleState { + /** + * The type of assignment to the group. Can be either `member` or `owner`. + */ + assignmentType?: pulumi.Input; + /** + * The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + */ + duration?: pulumi.Input; + /** + * The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + */ + expirationDate?: pulumi.Input; + /** + * The Object ID of the Azure AD group to which the principal will be assigned. + */ + groupId?: pulumi.Input; + /** + * The justification for this assignment. May be required by the role policy. + */ + justification?: pulumi.Input; + /** + * Is this assigment permanently valid. + * + * At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + */ + permanentAssignment?: pulumi.Input; + /** + * The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + */ + principalId?: pulumi.Input; + /** + * The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + */ + startDate?: pulumi.Input; + /** + * (String) The provisioning status of this request. + */ + status?: pulumi.Input; + /** + * The ticket number in the ticket system approving this assignment. May be required by the role policy. + */ + ticketNumber?: pulumi.Input; + /** + * The ticket system containing the ticket number approving this assignment. May be required by the role policy. + */ + ticketSystem?: pulumi.Input; +} + +/** + * The set of arguments for constructing a PrivilegedAccessGroupEligibilitySchedule resource. + */ +export interface PrivilegedAccessGroupEligibilityScheduleArgs { + /** + * The type of assignment to the group. Can be either `member` or `owner`. + */ + assignmentType: pulumi.Input; + /** + * The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + */ + duration?: pulumi.Input; + /** + * The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + */ + expirationDate?: pulumi.Input; + /** + * The Object ID of the Azure AD group to which the principal will be assigned. + */ + groupId: pulumi.Input; + /** + * The justification for this assignment. May be required by the role policy. + */ + justification?: pulumi.Input; + /** + * Is this assigment permanently valid. + * + * At least one of `expirationDate`, `duration`, or `permanentAssignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + */ + permanentAssignment?: pulumi.Input; + /** + * The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + */ + principalId: pulumi.Input; + /** + * The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + */ + startDate?: pulumi.Input; + /** + * The ticket number in the ticket system approving this assignment. May be required by the role policy. + */ + ticketNumber?: pulumi.Input; + /** + * The ticket system containing the ticket number approving this assignment. May be required by the role policy. + */ + ticketSystem?: pulumi.Input; +} diff --git a/sdk/nodejs/synchronizationJobProvisionOnDemand.ts b/sdk/nodejs/synchronizationJobProvisionOnDemand.ts new file mode 100644 index 000000000..eeaab89ec --- /dev/null +++ b/sdk/nodejs/synchronizationJobProvisionOnDemand.ts @@ -0,0 +1,198 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "./types/input"; +import * as outputs from "./types/output"; +import * as utilities from "./utilities"; + +/** + * Manages synchronization job on demand provisioning associated with a service principal (enterprise application) within Azure Active Directory. + * + * ## API Permissions + * + * The following API permissions are required in order to use this resource. + * + * When authenticated with a service principal, this resource requires one of the following application roles: `Synchronization.ReadWrite.All` + * + * ## Example Usage + * + * *Basic example* + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as azuread from "@pulumi/azuread"; + * + * const current = azuread.getClientConfig({}); + * const exampleGroup = new azuread.Group("example", { + * displayName: "example", + * owners: [current.then(current => current.objectId)], + * securityEnabled: true, + * }); + * const example = azuread.getApplicationTemplate({ + * displayName: "Azure Databricks SCIM Provisioning Connector", + * }); + * const exampleApplication = new azuread.Application("example", { + * displayName: "example", + * templateId: example.then(example => example.templateId), + * featureTags: [{ + * enterprise: true, + * gallery: true, + * }], + * }); + * const exampleServicePrincipal = new azuread.ServicePrincipal("example", { + * clientId: exampleApplication.clientId, + * useExisting: true, + * }); + * const exampleSynchronizationSecret = new azuread.SynchronizationSecret("example", { + * servicePrincipalId: exampleServicePrincipal.id, + * credentials: [ + * { + * key: "BaseAddress", + * value: "https://adb-example.azuredatabricks.net/api/2.0/preview/scim", + * }, + * { + * key: "SecretToken", + * value: "some-token", + * }, + * ], + * }); + * const exampleSynchronizationJob = new azuread.SynchronizationJob("example", { + * servicePrincipalId: exampleServicePrincipal.id, + * templateId: "dataBricks", + * enabled: true, + * }); + * const exampleSynchronizationJobProvisionOnDemand = new azuread.SynchronizationJobProvisionOnDemand("example", { + * servicePrincipalId: exampleServicePrincipal.id, + * synchronizationJobId: exampleSynchronizationJob.id, + * parameters: [{ + * ruleId: "", + * subjects: [{ + * objectId: exampleGroup.objectId, + * objectTypeName: "Group", + * }], + * }], + * }); + * ``` + * + * ## Import + * + * This resource does not support importing. + */ +export class SynchronizationJobProvisionOnDemand extends pulumi.CustomResource { + /** + * Get an existing SynchronizationJobProvisionOnDemand resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: SynchronizationJobProvisionOnDemandState, opts?: pulumi.CustomResourceOptions): SynchronizationJobProvisionOnDemand { + return new SynchronizationJobProvisionOnDemand(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'azuread:index/synchronizationJobProvisionOnDemand:SynchronizationJobProvisionOnDemand'; + + /** + * Returns true if the given object is an instance of SynchronizationJobProvisionOnDemand. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is SynchronizationJobProvisionOnDemand { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === SynchronizationJobProvisionOnDemand.__pulumiType; + } + + /** + * One or more `parameter` blocks as documented below. + */ + public readonly parameters!: pulumi.Output; + /** + * The object ID of the service principal for the synchronization job. + */ + public readonly servicePrincipalId!: pulumi.Output; + /** + * Identifier of the synchronization template this job is based on. + */ + public readonly synchronizationJobId!: pulumi.Output; + public readonly triggers!: pulumi.Output<{[key: string]: string} | undefined>; + + /** + * Create a SynchronizationJobProvisionOnDemand resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: SynchronizationJobProvisionOnDemandArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: SynchronizationJobProvisionOnDemandArgs | SynchronizationJobProvisionOnDemandState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as SynchronizationJobProvisionOnDemandState | undefined; + resourceInputs["parameters"] = state ? state.parameters : undefined; + resourceInputs["servicePrincipalId"] = state ? state.servicePrincipalId : undefined; + resourceInputs["synchronizationJobId"] = state ? state.synchronizationJobId : undefined; + resourceInputs["triggers"] = state ? state.triggers : undefined; + } else { + const args = argsOrState as SynchronizationJobProvisionOnDemandArgs | undefined; + if ((!args || args.parameters === undefined) && !opts.urn) { + throw new Error("Missing required property 'parameters'"); + } + if ((!args || args.servicePrincipalId === undefined) && !opts.urn) { + throw new Error("Missing required property 'servicePrincipalId'"); + } + if ((!args || args.synchronizationJobId === undefined) && !opts.urn) { + throw new Error("Missing required property 'synchronizationJobId'"); + } + resourceInputs["parameters"] = args ? args.parameters : undefined; + resourceInputs["servicePrincipalId"] = args ? args.servicePrincipalId : undefined; + resourceInputs["synchronizationJobId"] = args ? args.synchronizationJobId : undefined; + resourceInputs["triggers"] = args ? args.triggers : undefined; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + super(SynchronizationJobProvisionOnDemand.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering SynchronizationJobProvisionOnDemand resources. + */ +export interface SynchronizationJobProvisionOnDemandState { + /** + * One or more `parameter` blocks as documented below. + */ + parameters?: pulumi.Input[]>; + /** + * The object ID of the service principal for the synchronization job. + */ + servicePrincipalId?: pulumi.Input; + /** + * Identifier of the synchronization template this job is based on. + */ + synchronizationJobId?: pulumi.Input; + triggers?: pulumi.Input<{[key: string]: pulumi.Input}>; +} + +/** + * The set of arguments for constructing a SynchronizationJobProvisionOnDemand resource. + */ +export interface SynchronizationJobProvisionOnDemandArgs { + /** + * One or more `parameter` blocks as documented below. + */ + parameters: pulumi.Input[]>; + /** + * The object ID of the service principal for the synchronization job. + */ + servicePrincipalId: pulumi.Input; + /** + * Identifier of the synchronization template this job is based on. + */ + synchronizationJobId: pulumi.Input; + triggers?: pulumi.Input<{[key: string]: pulumi.Input}>; +} diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json index 86b2134a9..fccfe779f 100644 --- a/sdk/nodejs/tsconfig.json +++ b/sdk/nodejs/tsconfig.json @@ -62,6 +62,7 @@ "getDirectoryRoles.ts", "getDomains.ts", "getGroup.ts", + "getGroupRoleManagementPolicy.ts", "getGroups.ts", "getNamedLocation.ts", "getServicePrincipal.ts", @@ -70,9 +71,12 @@ "getUsers.ts", "group.ts", "groupMember.ts", + "groupRoleManagementPolicy.ts", "index.ts", "invitation.ts", "namedLocation.ts", + "privilegedAccessGroupAssignmentSchedule.ts", + "privilegedAccessGroupEligibilitySchedule.ts", "provider.ts", "servicePrincipal.ts", "servicePrincipalCertificate.ts", @@ -81,6 +85,7 @@ "servicePrincipalPassword.ts", "servicePrincipalTokenSigningCertificate.ts", "synchronizationJob.ts", + "synchronizationJobProvisionOnDemand.ts", "synchronizationSecret.ts", "types/index.ts", "types/input.ts", diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts index f5e6ef472..8fe9e8542 100644 --- a/sdk/nodejs/types/input.ts +++ b/sdk/nodejs/types/input.ts @@ -743,6 +743,290 @@ export interface GroupDynamicMembership { rule: pulumi.Input; } +export interface GroupRoleManagementPolicyActivationRules { + /** + * An `approvalStage` block as defined below. + */ + approvalStage?: pulumi.Input; + /** + * The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + */ + maximumDuration?: pulumi.Input; + /** + * Is approval required for activation. If `true` an `approvalStage` block must be provided. + */ + requireApproval?: pulumi.Input; + /** + * Is a justification required during activation of the role. + */ + requireJustification?: pulumi.Input; + /** + * Is multi-factor authentication required to activate the role. Conflicts with `requiredConditionalAccessAuthenticationContext`. + */ + requireMultifactorAuthentication?: pulumi.Input; + /** + * Is ticket information requrired during activation of the role. + */ + requireTicketInfo?: pulumi.Input; + /** + * The Entra ID Conditional Access context that must be present for activation. Conflicts with `requireMultifactorAuthentication`. + */ + requiredConditionalAccessAuthenticationContext?: pulumi.Input; +} + +export interface GroupRoleManagementPolicyActivationRulesApprovalStage { + /** + * The IDs of the users or groups who can approve the activation + */ + primaryApprovers: pulumi.Input[]>; +} + +export interface GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover { + /** + * The ID of the object which will act as an approver. + */ + objectId: pulumi.Input; + /** + * The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + */ + type?: pulumi.Input; +} + +export interface GroupRoleManagementPolicyActiveAssignmentRules { + /** + * Must an assignment have an expiry date. `false` allows permanent assignment. + */ + expirationRequired?: pulumi.Input; + /** + * The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + */ + expireAfter?: pulumi.Input; + /** + * Is a justification required to create new assignments. + */ + requireJustification?: pulumi.Input; + /** + * Is multi-factor authentication required to create new assignments. + */ + requireMultifactorAuthentication?: pulumi.Input; + /** + * Is ticket information required to create new assignments. + * + * One of `expirationRequired` or `expireAfter` must be provided. + */ + requireTicketInfo?: pulumi.Input; +} + +export interface GroupRoleManagementPolicyEligibleAssignmentRules { + /** + * Must an assignment have an expiry date. `false` allows permanent assignment. + */ + expirationRequired?: pulumi.Input; + /** + * The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + * + * One of `expirationRequired` or `expireAfter` must be provided. + */ + expireAfter?: pulumi.Input; +} + +export interface GroupRoleManagementPolicyNotificationRules { + /** + * A `notificationTarget` block as defined below to configure notfications on active role assignments. + */ + activeAssignments?: pulumi.Input; + /** + * A `notificationTarget` block as defined below for configuring notifications on activation of eligible role. + */ + eligibleActivations?: pulumi.Input; + /** + * A `notificationTarget` block as defined below to configure notification on eligible role assignments. + * + * At least one `notificationTarget` block must be provided. + */ + eligibleAssignments?: pulumi.Input; +} + +export interface GroupRoleManagementPolicyNotificationRulesActiveAssignments { + /** + * Admin notification settings + */ + adminNotifications?: pulumi.Input; + /** + * Approver notification settings + */ + approverNotifications?: pulumi.Input; + /** + * Assignee notification settings + */ + assigneeNotifications?: pulumi.Input; +} + +export interface GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients?: pulumi.Input[]>; + /** + * Whether the default recipients are notified + */ + defaultRecipients: pulumi.Input; + /** + * What level of notifications are sent + */ + notificationLevel: pulumi.Input; +} + +export interface GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients?: pulumi.Input[]>; + /** + * Whether the default recipients are notified + */ + defaultRecipients: pulumi.Input; + /** + * What level of notifications are sent + */ + notificationLevel: pulumi.Input; +} + +export interface GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients?: pulumi.Input[]>; + /** + * Whether the default recipients are notified + */ + defaultRecipients: pulumi.Input; + /** + * What level of notifications are sent + */ + notificationLevel: pulumi.Input; +} + +export interface GroupRoleManagementPolicyNotificationRulesEligibleActivations { + /** + * Admin notification settings + */ + adminNotifications?: pulumi.Input; + /** + * Approver notification settings + */ + approverNotifications?: pulumi.Input; + /** + * Assignee notification settings + */ + assigneeNotifications?: pulumi.Input; +} + +export interface GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients?: pulumi.Input[]>; + /** + * Whether the default recipients are notified + */ + defaultRecipients: pulumi.Input; + /** + * What level of notifications are sent + */ + notificationLevel: pulumi.Input; +} + +export interface GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients?: pulumi.Input[]>; + /** + * Whether the default recipients are notified + */ + defaultRecipients: pulumi.Input; + /** + * What level of notifications are sent + */ + notificationLevel: pulumi.Input; +} + +export interface GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients?: pulumi.Input[]>; + /** + * Whether the default recipients are notified + */ + defaultRecipients: pulumi.Input; + /** + * What level of notifications are sent + */ + notificationLevel: pulumi.Input; +} + +export interface GroupRoleManagementPolicyNotificationRulesEligibleAssignments { + /** + * Admin notification settings + */ + adminNotifications?: pulumi.Input; + /** + * Approver notification settings + */ + approverNotifications?: pulumi.Input; + /** + * Assignee notification settings + */ + assigneeNotifications?: pulumi.Input; +} + +export interface GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients?: pulumi.Input[]>; + /** + * Whether the default recipients are notified + */ + defaultRecipients: pulumi.Input; + /** + * What level of notifications are sent + */ + notificationLevel: pulumi.Input; +} + +export interface GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients?: pulumi.Input[]>; + /** + * Whether the default recipients are notified + */ + defaultRecipients: pulumi.Input; + /** + * What level of notifications are sent + */ + notificationLevel: pulumi.Input; +} + +export interface GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients?: pulumi.Input[]>; + /** + * Whether the default recipients are notified + */ + defaultRecipients: pulumi.Input; + /** + * What level of notifications are sent + */ + notificationLevel: pulumi.Input; +} + export interface InvitationMessage { /** * Email addresses of additional recipients the invitation message should be sent to. Only 1 additional recipient is currently supported by Azure. @@ -887,6 +1171,28 @@ export interface ServicePrincipalSamlSingleSignOn { relayState?: pulumi.Input; } +export interface SynchronizationJobProvisionOnDemandParameter { + /** + * The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + */ + ruleId: pulumi.Input; + /** + * One or more `subject` blocks as documented below. + */ + subjects: pulumi.Input[]>; +} + +export interface SynchronizationJobProvisionOnDemandParameterSubject { + /** + * The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + */ + objectId: pulumi.Input; + /** + * The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + */ + objectTypeName: pulumi.Input; +} + export interface SynchronizationJobSchedule { /** * Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts index 54478648e..440b2253b 100644 --- a/sdk/nodejs/types/output.ts +++ b/sdk/nodejs/types/output.ts @@ -1282,6 +1282,290 @@ export interface GroupDynamicMembership { rule: string; } +export interface GroupRoleManagementPolicyActivationRules { + /** + * An `approvalStage` block as defined below. + */ + approvalStage?: outputs.GroupRoleManagementPolicyActivationRulesApprovalStage; + /** + * The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + */ + maximumDuration: string; + /** + * Is approval required for activation. If `true` an `approvalStage` block must be provided. + */ + requireApproval: boolean; + /** + * Is a justification required during activation of the role. + */ + requireJustification: boolean; + /** + * Is multi-factor authentication required to activate the role. Conflicts with `requiredConditionalAccessAuthenticationContext`. + */ + requireMultifactorAuthentication: boolean; + /** + * Is ticket information requrired during activation of the role. + */ + requireTicketInfo: boolean; + /** + * The Entra ID Conditional Access context that must be present for activation. Conflicts with `requireMultifactorAuthentication`. + */ + requiredConditionalAccessAuthenticationContext: string; +} + +export interface GroupRoleManagementPolicyActivationRulesApprovalStage { + /** + * The IDs of the users or groups who can approve the activation + */ + primaryApprovers: outputs.GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover[]; +} + +export interface GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover { + /** + * The ID of the object which will act as an approver. + */ + objectId: string; + /** + * The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + */ + type?: string; +} + +export interface GroupRoleManagementPolicyActiveAssignmentRules { + /** + * Must an assignment have an expiry date. `false` allows permanent assignment. + */ + expirationRequired: boolean; + /** + * The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + */ + expireAfter: string; + /** + * Is a justification required to create new assignments. + */ + requireJustification: boolean; + /** + * Is multi-factor authentication required to create new assignments. + */ + requireMultifactorAuthentication: boolean; + /** + * Is ticket information required to create new assignments. + * + * One of `expirationRequired` or `expireAfter` must be provided. + */ + requireTicketInfo: boolean; +} + +export interface GroupRoleManagementPolicyEligibleAssignmentRules { + /** + * Must an assignment have an expiry date. `false` allows permanent assignment. + */ + expirationRequired: boolean; + /** + * The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + * + * One of `expirationRequired` or `expireAfter` must be provided. + */ + expireAfter: string; +} + +export interface GroupRoleManagementPolicyNotificationRules { + /** + * A `notificationTarget` block as defined below to configure notfications on active role assignments. + */ + activeAssignments: outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignments; + /** + * A `notificationTarget` block as defined below for configuring notifications on activation of eligible role. + */ + eligibleActivations: outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivations; + /** + * A `notificationTarget` block as defined below to configure notification on eligible role assignments. + * + * At least one `notificationTarget` block must be provided. + */ + eligibleAssignments: outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignments; +} + +export interface GroupRoleManagementPolicyNotificationRulesActiveAssignments { + /** + * Admin notification settings + */ + adminNotifications: outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications; + /** + * Approver notification settings + */ + approverNotifications: outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications; + /** + * Assignee notification settings + */ + assigneeNotifications: outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications; +} + +export interface GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients: string[]; + /** + * Whether the default recipients are notified + */ + defaultRecipients: boolean; + /** + * What level of notifications are sent + */ + notificationLevel: string; +} + +export interface GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients: string[]; + /** + * Whether the default recipients are notified + */ + defaultRecipients: boolean; + /** + * What level of notifications are sent + */ + notificationLevel: string; +} + +export interface GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients: string[]; + /** + * Whether the default recipients are notified + */ + defaultRecipients: boolean; + /** + * What level of notifications are sent + */ + notificationLevel: string; +} + +export interface GroupRoleManagementPolicyNotificationRulesEligibleActivations { + /** + * Admin notification settings + */ + adminNotifications: outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications; + /** + * Approver notification settings + */ + approverNotifications: outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications; + /** + * Assignee notification settings + */ + assigneeNotifications: outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications; +} + +export interface GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients: string[]; + /** + * Whether the default recipients are notified + */ + defaultRecipients: boolean; + /** + * What level of notifications are sent + */ + notificationLevel: string; +} + +export interface GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients: string[]; + /** + * Whether the default recipients are notified + */ + defaultRecipients: boolean; + /** + * What level of notifications are sent + */ + notificationLevel: string; +} + +export interface GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients: string[]; + /** + * Whether the default recipients are notified + */ + defaultRecipients: boolean; + /** + * What level of notifications are sent + */ + notificationLevel: string; +} + +export interface GroupRoleManagementPolicyNotificationRulesEligibleAssignments { + /** + * Admin notification settings + */ + adminNotifications: outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications; + /** + * Approver notification settings + */ + approverNotifications: outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications; + /** + * Assignee notification settings + */ + assigneeNotifications: outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications; +} + +export interface GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients: string[]; + /** + * Whether the default recipients are notified + */ + defaultRecipients: boolean; + /** + * What level of notifications are sent + */ + notificationLevel: string; +} + +export interface GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients: string[]; + /** + * Whether the default recipients are notified + */ + defaultRecipients: boolean; + /** + * What level of notifications are sent + */ + notificationLevel: string; +} + +export interface GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications { + /** + * The additional recipients to notify + */ + additionalRecipients: string[]; + /** + * Whether the default recipients are notified + */ + defaultRecipients: boolean; + /** + * What level of notifications are sent + */ + notificationLevel: string; +} + export interface InvitationMessage { /** * Email addresses of additional recipients the invitation message should be sent to. Only 1 additional recipient is currently supported by Azure. @@ -1426,6 +1710,28 @@ export interface ServicePrincipalSamlSingleSignOn { relayState?: string; } +export interface SynchronizationJobProvisionOnDemandParameter { + /** + * The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + */ + ruleId: string; + /** + * One or more `subject` blocks as documented below. + */ + subjects: outputs.SynchronizationJobProvisionOnDemandParameterSubject[]; +} + +export interface SynchronizationJobProvisionOnDemandParameterSubject { + /** + * The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + */ + objectId: string; + /** + * The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + */ + objectTypeName: string; +} + export interface SynchronizationJobSchedule { /** * Date and time when this job will expire, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). diff --git a/sdk/python/pulumi_azuread/__init__.py b/sdk/python/pulumi_azuread/__init__.py index ae116996c..cf0f92600 100644 --- a/sdk/python/pulumi_azuread/__init__.py +++ b/sdk/python/pulumi_azuread/__init__.py @@ -52,6 +52,7 @@ from .get_directory_roles import * from .get_domains import * from .get_group import * +from .get_group_role_management_policy import * from .get_groups import * from .get_named_location import * from .get_service_principal import * @@ -60,8 +61,11 @@ from .get_users import * from .group import * from .group_member import * +from .group_role_management_policy import * from .invitation import * from .named_location import * +from .privileged_access_group_assignment_schedule import * +from .privileged_access_group_eligibility_schedule import * from .provider import * from .service_principal import * from .service_principal_certificate import * @@ -70,6 +74,7 @@ from .service_principal_password import * from .service_principal_token_signing_certificate import * from .synchronization_job import * +from .synchronization_job_provision_on_demand import * from .synchronization_secret import * from .user import * from .user_flow_attribute import * @@ -374,6 +379,14 @@ "azuread:index/groupMember:GroupMember": "GroupMember" } }, + { + "pkg": "azuread", + "mod": "index/groupRoleManagementPolicy", + "fqn": "pulumi_azuread", + "classes": { + "azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy": "GroupRoleManagementPolicy" + } + }, { "pkg": "azuread", "mod": "index/invitation", @@ -390,6 +403,22 @@ "azuread:index/namedLocation:NamedLocation": "NamedLocation" } }, + { + "pkg": "azuread", + "mod": "index/privilegedAccessGroupAssignmentSchedule", + "fqn": "pulumi_azuread", + "classes": { + "azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule": "PrivilegedAccessGroupAssignmentSchedule" + } + }, + { + "pkg": "azuread", + "mod": "index/privilegedAccessGroupEligibilitySchedule", + "fqn": "pulumi_azuread", + "classes": { + "azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule": "PrivilegedAccessGroupEligibilitySchedule" + } + }, { "pkg": "azuread", "mod": "index/servicePrincipal", @@ -446,6 +475,14 @@ "azuread:index/synchronizationJob:SynchronizationJob": "SynchronizationJob" } }, + { + "pkg": "azuread", + "mod": "index/synchronizationJobProvisionOnDemand", + "fqn": "pulumi_azuread", + "classes": { + "azuread:index/synchronizationJobProvisionOnDemand:SynchronizationJobProvisionOnDemand": "SynchronizationJobProvisionOnDemand" + } + }, { "pkg": "azuread", "mod": "index/synchronizationSecret", diff --git a/sdk/python/pulumi_azuread/_inputs.py b/sdk/python/pulumi_azuread/_inputs.py index d4d462f35..9f5b3a10e 100644 --- a/sdk/python/pulumi_azuread/_inputs.py +++ b/sdk/python/pulumi_azuread/_inputs.py @@ -54,6 +54,24 @@ 'ConditionalAccessPolicySessionControlsArgs', 'CustomDirectoryRolePermissionArgs', 'GroupDynamicMembershipArgs', + 'GroupRoleManagementPolicyActivationRulesArgs', + 'GroupRoleManagementPolicyActivationRulesApprovalStageArgs', + 'GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs', + 'GroupRoleManagementPolicyActiveAssignmentRulesArgs', + 'GroupRoleManagementPolicyEligibleAssignmentRulesArgs', + 'GroupRoleManagementPolicyNotificationRulesArgs', + 'GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs', + 'GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs', + 'GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs', + 'GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs', + 'GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs', + 'GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs', + 'GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs', + 'GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs', + 'GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs', + 'GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs', + 'GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs', + 'GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs', 'InvitationMessageArgs', 'NamedLocationCountryArgs', 'NamedLocationIpArgs', @@ -62,6 +80,8 @@ 'ServicePrincipalFeatureTagArgs', 'ServicePrincipalOauth2PermissionScopeArgs', 'ServicePrincipalSamlSingleSignOnArgs', + 'SynchronizationJobProvisionOnDemandParameterArgs', + 'SynchronizationJobProvisionOnDemandParameterSubjectArgs', 'SynchronizationJobScheduleArgs', 'SynchronizationSecretCredentialArgs', ] @@ -2757,6 +2777,1020 @@ def rule(self, value: pulumi.Input[str]): pulumi.set(self, "rule", value) +@pulumi.input_type +class GroupRoleManagementPolicyActivationRulesArgs: + def __init__(__self__, *, + approval_stage: Optional[pulumi.Input['GroupRoleManagementPolicyActivationRulesApprovalStageArgs']] = None, + maximum_duration: Optional[pulumi.Input[str]] = None, + require_approval: Optional[pulumi.Input[bool]] = None, + require_justification: Optional[pulumi.Input[bool]] = None, + require_multifactor_authentication: Optional[pulumi.Input[bool]] = None, + require_ticket_info: Optional[pulumi.Input[bool]] = None, + required_conditional_access_authentication_context: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input['GroupRoleManagementPolicyActivationRulesApprovalStageArgs'] approval_stage: An `approval_stage` block as defined below. + :param pulumi.Input[str] maximum_duration: The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + :param pulumi.Input[bool] require_approval: Is approval required for activation. If `true` an `approval_stage` block must be provided. + :param pulumi.Input[bool] require_justification: Is a justification required during activation of the role. + :param pulumi.Input[bool] require_multifactor_authentication: Is multi-factor authentication required to activate the role. Conflicts with `required_conditional_access_authentication_context`. + :param pulumi.Input[bool] require_ticket_info: Is ticket information requrired during activation of the role. + :param pulumi.Input[str] required_conditional_access_authentication_context: The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + """ + if approval_stage is not None: + pulumi.set(__self__, "approval_stage", approval_stage) + if maximum_duration is not None: + pulumi.set(__self__, "maximum_duration", maximum_duration) + if require_approval is not None: + pulumi.set(__self__, "require_approval", require_approval) + if require_justification is not None: + pulumi.set(__self__, "require_justification", require_justification) + if require_multifactor_authentication is not None: + pulumi.set(__self__, "require_multifactor_authentication", require_multifactor_authentication) + if require_ticket_info is not None: + pulumi.set(__self__, "require_ticket_info", require_ticket_info) + if required_conditional_access_authentication_context is not None: + pulumi.set(__self__, "required_conditional_access_authentication_context", required_conditional_access_authentication_context) + + @property + @pulumi.getter(name="approvalStage") + def approval_stage(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyActivationRulesApprovalStageArgs']]: + """ + An `approval_stage` block as defined below. + """ + return pulumi.get(self, "approval_stage") + + @approval_stage.setter + def approval_stage(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyActivationRulesApprovalStageArgs']]): + pulumi.set(self, "approval_stage", value) + + @property + @pulumi.getter(name="maximumDuration") + def maximum_duration(self) -> Optional[pulumi.Input[str]]: + """ + The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + """ + return pulumi.get(self, "maximum_duration") + + @maximum_duration.setter + def maximum_duration(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "maximum_duration", value) + + @property + @pulumi.getter(name="requireApproval") + def require_approval(self) -> Optional[pulumi.Input[bool]]: + """ + Is approval required for activation. If `true` an `approval_stage` block must be provided. + """ + return pulumi.get(self, "require_approval") + + @require_approval.setter + def require_approval(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "require_approval", value) + + @property + @pulumi.getter(name="requireJustification") + def require_justification(self) -> Optional[pulumi.Input[bool]]: + """ + Is a justification required during activation of the role. + """ + return pulumi.get(self, "require_justification") + + @require_justification.setter + def require_justification(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "require_justification", value) + + @property + @pulumi.getter(name="requireMultifactorAuthentication") + def require_multifactor_authentication(self) -> Optional[pulumi.Input[bool]]: + """ + Is multi-factor authentication required to activate the role. Conflicts with `required_conditional_access_authentication_context`. + """ + return pulumi.get(self, "require_multifactor_authentication") + + @require_multifactor_authentication.setter + def require_multifactor_authentication(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "require_multifactor_authentication", value) + + @property + @pulumi.getter(name="requireTicketInfo") + def require_ticket_info(self) -> Optional[pulumi.Input[bool]]: + """ + Is ticket information requrired during activation of the role. + """ + return pulumi.get(self, "require_ticket_info") + + @require_ticket_info.setter + def require_ticket_info(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "require_ticket_info", value) + + @property + @pulumi.getter(name="requiredConditionalAccessAuthenticationContext") + def required_conditional_access_authentication_context(self) -> Optional[pulumi.Input[str]]: + """ + The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + """ + return pulumi.get(self, "required_conditional_access_authentication_context") + + @required_conditional_access_authentication_context.setter + def required_conditional_access_authentication_context(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "required_conditional_access_authentication_context", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyActivationRulesApprovalStageArgs: + def __init__(__self__, *, + primary_approvers: pulumi.Input[Sequence[pulumi.Input['GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs']]]): + """ + :param pulumi.Input[Sequence[pulumi.Input['GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs']]] primary_approvers: The IDs of the users or groups who can approve the activation + """ + pulumi.set(__self__, "primary_approvers", primary_approvers) + + @property + @pulumi.getter(name="primaryApprovers") + def primary_approvers(self) -> pulumi.Input[Sequence[pulumi.Input['GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs']]]: + """ + The IDs of the users or groups who can approve the activation + """ + return pulumi.get(self, "primary_approvers") + + @primary_approvers.setter + def primary_approvers(self, value: pulumi.Input[Sequence[pulumi.Input['GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs']]]): + pulumi.set(self, "primary_approvers", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs: + def __init__(__self__, *, + object_id: pulumi.Input[str], + type: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] object_id: The ID of the object which will act as an approver. + :param pulumi.Input[str] type: The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + """ + pulumi.set(__self__, "object_id", object_id) + if type is not None: + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter(name="objectId") + def object_id(self) -> pulumi.Input[str]: + """ + The ID of the object which will act as an approver. + """ + return pulumi.get(self, "object_id") + + @object_id.setter + def object_id(self, value: pulumi.Input[str]): + pulumi.set(self, "object_id", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[str]]: + """ + The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "type", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyActiveAssignmentRulesArgs: + def __init__(__self__, *, + expiration_required: Optional[pulumi.Input[bool]] = None, + expire_after: Optional[pulumi.Input[str]] = None, + require_justification: Optional[pulumi.Input[bool]] = None, + require_multifactor_authentication: Optional[pulumi.Input[bool]] = None, + require_ticket_info: Optional[pulumi.Input[bool]] = None): + """ + :param pulumi.Input[bool] expiration_required: Must an assignment have an expiry date. `false` allows permanent assignment. + :param pulumi.Input[str] expire_after: The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + :param pulumi.Input[bool] require_justification: Is a justification required to create new assignments. + :param pulumi.Input[bool] require_multifactor_authentication: Is multi-factor authentication required to create new assignments. + :param pulumi.Input[bool] require_ticket_info: Is ticket information required to create new assignments. + + One of `expiration_required` or `expire_after` must be provided. + """ + if expiration_required is not None: + pulumi.set(__self__, "expiration_required", expiration_required) + if expire_after is not None: + pulumi.set(__self__, "expire_after", expire_after) + if require_justification is not None: + pulumi.set(__self__, "require_justification", require_justification) + if require_multifactor_authentication is not None: + pulumi.set(__self__, "require_multifactor_authentication", require_multifactor_authentication) + if require_ticket_info is not None: + pulumi.set(__self__, "require_ticket_info", require_ticket_info) + + @property + @pulumi.getter(name="expirationRequired") + def expiration_required(self) -> Optional[pulumi.Input[bool]]: + """ + Must an assignment have an expiry date. `false` allows permanent assignment. + """ + return pulumi.get(self, "expiration_required") + + @expiration_required.setter + def expiration_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "expiration_required", value) + + @property + @pulumi.getter(name="expireAfter") + def expire_after(self) -> Optional[pulumi.Input[str]]: + """ + The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + """ + return pulumi.get(self, "expire_after") + + @expire_after.setter + def expire_after(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "expire_after", value) + + @property + @pulumi.getter(name="requireJustification") + def require_justification(self) -> Optional[pulumi.Input[bool]]: + """ + Is a justification required to create new assignments. + """ + return pulumi.get(self, "require_justification") + + @require_justification.setter + def require_justification(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "require_justification", value) + + @property + @pulumi.getter(name="requireMultifactorAuthentication") + def require_multifactor_authentication(self) -> Optional[pulumi.Input[bool]]: + """ + Is multi-factor authentication required to create new assignments. + """ + return pulumi.get(self, "require_multifactor_authentication") + + @require_multifactor_authentication.setter + def require_multifactor_authentication(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "require_multifactor_authentication", value) + + @property + @pulumi.getter(name="requireTicketInfo") + def require_ticket_info(self) -> Optional[pulumi.Input[bool]]: + """ + Is ticket information required to create new assignments. + + One of `expiration_required` or `expire_after` must be provided. + """ + return pulumi.get(self, "require_ticket_info") + + @require_ticket_info.setter + def require_ticket_info(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "require_ticket_info", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyEligibleAssignmentRulesArgs: + def __init__(__self__, *, + expiration_required: Optional[pulumi.Input[bool]] = None, + expire_after: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[bool] expiration_required: Must an assignment have an expiry date. `false` allows permanent assignment. + :param pulumi.Input[str] expire_after: The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + + One of `expiration_required` or `expire_after` must be provided. + """ + if expiration_required is not None: + pulumi.set(__self__, "expiration_required", expiration_required) + if expire_after is not None: + pulumi.set(__self__, "expire_after", expire_after) + + @property + @pulumi.getter(name="expirationRequired") + def expiration_required(self) -> Optional[pulumi.Input[bool]]: + """ + Must an assignment have an expiry date. `false` allows permanent assignment. + """ + return pulumi.get(self, "expiration_required") + + @expiration_required.setter + def expiration_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "expiration_required", value) + + @property + @pulumi.getter(name="expireAfter") + def expire_after(self) -> Optional[pulumi.Input[str]]: + """ + The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + + One of `expiration_required` or `expire_after` must be provided. + """ + return pulumi.get(self, "expire_after") + + @expire_after.setter + def expire_after(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "expire_after", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyNotificationRulesArgs: + def __init__(__self__, *, + active_assignments: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs']] = None, + eligible_activations: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs']] = None, + eligible_assignments: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs']] = None): + """ + :param pulumi.Input['GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs'] active_assignments: A `notification_target` block as defined below to configure notfications on active role assignments. + :param pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs'] eligible_activations: A `notification_target` block as defined below for configuring notifications on activation of eligible role. + :param pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs'] eligible_assignments: A `notification_target` block as defined below to configure notification on eligible role assignments. + + At least one `notification_target` block must be provided. + """ + if active_assignments is not None: + pulumi.set(__self__, "active_assignments", active_assignments) + if eligible_activations is not None: + pulumi.set(__self__, "eligible_activations", eligible_activations) + if eligible_assignments is not None: + pulumi.set(__self__, "eligible_assignments", eligible_assignments) + + @property + @pulumi.getter(name="activeAssignments") + def active_assignments(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs']]: + """ + A `notification_target` block as defined below to configure notfications on active role assignments. + """ + return pulumi.get(self, "active_assignments") + + @active_assignments.setter + def active_assignments(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs']]): + pulumi.set(self, "active_assignments", value) + + @property + @pulumi.getter(name="eligibleActivations") + def eligible_activations(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs']]: + """ + A `notification_target` block as defined below for configuring notifications on activation of eligible role. + """ + return pulumi.get(self, "eligible_activations") + + @eligible_activations.setter + def eligible_activations(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs']]): + pulumi.set(self, "eligible_activations", value) + + @property + @pulumi.getter(name="eligibleAssignments") + def eligible_assignments(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs']]: + """ + A `notification_target` block as defined below to configure notification on eligible role assignments. + + At least one `notification_target` block must be provided. + """ + return pulumi.get(self, "eligible_assignments") + + @eligible_assignments.setter + def eligible_assignments(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs']]): + pulumi.set(self, "eligible_assignments", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs: + def __init__(__self__, *, + admin_notifications: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs']] = None, + approver_notifications: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs']] = None, + assignee_notifications: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs']] = None): + """ + :param pulumi.Input['GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs'] admin_notifications: Admin notification settings + :param pulumi.Input['GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs'] approver_notifications: Approver notification settings + :param pulumi.Input['GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs'] assignee_notifications: Assignee notification settings + """ + if admin_notifications is not None: + pulumi.set(__self__, "admin_notifications", admin_notifications) + if approver_notifications is not None: + pulumi.set(__self__, "approver_notifications", approver_notifications) + if assignee_notifications is not None: + pulumi.set(__self__, "assignee_notifications", assignee_notifications) + + @property + @pulumi.getter(name="adminNotifications") + def admin_notifications(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs']]: + """ + Admin notification settings + """ + return pulumi.get(self, "admin_notifications") + + @admin_notifications.setter + def admin_notifications(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs']]): + pulumi.set(self, "admin_notifications", value) + + @property + @pulumi.getter(name="approverNotifications") + def approver_notifications(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs']]: + """ + Approver notification settings + """ + return pulumi.get(self, "approver_notifications") + + @approver_notifications.setter + def approver_notifications(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs']]): + pulumi.set(self, "approver_notifications", value) + + @property + @pulumi.getter(name="assigneeNotifications") + def assignee_notifications(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs']]: + """ + Assignee notification settings + """ + return pulumi.get(self, "assignee_notifications") + + @assignee_notifications.setter + def assignee_notifications(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs']]): + pulumi.set(self, "assignee_notifications", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs: + def __init__(__self__, *, + default_recipients: pulumi.Input[bool], + notification_level: pulumi.Input[str], + additional_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] default_recipients: Whether the default recipients are notified + :param pulumi.Input[str] notification_level: What level of notifications are sent + :param pulumi.Input[Sequence[pulumi.Input[str]]] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> pulumi.Input[bool]: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @default_recipients.setter + def default_recipients(self, value: pulumi.Input[bool]): + pulumi.set(self, "default_recipients", value) + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> pulumi.Input[str]: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @notification_level.setter + def notification_level(self, value: pulumi.Input[str]): + pulumi.set(self, "notification_level", value) + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + @additional_recipients.setter + def additional_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "additional_recipients", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs: + def __init__(__self__, *, + default_recipients: pulumi.Input[bool], + notification_level: pulumi.Input[str], + additional_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] default_recipients: Whether the default recipients are notified + :param pulumi.Input[str] notification_level: What level of notifications are sent + :param pulumi.Input[Sequence[pulumi.Input[str]]] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> pulumi.Input[bool]: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @default_recipients.setter + def default_recipients(self, value: pulumi.Input[bool]): + pulumi.set(self, "default_recipients", value) + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> pulumi.Input[str]: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @notification_level.setter + def notification_level(self, value: pulumi.Input[str]): + pulumi.set(self, "notification_level", value) + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + @additional_recipients.setter + def additional_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "additional_recipients", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs: + def __init__(__self__, *, + default_recipients: pulumi.Input[bool], + notification_level: pulumi.Input[str], + additional_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] default_recipients: Whether the default recipients are notified + :param pulumi.Input[str] notification_level: What level of notifications are sent + :param pulumi.Input[Sequence[pulumi.Input[str]]] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> pulumi.Input[bool]: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @default_recipients.setter + def default_recipients(self, value: pulumi.Input[bool]): + pulumi.set(self, "default_recipients", value) + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> pulumi.Input[str]: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @notification_level.setter + def notification_level(self, value: pulumi.Input[str]): + pulumi.set(self, "notification_level", value) + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + @additional_recipients.setter + def additional_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "additional_recipients", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs: + def __init__(__self__, *, + admin_notifications: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs']] = None, + approver_notifications: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs']] = None, + assignee_notifications: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs']] = None): + """ + :param pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs'] admin_notifications: Admin notification settings + :param pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs'] approver_notifications: Approver notification settings + :param pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs'] assignee_notifications: Assignee notification settings + """ + if admin_notifications is not None: + pulumi.set(__self__, "admin_notifications", admin_notifications) + if approver_notifications is not None: + pulumi.set(__self__, "approver_notifications", approver_notifications) + if assignee_notifications is not None: + pulumi.set(__self__, "assignee_notifications", assignee_notifications) + + @property + @pulumi.getter(name="adminNotifications") + def admin_notifications(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs']]: + """ + Admin notification settings + """ + return pulumi.get(self, "admin_notifications") + + @admin_notifications.setter + def admin_notifications(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs']]): + pulumi.set(self, "admin_notifications", value) + + @property + @pulumi.getter(name="approverNotifications") + def approver_notifications(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs']]: + """ + Approver notification settings + """ + return pulumi.get(self, "approver_notifications") + + @approver_notifications.setter + def approver_notifications(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs']]): + pulumi.set(self, "approver_notifications", value) + + @property + @pulumi.getter(name="assigneeNotifications") + def assignee_notifications(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs']]: + """ + Assignee notification settings + """ + return pulumi.get(self, "assignee_notifications") + + @assignee_notifications.setter + def assignee_notifications(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs']]): + pulumi.set(self, "assignee_notifications", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs: + def __init__(__self__, *, + default_recipients: pulumi.Input[bool], + notification_level: pulumi.Input[str], + additional_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] default_recipients: Whether the default recipients are notified + :param pulumi.Input[str] notification_level: What level of notifications are sent + :param pulumi.Input[Sequence[pulumi.Input[str]]] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> pulumi.Input[bool]: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @default_recipients.setter + def default_recipients(self, value: pulumi.Input[bool]): + pulumi.set(self, "default_recipients", value) + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> pulumi.Input[str]: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @notification_level.setter + def notification_level(self, value: pulumi.Input[str]): + pulumi.set(self, "notification_level", value) + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + @additional_recipients.setter + def additional_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "additional_recipients", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs: + def __init__(__self__, *, + default_recipients: pulumi.Input[bool], + notification_level: pulumi.Input[str], + additional_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] default_recipients: Whether the default recipients are notified + :param pulumi.Input[str] notification_level: What level of notifications are sent + :param pulumi.Input[Sequence[pulumi.Input[str]]] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> pulumi.Input[bool]: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @default_recipients.setter + def default_recipients(self, value: pulumi.Input[bool]): + pulumi.set(self, "default_recipients", value) + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> pulumi.Input[str]: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @notification_level.setter + def notification_level(self, value: pulumi.Input[str]): + pulumi.set(self, "notification_level", value) + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + @additional_recipients.setter + def additional_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "additional_recipients", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs: + def __init__(__self__, *, + default_recipients: pulumi.Input[bool], + notification_level: pulumi.Input[str], + additional_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] default_recipients: Whether the default recipients are notified + :param pulumi.Input[str] notification_level: What level of notifications are sent + :param pulumi.Input[Sequence[pulumi.Input[str]]] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> pulumi.Input[bool]: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @default_recipients.setter + def default_recipients(self, value: pulumi.Input[bool]): + pulumi.set(self, "default_recipients", value) + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> pulumi.Input[str]: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @notification_level.setter + def notification_level(self, value: pulumi.Input[str]): + pulumi.set(self, "notification_level", value) + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + @additional_recipients.setter + def additional_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "additional_recipients", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs: + def __init__(__self__, *, + admin_notifications: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs']] = None, + approver_notifications: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs']] = None, + assignee_notifications: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs']] = None): + """ + :param pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs'] admin_notifications: Admin notification settings + :param pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs'] approver_notifications: Approver notification settings + :param pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs'] assignee_notifications: Assignee notification settings + """ + if admin_notifications is not None: + pulumi.set(__self__, "admin_notifications", admin_notifications) + if approver_notifications is not None: + pulumi.set(__self__, "approver_notifications", approver_notifications) + if assignee_notifications is not None: + pulumi.set(__self__, "assignee_notifications", assignee_notifications) + + @property + @pulumi.getter(name="adminNotifications") + def admin_notifications(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs']]: + """ + Admin notification settings + """ + return pulumi.get(self, "admin_notifications") + + @admin_notifications.setter + def admin_notifications(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs']]): + pulumi.set(self, "admin_notifications", value) + + @property + @pulumi.getter(name="approverNotifications") + def approver_notifications(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs']]: + """ + Approver notification settings + """ + return pulumi.get(self, "approver_notifications") + + @approver_notifications.setter + def approver_notifications(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs']]): + pulumi.set(self, "approver_notifications", value) + + @property + @pulumi.getter(name="assigneeNotifications") + def assignee_notifications(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs']]: + """ + Assignee notification settings + """ + return pulumi.get(self, "assignee_notifications") + + @assignee_notifications.setter + def assignee_notifications(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs']]): + pulumi.set(self, "assignee_notifications", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs: + def __init__(__self__, *, + default_recipients: pulumi.Input[bool], + notification_level: pulumi.Input[str], + additional_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] default_recipients: Whether the default recipients are notified + :param pulumi.Input[str] notification_level: What level of notifications are sent + :param pulumi.Input[Sequence[pulumi.Input[str]]] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> pulumi.Input[bool]: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @default_recipients.setter + def default_recipients(self, value: pulumi.Input[bool]): + pulumi.set(self, "default_recipients", value) + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> pulumi.Input[str]: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @notification_level.setter + def notification_level(self, value: pulumi.Input[str]): + pulumi.set(self, "notification_level", value) + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + @additional_recipients.setter + def additional_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "additional_recipients", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs: + def __init__(__self__, *, + default_recipients: pulumi.Input[bool], + notification_level: pulumi.Input[str], + additional_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] default_recipients: Whether the default recipients are notified + :param pulumi.Input[str] notification_level: What level of notifications are sent + :param pulumi.Input[Sequence[pulumi.Input[str]]] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> pulumi.Input[bool]: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @default_recipients.setter + def default_recipients(self, value: pulumi.Input[bool]): + pulumi.set(self, "default_recipients", value) + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> pulumi.Input[str]: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @notification_level.setter + def notification_level(self, value: pulumi.Input[str]): + pulumi.set(self, "notification_level", value) + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + @additional_recipients.setter + def additional_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "additional_recipients", value) + + +@pulumi.input_type +class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs: + def __init__(__self__, *, + default_recipients: pulumi.Input[bool], + notification_level: pulumi.Input[str], + additional_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[bool] default_recipients: Whether the default recipients are notified + :param pulumi.Input[str] notification_level: What level of notifications are sent + :param pulumi.Input[Sequence[pulumi.Input[str]]] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> pulumi.Input[bool]: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @default_recipients.setter + def default_recipients(self, value: pulumi.Input[bool]): + pulumi.set(self, "default_recipients", value) + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> pulumi.Input[str]: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @notification_level.setter + def notification_level(self, value: pulumi.Input[str]): + pulumi.set(self, "notification_level", value) + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + @additional_recipients.setter + def additional_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "additional_recipients", value) + + @pulumi.input_type class InvitationMessageArgs: def __init__(__self__, *, @@ -3291,6 +4325,80 @@ def relay_state(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "relay_state", value) +@pulumi.input_type +class SynchronizationJobProvisionOnDemandParameterArgs: + def __init__(__self__, *, + rule_id: pulumi.Input[str], + subjects: pulumi.Input[Sequence[pulumi.Input['SynchronizationJobProvisionOnDemandParameterSubjectArgs']]]): + """ + :param pulumi.Input[str] rule_id: The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + :param pulumi.Input[Sequence[pulumi.Input['SynchronizationJobProvisionOnDemandParameterSubjectArgs']]] subjects: One or more `subject` blocks as documented below. + """ + pulumi.set(__self__, "rule_id", rule_id) + pulumi.set(__self__, "subjects", subjects) + + @property + @pulumi.getter(name="ruleId") + def rule_id(self) -> pulumi.Input[str]: + """ + The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + """ + return pulumi.get(self, "rule_id") + + @rule_id.setter + def rule_id(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_id", value) + + @property + @pulumi.getter + def subjects(self) -> pulumi.Input[Sequence[pulumi.Input['SynchronizationJobProvisionOnDemandParameterSubjectArgs']]]: + """ + One or more `subject` blocks as documented below. + """ + return pulumi.get(self, "subjects") + + @subjects.setter + def subjects(self, value: pulumi.Input[Sequence[pulumi.Input['SynchronizationJobProvisionOnDemandParameterSubjectArgs']]]): + pulumi.set(self, "subjects", value) + + +@pulumi.input_type +class SynchronizationJobProvisionOnDemandParameterSubjectArgs: + def __init__(__self__, *, + object_id: pulumi.Input[str], + object_type_name: pulumi.Input[str]): + """ + :param pulumi.Input[str] object_id: The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + :param pulumi.Input[str] object_type_name: The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + """ + pulumi.set(__self__, "object_id", object_id) + pulumi.set(__self__, "object_type_name", object_type_name) + + @property + @pulumi.getter(name="objectId") + def object_id(self) -> pulumi.Input[str]: + """ + The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + """ + return pulumi.get(self, "object_id") + + @object_id.setter + def object_id(self, value: pulumi.Input[str]): + pulumi.set(self, "object_id", value) + + @property + @pulumi.getter(name="objectTypeName") + def object_type_name(self) -> pulumi.Input[str]: + """ + The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + """ + return pulumi.get(self, "object_type_name") + + @object_type_name.setter + def object_type_name(self, value: pulumi.Input[str]): + pulumi.set(self, "object_type_name", value) + + @pulumi.input_type class SynchronizationJobScheduleArgs: def __init__(__self__, *, diff --git a/sdk/python/pulumi_azuread/application.py b/sdk/python/pulumi_azuread/application.py index 27543651f..1c2dfdb49 100644 --- a/sdk/python/pulumi_azuread/application.py +++ b/sdk/python/pulumi_azuread/application.py @@ -54,7 +54,7 @@ def __init__(__self__, *, :param pulumi.Input[Sequence[pulumi.Input['ApplicationFeatureTagArgs']]] feature_tags: A `feature_tags` block as described below. Cannot be used together with the `tags` property. > **Features and Tags** Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `feature_tags` and `tags` for an application at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Tag values also propagate to any linked service principals. - :param pulumi.Input[Sequence[pulumi.Input[str]]] group_membership_claims: Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] group_membership_claims: A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. :param pulumi.Input[Sequence[pulumi.Input[str]]] identifier_uris: A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. :param pulumi.Input[str] logo_image: A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image. :param pulumi.Input[str] marketing_url: URL of the application's marketing page. @@ -227,7 +227,7 @@ def feature_tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['Appli @pulumi.getter(name="groupMembershipClaims") def group_membership_claims(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. """ return pulumi.get(self, "group_membership_claims") @@ -525,7 +525,7 @@ def __init__(__self__, *, :param pulumi.Input[Sequence[pulumi.Input['ApplicationFeatureTagArgs']]] feature_tags: A `feature_tags` block as described below. Cannot be used together with the `tags` property. > **Features and Tags** Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `feature_tags` and `tags` for an application at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Tag values also propagate to any linked service principals. - :param pulumi.Input[Sequence[pulumi.Input[str]]] group_membership_claims: Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] group_membership_claims: A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. :param pulumi.Input[Sequence[pulumi.Input[str]]] identifier_uris: A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. :param pulumi.Input[str] logo_image: A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image. :param pulumi.Input[str] logo_url: CDN URL to the application's logo, as uploaded with the `logo_image` property. @@ -773,7 +773,7 @@ def feature_tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['Appli @pulumi.getter(name="groupMembershipClaims") def group_membership_claims(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. """ return pulumi.get(self, "group_membership_claims") @@ -1255,7 +1255,7 @@ def __init__(__self__, :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationFeatureTagArgs']]]] feature_tags: A `feature_tags` block as described below. Cannot be used together with the `tags` property. > **Features and Tags** Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `feature_tags` and `tags` for an application at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Tag values also propagate to any linked service principals. - :param pulumi.Input[Sequence[pulumi.Input[str]]] group_membership_claims: Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] group_membership_claims: A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. :param pulumi.Input[Sequence[pulumi.Input[str]]] identifier_uris: A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. :param pulumi.Input[str] logo_image: A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image. :param pulumi.Input[str] marketing_url: URL of the application's marketing page. @@ -1588,7 +1588,7 @@ def get(resource_name: str, :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ApplicationFeatureTagArgs']]]] feature_tags: A `feature_tags` block as described below. Cannot be used together with the `tags` property. > **Features and Tags** Features are configured for an application using tags, and are provided as a shortcut to set the corresponding magic tag value for each feature. You cannot configure `feature_tags` and `tags` for an application at the same time, so if you need to assign additional custom tags it's recommended to use the `tags` property instead. Tag values also propagate to any linked service principals. - :param pulumi.Input[Sequence[pulumi.Input[str]]] group_membership_claims: Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] group_membership_claims: A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. :param pulumi.Input[Sequence[pulumi.Input[str]]] identifier_uris: A set of user-defined URI(s) that uniquely identify an application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. :param pulumi.Input[str] logo_image: A logo image to upload for the application, as a raw base64-encoded string. The image should be in gif, jpeg or png format. Note that once an image has been uploaded, it is not possible to remove it without replacing it with another image. :param pulumi.Input[str] logo_url: CDN URL to the application's logo, as uploaded with the `logo_image` property. @@ -1759,7 +1759,7 @@ def feature_tags(self) -> pulumi.Output[Sequence['outputs.ApplicationFeatureTag' @pulumi.getter(name="groupMembershipClaims") def group_membership_claims(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - Configures the `groups` claim issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. + A set of strings containing membership claims issued in a user or OAuth 2.0 access token that the app expects. Possible values are `None`, `SecurityGroup`, `DirectoryRole`, `ApplicationGroup` or `All`. """ return pulumi.get(self, "group_membership_claims") diff --git a/sdk/python/pulumi_azuread/get_group.py b/sdk/python/pulumi_azuread/get_group.py index b6ebf3db8..00744dba8 100644 --- a/sdk/python/pulumi_azuread/get_group.py +++ b/sdk/python/pulumi_azuread/get_group.py @@ -22,7 +22,7 @@ class GetGroupResult: """ A collection of values returned by getGroup. """ - def __init__(__self__, assignable_to_role=None, auto_subscribe_new_members=None, behaviors=None, description=None, display_name=None, dynamic_memberships=None, external_senders_allowed=None, hide_from_address_lists=None, hide_from_outlook_clients=None, id=None, mail=None, mail_enabled=None, mail_nickname=None, members=None, object_id=None, onpremises_domain_name=None, onpremises_group_type=None, onpremises_netbios_name=None, onpremises_sam_account_name=None, onpremises_security_identifier=None, onpremises_sync_enabled=None, owners=None, preferred_language=None, provisioning_options=None, proxy_addresses=None, security_enabled=None, theme=None, types=None, visibility=None, writeback_enabled=None): + def __init__(__self__, assignable_to_role=None, auto_subscribe_new_members=None, behaviors=None, description=None, display_name=None, dynamic_memberships=None, external_senders_allowed=None, hide_from_address_lists=None, hide_from_outlook_clients=None, id=None, include_transitive_members=None, mail=None, mail_enabled=None, mail_nickname=None, members=None, object_id=None, onpremises_domain_name=None, onpremises_group_type=None, onpremises_netbios_name=None, onpremises_sam_account_name=None, onpremises_security_identifier=None, onpremises_sync_enabled=None, owners=None, preferred_language=None, provisioning_options=None, proxy_addresses=None, security_enabled=None, theme=None, types=None, visibility=None, writeback_enabled=None): if assignable_to_role and not isinstance(assignable_to_role, bool): raise TypeError("Expected argument 'assignable_to_role' to be a bool") pulumi.set(__self__, "assignable_to_role", assignable_to_role) @@ -53,6 +53,9 @@ def __init__(__self__, assignable_to_role=None, auto_subscribe_new_members=None, if id and not isinstance(id, str): raise TypeError("Expected argument 'id' to be a str") pulumi.set(__self__, "id", id) + if include_transitive_members and not isinstance(include_transitive_members, bool): + raise TypeError("Expected argument 'include_transitive_members' to be a bool") + pulumi.set(__self__, "include_transitive_members", include_transitive_members) if mail and not isinstance(mail, str): raise TypeError("Expected argument 'mail' to be a str") pulumi.set(__self__, "mail", mail) @@ -194,6 +197,11 @@ def id(self) -> str: """ return pulumi.get(self, "id") + @property + @pulumi.getter(name="includeTransitiveMembers") + def include_transitive_members(self) -> Optional[bool]: + return pulumi.get(self, "include_transitive_members") + @property @pulumi.getter def mail(self) -> str: @@ -222,7 +230,7 @@ def mail_nickname(self) -> str: @pulumi.getter def members(self) -> Sequence[str]: """ - List of object IDs of the group members. + List of object IDs of the group members. When `include_transitive_members` is `true`, contains a list of object IDs of all transitive group members. """ return pulumi.get(self, "members") @@ -371,6 +379,7 @@ def __await__(self): hide_from_address_lists=self.hide_from_address_lists, hide_from_outlook_clients=self.hide_from_outlook_clients, id=self.id, + include_transitive_members=self.include_transitive_members, mail=self.mail, mail_enabled=self.mail_enabled, mail_nickname=self.mail_nickname, @@ -394,6 +403,7 @@ def __await__(self): def get_group(display_name: Optional[str] = None, + include_transitive_members: Optional[bool] = None, mail_enabled: Optional[bool] = None, mail_nickname: Optional[str] = None, object_id: Optional[str] = None, @@ -424,6 +434,7 @@ def get_group(display_name: Optional[str] = None, :param str display_name: The display name for the group. + :param bool include_transitive_members: Whether to include transitive members (a flat list of all nested members). Defaults to `false`. :param bool mail_enabled: Whether the group is mail-enabled. :param str mail_nickname: The mail alias for the group, unique in the organisation. :param str object_id: Specifies the object ID of the group. @@ -433,6 +444,7 @@ def get_group(display_name: Optional[str] = None, """ __args__ = dict() __args__['displayName'] = display_name + __args__['includeTransitiveMembers'] = include_transitive_members __args__['mailEnabled'] = mail_enabled __args__['mailNickname'] = mail_nickname __args__['objectId'] = object_id @@ -451,6 +463,7 @@ def get_group(display_name: Optional[str] = None, hide_from_address_lists=pulumi.get(__ret__, 'hide_from_address_lists'), hide_from_outlook_clients=pulumi.get(__ret__, 'hide_from_outlook_clients'), id=pulumi.get(__ret__, 'id'), + include_transitive_members=pulumi.get(__ret__, 'include_transitive_members'), mail=pulumi.get(__ret__, 'mail'), mail_enabled=pulumi.get(__ret__, 'mail_enabled'), mail_nickname=pulumi.get(__ret__, 'mail_nickname'), @@ -475,6 +488,7 @@ def get_group(display_name: Optional[str] = None, @_utilities.lift_output_func(get_group) def get_group_output(display_name: Optional[pulumi.Input[Optional[str]]] = None, + include_transitive_members: Optional[pulumi.Input[Optional[bool]]] = None, mail_enabled: Optional[pulumi.Input[Optional[bool]]] = None, mail_nickname: Optional[pulumi.Input[Optional[str]]] = None, object_id: Optional[pulumi.Input[Optional[str]]] = None, @@ -505,6 +519,7 @@ def get_group_output(display_name: Optional[pulumi.Input[Optional[str]]] = None, :param str display_name: The display name for the group. + :param bool include_transitive_members: Whether to include transitive members (a flat list of all nested members). Defaults to `false`. :param bool mail_enabled: Whether the group is mail-enabled. :param str mail_nickname: The mail alias for the group, unique in the organisation. :param str object_id: Specifies the object ID of the group. diff --git a/sdk/python/pulumi_azuread/get_group_role_management_policy.py b/sdk/python/pulumi_azuread/get_group_role_management_policy.py new file mode 100644 index 000000000..864449545 --- /dev/null +++ b/sdk/python/pulumi_azuread/get_group_role_management_policy.py @@ -0,0 +1,166 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from . import _utilities + +__all__ = [ + 'GetGroupRoleManagementPolicyResult', + 'AwaitableGetGroupRoleManagementPolicyResult', + 'get_group_role_management_policy', + 'get_group_role_management_policy_output', +] + +@pulumi.output_type +class GetGroupRoleManagementPolicyResult: + """ + A collection of values returned by getGroupRoleManagementPolicy. + """ + def __init__(__self__, description=None, display_name=None, group_id=None, id=None, role_id=None): + if description and not isinstance(description, str): + raise TypeError("Expected argument 'description' to be a str") + pulumi.set(__self__, "description", description) + if display_name and not isinstance(display_name, str): + raise TypeError("Expected argument 'display_name' to be a str") + pulumi.set(__self__, "display_name", display_name) + if group_id and not isinstance(group_id, str): + raise TypeError("Expected argument 'group_id' to be a str") + pulumi.set(__self__, "group_id", group_id) + if id and not isinstance(id, str): + raise TypeError("Expected argument 'id' to be a str") + pulumi.set(__self__, "id", id) + if role_id and not isinstance(role_id, str): + raise TypeError("Expected argument 'role_id' to be a str") + pulumi.set(__self__, "role_id", role_id) + + @property + @pulumi.getter + def description(self) -> str: + """ + (String) The description of this policy. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> str: + """ + (String) The display name of this policy. + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter(name="groupId") + def group_id(self) -> str: + return pulumi.get(self, "group_id") + + @property + @pulumi.getter + def id(self) -> str: + """ + The provider-assigned unique ID for this managed resource. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter(name="roleId") + def role_id(self) -> str: + return pulumi.get(self, "role_id") + + +class AwaitableGetGroupRoleManagementPolicyResult(GetGroupRoleManagementPolicyResult): + # pylint: disable=using-constant-test + def __await__(self): + if False: + yield self + return GetGroupRoleManagementPolicyResult( + description=self.description, + display_name=self.display_name, + group_id=self.group_id, + id=self.id, + role_id=self.role_id) + + +def get_group_role_management_policy(group_id: Optional[str] = None, + role_id: Optional[str] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetGroupRoleManagementPolicyResult: + """ + Use this data source to retrieve a role policy for an Azure AD group. + + ## API Permissions + + The following API permissions are required in order to use this resource. + + When authenticated with a service principal, this resource requires the `RoleManagementPolicy.Read.AzureADGroup` Microsoft Graph API permissions. + + When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + + ## Example Usage + + ```python + import pulumi + import pulumi_azuread as azuread + + example = azuread.Group("example", + display_name="group-name", + security_enabled=True) + owners_policy = azuread.get_group_role_management_policy_output(group_id=example.id, + role_id="owner") + ``` + + + :param str group_id: The ID of the Azure AD group for which the policy applies. + :param str role_id: The type of assignment this policy coveres. Can be either `member` or `owner`. + """ + __args__ = dict() + __args__['groupId'] = group_id + __args__['roleId'] = role_id + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke('azuread:index/getGroupRoleManagementPolicy:getGroupRoleManagementPolicy', __args__, opts=opts, typ=GetGroupRoleManagementPolicyResult).value + + return AwaitableGetGroupRoleManagementPolicyResult( + description=pulumi.get(__ret__, 'description'), + display_name=pulumi.get(__ret__, 'display_name'), + group_id=pulumi.get(__ret__, 'group_id'), + id=pulumi.get(__ret__, 'id'), + role_id=pulumi.get(__ret__, 'role_id')) + + +@_utilities.lift_output_func(get_group_role_management_policy) +def get_group_role_management_policy_output(group_id: Optional[pulumi.Input[str]] = None, + role_id: Optional[pulumi.Input[str]] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetGroupRoleManagementPolicyResult]: + """ + Use this data source to retrieve a role policy for an Azure AD group. + + ## API Permissions + + The following API permissions are required in order to use this resource. + + When authenticated with a service principal, this resource requires the `RoleManagementPolicy.Read.AzureADGroup` Microsoft Graph API permissions. + + When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + + ## Example Usage + + ```python + import pulumi + import pulumi_azuread as azuread + + example = azuread.Group("example", + display_name="group-name", + security_enabled=True) + owners_policy = azuread.get_group_role_management_policy_output(group_id=example.id, + role_id="owner") + ``` + + + :param str group_id: The ID of the Azure AD group for which the policy applies. + :param str role_id: The type of assignment this policy coveres. Can be either `member` or `owner`. + """ + ... diff --git a/sdk/python/pulumi_azuread/get_service_principals.py b/sdk/python/pulumi_azuread/get_service_principals.py index 504639884..9deac3587 100644 --- a/sdk/python/pulumi_azuread/get_service_principals.py +++ b/sdk/python/pulumi_azuread/get_service_principals.py @@ -158,7 +158,7 @@ def get_service_principals(application_ids: Optional[Sequence[str]] = None, ]) ``` - *Look up by application IDs (client IDs* + *Look up by application IDs (client IDs)* ```python import pulumi @@ -248,7 +248,7 @@ def get_service_principals_output(application_ids: Optional[pulumi.Input[Optiona ]) ``` - *Look up by application IDs (client IDs* + *Look up by application IDs (client IDs)* ```python import pulumi diff --git a/sdk/python/pulumi_azuread/group.py b/sdk/python/pulumi_azuread/group.py index 45a5b0634..afda570c4 100644 --- a/sdk/python/pulumi_azuread/group.py +++ b/sdk/python/pulumi_azuread/group.py @@ -48,7 +48,7 @@ def __init__(__self__, *, :param pulumi.Input[bool] auto_subscribe_new_members: Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups. > **Known Permissions Issue** The `auto_subscribe_new_members` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation. - :param pulumi.Input[Sequence[pulumi.Input[str]]] behaviors: A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + :param pulumi.Input[Sequence[pulumi.Input[str]]] behaviors: A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. :param pulumi.Input[str] description: The description for the group. :param pulumi.Input['GroupDynamicMembershipArgs'] dynamic_membership: A `dynamic_membership` block as documented below. Required when `types` contains `DynamicMembership`. Cannot be used with the `members` property. :param pulumi.Input[bool] external_senders_allowed: Indicates whether people external to the organization can send messages to the group. Can only be set for Unified groups. @@ -179,7 +179,7 @@ def auto_subscribe_new_members(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def behaviors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. """ return pulumi.get(self, "behaviors") @@ -447,7 +447,7 @@ def __init__(__self__, *, :param pulumi.Input[bool] auto_subscribe_new_members: Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups. > **Known Permissions Issue** The `auto_subscribe_new_members` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation. - :param pulumi.Input[Sequence[pulumi.Input[str]]] behaviors: A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + :param pulumi.Input[Sequence[pulumi.Input[str]]] behaviors: A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. :param pulumi.Input[str] description: The description for the group. :param pulumi.Input[str] display_name: The display name for the group. :param pulumi.Input['GroupDynamicMembershipArgs'] dynamic_membership: A `dynamic_membership` block as documented below. Required when `types` contains `DynamicMembership`. Cannot be used with the `members` property. @@ -595,7 +595,7 @@ def auto_subscribe_new_members(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter def behaviors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. """ return pulumi.get(self, "behaviors") @@ -979,7 +979,7 @@ def __init__(__self__, Alternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`. - If using the `assignable_to_role` property, this resource additionally requires one of the following application roles: `RoleManagement.ReadWrite.Directory` or `Directory.ReadWrite.All` + If using the `assignable_to_role` property, this resource additionally requires the `RoleManagement.ReadWrite.Directory` application role. If specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All` @@ -1047,7 +1047,7 @@ def __init__(__self__, :param pulumi.Input[bool] auto_subscribe_new_members: Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups. > **Known Permissions Issue** The `auto_subscribe_new_members` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation. - :param pulumi.Input[Sequence[pulumi.Input[str]]] behaviors: A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + :param pulumi.Input[Sequence[pulumi.Input[str]]] behaviors: A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. :param pulumi.Input[str] description: The description for the group. :param pulumi.Input[str] display_name: The display name for the group. :param pulumi.Input[pulumi.InputType['GroupDynamicMembershipArgs']] dynamic_membership: A `dynamic_membership` block as documented below. Required when `types` contains `DynamicMembership`. Cannot be used with the `members` property. @@ -1096,7 +1096,7 @@ def __init__(__self__, Alternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`. - If using the `assignable_to_role` property, this resource additionally requires one of the following application roles: `RoleManagement.ReadWrite.Directory` or `Directory.ReadWrite.All` + If using the `assignable_to_role` property, this resource additionally requires the `RoleManagement.ReadWrite.Directory` application role. If specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All` @@ -1289,7 +1289,7 @@ def get(resource_name: str, :param pulumi.Input[bool] auto_subscribe_new_members: Indicates whether new members added to the group will be auto-subscribed to receive email notifications. Can only be set for Unified groups. > **Known Permissions Issue** The `auto_subscribe_new_members` property can only be set when authenticating as a Member user of the tenant and _not_ when authenticating as a Guest user or as a service principal. Please see the [Microsoft Graph Known Issues](https://docs.microsoft.com/en-us/graph/known-issues#groups) documentation. - :param pulumi.Input[Sequence[pulumi.Input[str]]] behaviors: A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + :param pulumi.Input[Sequence[pulumi.Input[str]]] behaviors: A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. :param pulumi.Input[str] description: The description for the group. :param pulumi.Input[str] display_name: The display name for the group. :param pulumi.Input[pulumi.InputType['GroupDynamicMembershipArgs']] dynamic_membership: A `dynamic_membership` block as documented below. Required when `types` contains `DynamicMembership`. Cannot be used with the `members` property. @@ -1399,7 +1399,7 @@ def auto_subscribe_new_members(self) -> pulumi.Output[bool]: @pulumi.getter def behaviors(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. + A set of behaviors for a Microsoft 365 group. Possible values are `AllowOnlyMembersToPost`, `HideGroupInOutlook`, `SkipExchangeInstantOn`, `SubscribeMembersToCalendarEventsDisabled`, `SubscribeNewGroupMembers` and `WelcomeEmailDisabled`. See [official documentation](https://docs.microsoft.com/en-us/graph/group-set-options) for more details. Changing this forces a new resource to be created. """ return pulumi.get(self, "behaviors") diff --git a/sdk/python/pulumi_azuread/group_role_management_policy.py b/sdk/python/pulumi_azuread/group_role_management_policy.py new file mode 100644 index 000000000..a28d94369 --- /dev/null +++ b/sdk/python/pulumi_azuread/group_role_management_policy.py @@ -0,0 +1,456 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from . import _utilities +from . import outputs +from ._inputs import * + +__all__ = ['GroupRoleManagementPolicyArgs', 'GroupRoleManagementPolicy'] + +@pulumi.input_type +class GroupRoleManagementPolicyArgs: + def __init__(__self__, *, + group_id: pulumi.Input[str], + role_id: pulumi.Input[str], + activation_rules: Optional[pulumi.Input['GroupRoleManagementPolicyActivationRulesArgs']] = None, + active_assignment_rules: Optional[pulumi.Input['GroupRoleManagementPolicyActiveAssignmentRulesArgs']] = None, + eligible_assignment_rules: Optional[pulumi.Input['GroupRoleManagementPolicyEligibleAssignmentRulesArgs']] = None, + notification_rules: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesArgs']] = None): + """ + The set of arguments for constructing a GroupRoleManagementPolicy resource. + :param pulumi.Input[str] group_id: The ID of the Azure AD group for which the policy applies. + :param pulumi.Input[str] role_id: The type of assignment this policy coveres. Can be either `member` or `owner`. + :param pulumi.Input['GroupRoleManagementPolicyActivationRulesArgs'] activation_rules: An `activation_rules` block as defined below. + :param pulumi.Input['GroupRoleManagementPolicyActiveAssignmentRulesArgs'] active_assignment_rules: An `active_assignment_rules` block as defined below. + :param pulumi.Input['GroupRoleManagementPolicyEligibleAssignmentRulesArgs'] eligible_assignment_rules: An `eligible_assignment_rules` block as defined below. + :param pulumi.Input['GroupRoleManagementPolicyNotificationRulesArgs'] notification_rules: A `notification_rules` block as defined below. + """ + pulumi.set(__self__, "group_id", group_id) + pulumi.set(__self__, "role_id", role_id) + if activation_rules is not None: + pulumi.set(__self__, "activation_rules", activation_rules) + if active_assignment_rules is not None: + pulumi.set(__self__, "active_assignment_rules", active_assignment_rules) + if eligible_assignment_rules is not None: + pulumi.set(__self__, "eligible_assignment_rules", eligible_assignment_rules) + if notification_rules is not None: + pulumi.set(__self__, "notification_rules", notification_rules) + + @property + @pulumi.getter(name="groupId") + def group_id(self) -> pulumi.Input[str]: + """ + The ID of the Azure AD group for which the policy applies. + """ + return pulumi.get(self, "group_id") + + @group_id.setter + def group_id(self, value: pulumi.Input[str]): + pulumi.set(self, "group_id", value) + + @property + @pulumi.getter(name="roleId") + def role_id(self) -> pulumi.Input[str]: + """ + The type of assignment this policy coveres. Can be either `member` or `owner`. + """ + return pulumi.get(self, "role_id") + + @role_id.setter + def role_id(self, value: pulumi.Input[str]): + pulumi.set(self, "role_id", value) + + @property + @pulumi.getter(name="activationRules") + def activation_rules(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyActivationRulesArgs']]: + """ + An `activation_rules` block as defined below. + """ + return pulumi.get(self, "activation_rules") + + @activation_rules.setter + def activation_rules(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyActivationRulesArgs']]): + pulumi.set(self, "activation_rules", value) + + @property + @pulumi.getter(name="activeAssignmentRules") + def active_assignment_rules(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyActiveAssignmentRulesArgs']]: + """ + An `active_assignment_rules` block as defined below. + """ + return pulumi.get(self, "active_assignment_rules") + + @active_assignment_rules.setter + def active_assignment_rules(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyActiveAssignmentRulesArgs']]): + pulumi.set(self, "active_assignment_rules", value) + + @property + @pulumi.getter(name="eligibleAssignmentRules") + def eligible_assignment_rules(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyEligibleAssignmentRulesArgs']]: + """ + An `eligible_assignment_rules` block as defined below. + """ + return pulumi.get(self, "eligible_assignment_rules") + + @eligible_assignment_rules.setter + def eligible_assignment_rules(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyEligibleAssignmentRulesArgs']]): + pulumi.set(self, "eligible_assignment_rules", value) + + @property + @pulumi.getter(name="notificationRules") + def notification_rules(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesArgs']]: + """ + A `notification_rules` block as defined below. + """ + return pulumi.get(self, "notification_rules") + + @notification_rules.setter + def notification_rules(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesArgs']]): + pulumi.set(self, "notification_rules", value) + + +@pulumi.input_type +class _GroupRoleManagementPolicyState: + def __init__(__self__, *, + activation_rules: Optional[pulumi.Input['GroupRoleManagementPolicyActivationRulesArgs']] = None, + active_assignment_rules: Optional[pulumi.Input['GroupRoleManagementPolicyActiveAssignmentRulesArgs']] = None, + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + eligible_assignment_rules: Optional[pulumi.Input['GroupRoleManagementPolicyEligibleAssignmentRulesArgs']] = None, + group_id: Optional[pulumi.Input[str]] = None, + notification_rules: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesArgs']] = None, + role_id: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering GroupRoleManagementPolicy resources. + :param pulumi.Input['GroupRoleManagementPolicyActivationRulesArgs'] activation_rules: An `activation_rules` block as defined below. + :param pulumi.Input['GroupRoleManagementPolicyActiveAssignmentRulesArgs'] active_assignment_rules: An `active_assignment_rules` block as defined below. + :param pulumi.Input[str] description: (String) The description of this policy. + :param pulumi.Input[str] display_name: (String) The display name of this policy. + :param pulumi.Input['GroupRoleManagementPolicyEligibleAssignmentRulesArgs'] eligible_assignment_rules: An `eligible_assignment_rules` block as defined below. + :param pulumi.Input[str] group_id: The ID of the Azure AD group for which the policy applies. + :param pulumi.Input['GroupRoleManagementPolicyNotificationRulesArgs'] notification_rules: A `notification_rules` block as defined below. + :param pulumi.Input[str] role_id: The type of assignment this policy coveres. Can be either `member` or `owner`. + """ + if activation_rules is not None: + pulumi.set(__self__, "activation_rules", activation_rules) + if active_assignment_rules is not None: + pulumi.set(__self__, "active_assignment_rules", active_assignment_rules) + if description is not None: + pulumi.set(__self__, "description", description) + if display_name is not None: + pulumi.set(__self__, "display_name", display_name) + if eligible_assignment_rules is not None: + pulumi.set(__self__, "eligible_assignment_rules", eligible_assignment_rules) + if group_id is not None: + pulumi.set(__self__, "group_id", group_id) + if notification_rules is not None: + pulumi.set(__self__, "notification_rules", notification_rules) + if role_id is not None: + pulumi.set(__self__, "role_id", role_id) + + @property + @pulumi.getter(name="activationRules") + def activation_rules(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyActivationRulesArgs']]: + """ + An `activation_rules` block as defined below. + """ + return pulumi.get(self, "activation_rules") + + @activation_rules.setter + def activation_rules(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyActivationRulesArgs']]): + pulumi.set(self, "activation_rules", value) + + @property + @pulumi.getter(name="activeAssignmentRules") + def active_assignment_rules(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyActiveAssignmentRulesArgs']]: + """ + An `active_assignment_rules` block as defined below. + """ + return pulumi.get(self, "active_assignment_rules") + + @active_assignment_rules.setter + def active_assignment_rules(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyActiveAssignmentRulesArgs']]): + pulumi.set(self, "active_assignment_rules", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + (String) The description of this policy. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[pulumi.Input[str]]: + """ + (String) The display name of this policy. + """ + return pulumi.get(self, "display_name") + + @display_name.setter + def display_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display_name", value) + + @property + @pulumi.getter(name="eligibleAssignmentRules") + def eligible_assignment_rules(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyEligibleAssignmentRulesArgs']]: + """ + An `eligible_assignment_rules` block as defined below. + """ + return pulumi.get(self, "eligible_assignment_rules") + + @eligible_assignment_rules.setter + def eligible_assignment_rules(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyEligibleAssignmentRulesArgs']]): + pulumi.set(self, "eligible_assignment_rules", value) + + @property + @pulumi.getter(name="groupId") + def group_id(self) -> Optional[pulumi.Input[str]]: + """ + The ID of the Azure AD group for which the policy applies. + """ + return pulumi.get(self, "group_id") + + @group_id.setter + def group_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "group_id", value) + + @property + @pulumi.getter(name="notificationRules") + def notification_rules(self) -> Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesArgs']]: + """ + A `notification_rules` block as defined below. + """ + return pulumi.get(self, "notification_rules") + + @notification_rules.setter + def notification_rules(self, value: Optional[pulumi.Input['GroupRoleManagementPolicyNotificationRulesArgs']]): + pulumi.set(self, "notification_rules", value) + + @property + @pulumi.getter(name="roleId") + def role_id(self) -> Optional[pulumi.Input[str]]: + """ + The type of assignment this policy coveres. Can be either `member` or `owner`. + """ + return pulumi.get(self, "role_id") + + @role_id.setter + def role_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "role_id", value) + + +class GroupRoleManagementPolicy(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + activation_rules: Optional[pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyActivationRulesArgs']]] = None, + active_assignment_rules: Optional[pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyActiveAssignmentRulesArgs']]] = None, + eligible_assignment_rules: Optional[pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyEligibleAssignmentRulesArgs']]] = None, + group_id: Optional[pulumi.Input[str]] = None, + notification_rules: Optional[pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyNotificationRulesArgs']]] = None, + role_id: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Manage a role policy for an Azure AD group. + + ## API Permissions + + The following API permissions are required in order to use this resource. + + When authenticated with a service principal, this resource requires the `RoleManagementPolicy.ReadWrite.AzureADGroup` Microsoft Graph API permissions. + + When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyActivationRulesArgs']] activation_rules: An `activation_rules` block as defined below. + :param pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyActiveAssignmentRulesArgs']] active_assignment_rules: An `active_assignment_rules` block as defined below. + :param pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyEligibleAssignmentRulesArgs']] eligible_assignment_rules: An `eligible_assignment_rules` block as defined below. + :param pulumi.Input[str] group_id: The ID of the Azure AD group for which the policy applies. + :param pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyNotificationRulesArgs']] notification_rules: A `notification_rules` block as defined below. + :param pulumi.Input[str] role_id: The type of assignment this policy coveres. Can be either `member` or `owner`. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: GroupRoleManagementPolicyArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Manage a role policy for an Azure AD group. + + ## API Permissions + + The following API permissions are required in order to use this resource. + + When authenticated with a service principal, this resource requires the `RoleManagementPolicy.ReadWrite.AzureADGroup` Microsoft Graph API permissions. + + When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + + :param str resource_name: The name of the resource. + :param GroupRoleManagementPolicyArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(GroupRoleManagementPolicyArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + activation_rules: Optional[pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyActivationRulesArgs']]] = None, + active_assignment_rules: Optional[pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyActiveAssignmentRulesArgs']]] = None, + eligible_assignment_rules: Optional[pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyEligibleAssignmentRulesArgs']]] = None, + group_id: Optional[pulumi.Input[str]] = None, + notification_rules: Optional[pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyNotificationRulesArgs']]] = None, + role_id: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = GroupRoleManagementPolicyArgs.__new__(GroupRoleManagementPolicyArgs) + + __props__.__dict__["activation_rules"] = activation_rules + __props__.__dict__["active_assignment_rules"] = active_assignment_rules + __props__.__dict__["eligible_assignment_rules"] = eligible_assignment_rules + if group_id is None and not opts.urn: + raise TypeError("Missing required property 'group_id'") + __props__.__dict__["group_id"] = group_id + __props__.__dict__["notification_rules"] = notification_rules + if role_id is None and not opts.urn: + raise TypeError("Missing required property 'role_id'") + __props__.__dict__["role_id"] = role_id + __props__.__dict__["description"] = None + __props__.__dict__["display_name"] = None + super(GroupRoleManagementPolicy, __self__).__init__( + 'azuread:index/groupRoleManagementPolicy:GroupRoleManagementPolicy', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + activation_rules: Optional[pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyActivationRulesArgs']]] = None, + active_assignment_rules: Optional[pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyActiveAssignmentRulesArgs']]] = None, + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + eligible_assignment_rules: Optional[pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyEligibleAssignmentRulesArgs']]] = None, + group_id: Optional[pulumi.Input[str]] = None, + notification_rules: Optional[pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyNotificationRulesArgs']]] = None, + role_id: Optional[pulumi.Input[str]] = None) -> 'GroupRoleManagementPolicy': + """ + Get an existing GroupRoleManagementPolicy resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyActivationRulesArgs']] activation_rules: An `activation_rules` block as defined below. + :param pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyActiveAssignmentRulesArgs']] active_assignment_rules: An `active_assignment_rules` block as defined below. + :param pulumi.Input[str] description: (String) The description of this policy. + :param pulumi.Input[str] display_name: (String) The display name of this policy. + :param pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyEligibleAssignmentRulesArgs']] eligible_assignment_rules: An `eligible_assignment_rules` block as defined below. + :param pulumi.Input[str] group_id: The ID of the Azure AD group for which the policy applies. + :param pulumi.Input[pulumi.InputType['GroupRoleManagementPolicyNotificationRulesArgs']] notification_rules: A `notification_rules` block as defined below. + :param pulumi.Input[str] role_id: The type of assignment this policy coveres. Can be either `member` or `owner`. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _GroupRoleManagementPolicyState.__new__(_GroupRoleManagementPolicyState) + + __props__.__dict__["activation_rules"] = activation_rules + __props__.__dict__["active_assignment_rules"] = active_assignment_rules + __props__.__dict__["description"] = description + __props__.__dict__["display_name"] = display_name + __props__.__dict__["eligible_assignment_rules"] = eligible_assignment_rules + __props__.__dict__["group_id"] = group_id + __props__.__dict__["notification_rules"] = notification_rules + __props__.__dict__["role_id"] = role_id + return GroupRoleManagementPolicy(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="activationRules") + def activation_rules(self) -> pulumi.Output['outputs.GroupRoleManagementPolicyActivationRules']: + """ + An `activation_rules` block as defined below. + """ + return pulumi.get(self, "activation_rules") + + @property + @pulumi.getter(name="activeAssignmentRules") + def active_assignment_rules(self) -> pulumi.Output['outputs.GroupRoleManagementPolicyActiveAssignmentRules']: + """ + An `active_assignment_rules` block as defined below. + """ + return pulumi.get(self, "active_assignment_rules") + + @property + @pulumi.getter + def description(self) -> pulumi.Output[str]: + """ + (String) The description of this policy. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> pulumi.Output[str]: + """ + (String) The display name of this policy. + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter(name="eligibleAssignmentRules") + def eligible_assignment_rules(self) -> pulumi.Output['outputs.GroupRoleManagementPolicyEligibleAssignmentRules']: + """ + An `eligible_assignment_rules` block as defined below. + """ + return pulumi.get(self, "eligible_assignment_rules") + + @property + @pulumi.getter(name="groupId") + def group_id(self) -> pulumi.Output[str]: + """ + The ID of the Azure AD group for which the policy applies. + """ + return pulumi.get(self, "group_id") + + @property + @pulumi.getter(name="notificationRules") + def notification_rules(self) -> pulumi.Output['outputs.GroupRoleManagementPolicyNotificationRules']: + """ + A `notification_rules` block as defined below. + """ + return pulumi.get(self, "notification_rules") + + @property + @pulumi.getter(name="roleId") + def role_id(self) -> pulumi.Output[str]: + """ + The type of assignment this policy coveres. Can be either `member` or `owner`. + """ + return pulumi.get(self, "role_id") + diff --git a/sdk/python/pulumi_azuread/outputs.py b/sdk/python/pulumi_azuread/outputs.py index dac07d710..2b417063c 100644 --- a/sdk/python/pulumi_azuread/outputs.py +++ b/sdk/python/pulumi_azuread/outputs.py @@ -55,6 +55,24 @@ 'ConditionalAccessPolicySessionControls', 'CustomDirectoryRolePermission', 'GroupDynamicMembership', + 'GroupRoleManagementPolicyActivationRules', + 'GroupRoleManagementPolicyActivationRulesApprovalStage', + 'GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover', + 'GroupRoleManagementPolicyActiveAssignmentRules', + 'GroupRoleManagementPolicyEligibleAssignmentRules', + 'GroupRoleManagementPolicyNotificationRules', + 'GroupRoleManagementPolicyNotificationRulesActiveAssignments', + 'GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications', + 'GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications', + 'GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications', + 'GroupRoleManagementPolicyNotificationRulesEligibleActivations', + 'GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications', + 'GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications', + 'GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications', + 'GroupRoleManagementPolicyNotificationRulesEligibleAssignments', + 'GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications', + 'GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications', + 'GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications', 'InvitationMessage', 'NamedLocationCountry', 'NamedLocationIp', @@ -63,6 +81,8 @@ 'ServicePrincipalFeatureTag', 'ServicePrincipalOauth2PermissionScope', 'ServicePrincipalSamlSingleSignOn', + 'SynchronizationJobProvisionOnDemandParameter', + 'SynchronizationJobProvisionOnDemandParameterSubject', 'SynchronizationJobSchedule', 'SynchronizationSecretCredential', 'GetApplicationApiResult', @@ -2972,6 +2992,1176 @@ def rule(self) -> str: return pulumi.get(self, "rule") +@pulumi.output_type +class GroupRoleManagementPolicyActivationRules(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "approvalStage": + suggest = "approval_stage" + elif key == "maximumDuration": + suggest = "maximum_duration" + elif key == "requireApproval": + suggest = "require_approval" + elif key == "requireJustification": + suggest = "require_justification" + elif key == "requireMultifactorAuthentication": + suggest = "require_multifactor_authentication" + elif key == "requireTicketInfo": + suggest = "require_ticket_info" + elif key == "requiredConditionalAccessAuthenticationContext": + suggest = "required_conditional_access_authentication_context" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyActivationRules. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyActivationRules.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyActivationRules.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + approval_stage: Optional['outputs.GroupRoleManagementPolicyActivationRulesApprovalStage'] = None, + maximum_duration: Optional[str] = None, + require_approval: Optional[bool] = None, + require_justification: Optional[bool] = None, + require_multifactor_authentication: Optional[bool] = None, + require_ticket_info: Optional[bool] = None, + required_conditional_access_authentication_context: Optional[str] = None): + """ + :param 'GroupRoleManagementPolicyActivationRulesApprovalStageArgs' approval_stage: An `approval_stage` block as defined below. + :param str maximum_duration: The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + :param bool require_approval: Is approval required for activation. If `true` an `approval_stage` block must be provided. + :param bool require_justification: Is a justification required during activation of the role. + :param bool require_multifactor_authentication: Is multi-factor authentication required to activate the role. Conflicts with `required_conditional_access_authentication_context`. + :param bool require_ticket_info: Is ticket information requrired during activation of the role. + :param str required_conditional_access_authentication_context: The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + """ + if approval_stage is not None: + pulumi.set(__self__, "approval_stage", approval_stage) + if maximum_duration is not None: + pulumi.set(__self__, "maximum_duration", maximum_duration) + if require_approval is not None: + pulumi.set(__self__, "require_approval", require_approval) + if require_justification is not None: + pulumi.set(__self__, "require_justification", require_justification) + if require_multifactor_authentication is not None: + pulumi.set(__self__, "require_multifactor_authentication", require_multifactor_authentication) + if require_ticket_info is not None: + pulumi.set(__self__, "require_ticket_info", require_ticket_info) + if required_conditional_access_authentication_context is not None: + pulumi.set(__self__, "required_conditional_access_authentication_context", required_conditional_access_authentication_context) + + @property + @pulumi.getter(name="approvalStage") + def approval_stage(self) -> Optional['outputs.GroupRoleManagementPolicyActivationRulesApprovalStage']: + """ + An `approval_stage` block as defined below. + """ + return pulumi.get(self, "approval_stage") + + @property + @pulumi.getter(name="maximumDuration") + def maximum_duration(self) -> Optional[str]: + """ + The maximum length of time an activated role can be valid, in an IS)8601 Duration format (e.g. `PT8H`). Valid range is `PT30M` to `PT23H30M`, in 30 minute increments, or `PT1D`. + """ + return pulumi.get(self, "maximum_duration") + + @property + @pulumi.getter(name="requireApproval") + def require_approval(self) -> Optional[bool]: + """ + Is approval required for activation. If `true` an `approval_stage` block must be provided. + """ + return pulumi.get(self, "require_approval") + + @property + @pulumi.getter(name="requireJustification") + def require_justification(self) -> Optional[bool]: + """ + Is a justification required during activation of the role. + """ + return pulumi.get(self, "require_justification") + + @property + @pulumi.getter(name="requireMultifactorAuthentication") + def require_multifactor_authentication(self) -> Optional[bool]: + """ + Is multi-factor authentication required to activate the role. Conflicts with `required_conditional_access_authentication_context`. + """ + return pulumi.get(self, "require_multifactor_authentication") + + @property + @pulumi.getter(name="requireTicketInfo") + def require_ticket_info(self) -> Optional[bool]: + """ + Is ticket information requrired during activation of the role. + """ + return pulumi.get(self, "require_ticket_info") + + @property + @pulumi.getter(name="requiredConditionalAccessAuthenticationContext") + def required_conditional_access_authentication_context(self) -> Optional[str]: + """ + The Entra ID Conditional Access context that must be present for activation. Conflicts with `require_multifactor_authentication`. + """ + return pulumi.get(self, "required_conditional_access_authentication_context") + + +@pulumi.output_type +class GroupRoleManagementPolicyActivationRulesApprovalStage(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "primaryApprovers": + suggest = "primary_approvers" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyActivationRulesApprovalStage. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyActivationRulesApprovalStage.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyActivationRulesApprovalStage.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + primary_approvers: Sequence['outputs.GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover']): + """ + :param Sequence['GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs'] primary_approvers: The IDs of the users or groups who can approve the activation + """ + pulumi.set(__self__, "primary_approvers", primary_approvers) + + @property + @pulumi.getter(name="primaryApprovers") + def primary_approvers(self) -> Sequence['outputs.GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover']: + """ + The IDs of the users or groups who can approve the activation + """ + return pulumi.get(self, "primary_approvers") + + +@pulumi.output_type +class GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "objectId": + suggest = "object_id" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + object_id: str, + type: Optional[str] = None): + """ + :param str object_id: The ID of the object which will act as an approver. + :param str type: The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + """ + pulumi.set(__self__, "object_id", object_id) + if type is not None: + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter(name="objectId") + def object_id(self) -> str: + """ + The ID of the object which will act as an approver. + """ + return pulumi.get(self, "object_id") + + @property + @pulumi.getter + def type(self) -> Optional[str]: + """ + The type of object acting as an approver. Possible options are `singleUser` and `groupMembers`. + """ + return pulumi.get(self, "type") + + +@pulumi.output_type +class GroupRoleManagementPolicyActiveAssignmentRules(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "expirationRequired": + suggest = "expiration_required" + elif key == "expireAfter": + suggest = "expire_after" + elif key == "requireJustification": + suggest = "require_justification" + elif key == "requireMultifactorAuthentication": + suggest = "require_multifactor_authentication" + elif key == "requireTicketInfo": + suggest = "require_ticket_info" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyActiveAssignmentRules. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyActiveAssignmentRules.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyActiveAssignmentRules.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + expiration_required: Optional[bool] = None, + expire_after: Optional[str] = None, + require_justification: Optional[bool] = None, + require_multifactor_authentication: Optional[bool] = None, + require_ticket_info: Optional[bool] = None): + """ + :param bool expiration_required: Must an assignment have an expiry date. `false` allows permanent assignment. + :param str expire_after: The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + :param bool require_justification: Is a justification required to create new assignments. + :param bool require_multifactor_authentication: Is multi-factor authentication required to create new assignments. + :param bool require_ticket_info: Is ticket information required to create new assignments. + + One of `expiration_required` or `expire_after` must be provided. + """ + if expiration_required is not None: + pulumi.set(__self__, "expiration_required", expiration_required) + if expire_after is not None: + pulumi.set(__self__, "expire_after", expire_after) + if require_justification is not None: + pulumi.set(__self__, "require_justification", require_justification) + if require_multifactor_authentication is not None: + pulumi.set(__self__, "require_multifactor_authentication", require_multifactor_authentication) + if require_ticket_info is not None: + pulumi.set(__self__, "require_ticket_info", require_ticket_info) + + @property + @pulumi.getter(name="expirationRequired") + def expiration_required(self) -> Optional[bool]: + """ + Must an assignment have an expiry date. `false` allows permanent assignment. + """ + return pulumi.get(self, "expiration_required") + + @property + @pulumi.getter(name="expireAfter") + def expire_after(self) -> Optional[str]: + """ + The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + """ + return pulumi.get(self, "expire_after") + + @property + @pulumi.getter(name="requireJustification") + def require_justification(self) -> Optional[bool]: + """ + Is a justification required to create new assignments. + """ + return pulumi.get(self, "require_justification") + + @property + @pulumi.getter(name="requireMultifactorAuthentication") + def require_multifactor_authentication(self) -> Optional[bool]: + """ + Is multi-factor authentication required to create new assignments. + """ + return pulumi.get(self, "require_multifactor_authentication") + + @property + @pulumi.getter(name="requireTicketInfo") + def require_ticket_info(self) -> Optional[bool]: + """ + Is ticket information required to create new assignments. + + One of `expiration_required` or `expire_after` must be provided. + """ + return pulumi.get(self, "require_ticket_info") + + +@pulumi.output_type +class GroupRoleManagementPolicyEligibleAssignmentRules(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "expirationRequired": + suggest = "expiration_required" + elif key == "expireAfter": + suggest = "expire_after" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyEligibleAssignmentRules. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyEligibleAssignmentRules.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyEligibleAssignmentRules.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + expiration_required: Optional[bool] = None, + expire_after: Optional[str] = None): + """ + :param bool expiration_required: Must an assignment have an expiry date. `false` allows permanent assignment. + :param str expire_after: The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + + One of `expiration_required` or `expire_after` must be provided. + """ + if expiration_required is not None: + pulumi.set(__self__, "expiration_required", expiration_required) + if expire_after is not None: + pulumi.set(__self__, "expire_after", expire_after) + + @property + @pulumi.getter(name="expirationRequired") + def expiration_required(self) -> Optional[bool]: + """ + Must an assignment have an expiry date. `false` allows permanent assignment. + """ + return pulumi.get(self, "expiration_required") + + @property + @pulumi.getter(name="expireAfter") + def expire_after(self) -> Optional[str]: + """ + The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: `P15D`, `P30D`, `P90D`, `P180D`, or `P365D`. + + One of `expiration_required` or `expire_after` must be provided. + """ + return pulumi.get(self, "expire_after") + + +@pulumi.output_type +class GroupRoleManagementPolicyNotificationRules(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "activeAssignments": + suggest = "active_assignments" + elif key == "eligibleActivations": + suggest = "eligible_activations" + elif key == "eligibleAssignments": + suggest = "eligible_assignments" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyNotificationRules. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyNotificationRules.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyNotificationRules.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + active_assignments: Optional['outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignments'] = None, + eligible_activations: Optional['outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivations'] = None, + eligible_assignments: Optional['outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignments'] = None): + """ + :param 'GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs' active_assignments: A `notification_target` block as defined below to configure notfications on active role assignments. + :param 'GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs' eligible_activations: A `notification_target` block as defined below for configuring notifications on activation of eligible role. + :param 'GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs' eligible_assignments: A `notification_target` block as defined below to configure notification on eligible role assignments. + + At least one `notification_target` block must be provided. + """ + if active_assignments is not None: + pulumi.set(__self__, "active_assignments", active_assignments) + if eligible_activations is not None: + pulumi.set(__self__, "eligible_activations", eligible_activations) + if eligible_assignments is not None: + pulumi.set(__self__, "eligible_assignments", eligible_assignments) + + @property + @pulumi.getter(name="activeAssignments") + def active_assignments(self) -> Optional['outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignments']: + """ + A `notification_target` block as defined below to configure notfications on active role assignments. + """ + return pulumi.get(self, "active_assignments") + + @property + @pulumi.getter(name="eligibleActivations") + def eligible_activations(self) -> Optional['outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivations']: + """ + A `notification_target` block as defined below for configuring notifications on activation of eligible role. + """ + return pulumi.get(self, "eligible_activations") + + @property + @pulumi.getter(name="eligibleAssignments") + def eligible_assignments(self) -> Optional['outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignments']: + """ + A `notification_target` block as defined below to configure notification on eligible role assignments. + + At least one `notification_target` block must be provided. + """ + return pulumi.get(self, "eligible_assignments") + + +@pulumi.output_type +class GroupRoleManagementPolicyNotificationRulesActiveAssignments(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "adminNotifications": + suggest = "admin_notifications" + elif key == "approverNotifications": + suggest = "approver_notifications" + elif key == "assigneeNotifications": + suggest = "assignee_notifications" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyNotificationRulesActiveAssignments. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyNotificationRulesActiveAssignments.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyNotificationRulesActiveAssignments.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + admin_notifications: Optional['outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications'] = None, + approver_notifications: Optional['outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications'] = None, + assignee_notifications: Optional['outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications'] = None): + """ + :param 'GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs' admin_notifications: Admin notification settings + :param 'GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs' approver_notifications: Approver notification settings + :param 'GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs' assignee_notifications: Assignee notification settings + """ + if admin_notifications is not None: + pulumi.set(__self__, "admin_notifications", admin_notifications) + if approver_notifications is not None: + pulumi.set(__self__, "approver_notifications", approver_notifications) + if assignee_notifications is not None: + pulumi.set(__self__, "assignee_notifications", assignee_notifications) + + @property + @pulumi.getter(name="adminNotifications") + def admin_notifications(self) -> Optional['outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications']: + """ + Admin notification settings + """ + return pulumi.get(self, "admin_notifications") + + @property + @pulumi.getter(name="approverNotifications") + def approver_notifications(self) -> Optional['outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications']: + """ + Approver notification settings + """ + return pulumi.get(self, "approver_notifications") + + @property + @pulumi.getter(name="assigneeNotifications") + def assignee_notifications(self) -> Optional['outputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications']: + """ + Assignee notification settings + """ + return pulumi.get(self, "assignee_notifications") + + +@pulumi.output_type +class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "defaultRecipients": + suggest = "default_recipients" + elif key == "notificationLevel": + suggest = "notification_level" + elif key == "additionalRecipients": + suggest = "additional_recipients" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + default_recipients: bool, + notification_level: str, + additional_recipients: Optional[Sequence[str]] = None): + """ + :param bool default_recipients: Whether the default recipients are notified + :param str notification_level: What level of notifications are sent + :param Sequence[str] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> bool: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> str: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[Sequence[str]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + +@pulumi.output_type +class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "defaultRecipients": + suggest = "default_recipients" + elif key == "notificationLevel": + suggest = "notification_level" + elif key == "additionalRecipients": + suggest = "additional_recipients" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + default_recipients: bool, + notification_level: str, + additional_recipients: Optional[Sequence[str]] = None): + """ + :param bool default_recipients: Whether the default recipients are notified + :param str notification_level: What level of notifications are sent + :param Sequence[str] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> bool: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> str: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[Sequence[str]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + +@pulumi.output_type +class GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "defaultRecipients": + suggest = "default_recipients" + elif key == "notificationLevel": + suggest = "notification_level" + elif key == "additionalRecipients": + suggest = "additional_recipients" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + default_recipients: bool, + notification_level: str, + additional_recipients: Optional[Sequence[str]] = None): + """ + :param bool default_recipients: Whether the default recipients are notified + :param str notification_level: What level of notifications are sent + :param Sequence[str] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> bool: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> str: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[Sequence[str]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + +@pulumi.output_type +class GroupRoleManagementPolicyNotificationRulesEligibleActivations(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "adminNotifications": + suggest = "admin_notifications" + elif key == "approverNotifications": + suggest = "approver_notifications" + elif key == "assigneeNotifications": + suggest = "assignee_notifications" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyNotificationRulesEligibleActivations. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyNotificationRulesEligibleActivations.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyNotificationRulesEligibleActivations.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + admin_notifications: Optional['outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications'] = None, + approver_notifications: Optional['outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications'] = None, + assignee_notifications: Optional['outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications'] = None): + """ + :param 'GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs' admin_notifications: Admin notification settings + :param 'GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs' approver_notifications: Approver notification settings + :param 'GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs' assignee_notifications: Assignee notification settings + """ + if admin_notifications is not None: + pulumi.set(__self__, "admin_notifications", admin_notifications) + if approver_notifications is not None: + pulumi.set(__self__, "approver_notifications", approver_notifications) + if assignee_notifications is not None: + pulumi.set(__self__, "assignee_notifications", assignee_notifications) + + @property + @pulumi.getter(name="adminNotifications") + def admin_notifications(self) -> Optional['outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications']: + """ + Admin notification settings + """ + return pulumi.get(self, "admin_notifications") + + @property + @pulumi.getter(name="approverNotifications") + def approver_notifications(self) -> Optional['outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications']: + """ + Approver notification settings + """ + return pulumi.get(self, "approver_notifications") + + @property + @pulumi.getter(name="assigneeNotifications") + def assignee_notifications(self) -> Optional['outputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications']: + """ + Assignee notification settings + """ + return pulumi.get(self, "assignee_notifications") + + +@pulumi.output_type +class GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "defaultRecipients": + suggest = "default_recipients" + elif key == "notificationLevel": + suggest = "notification_level" + elif key == "additionalRecipients": + suggest = "additional_recipients" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + default_recipients: bool, + notification_level: str, + additional_recipients: Optional[Sequence[str]] = None): + """ + :param bool default_recipients: Whether the default recipients are notified + :param str notification_level: What level of notifications are sent + :param Sequence[str] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> bool: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> str: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[Sequence[str]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + +@pulumi.output_type +class GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "defaultRecipients": + suggest = "default_recipients" + elif key == "notificationLevel": + suggest = "notification_level" + elif key == "additionalRecipients": + suggest = "additional_recipients" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + default_recipients: bool, + notification_level: str, + additional_recipients: Optional[Sequence[str]] = None): + """ + :param bool default_recipients: Whether the default recipients are notified + :param str notification_level: What level of notifications are sent + :param Sequence[str] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> bool: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> str: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[Sequence[str]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + +@pulumi.output_type +class GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "defaultRecipients": + suggest = "default_recipients" + elif key == "notificationLevel": + suggest = "notification_level" + elif key == "additionalRecipients": + suggest = "additional_recipients" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + default_recipients: bool, + notification_level: str, + additional_recipients: Optional[Sequence[str]] = None): + """ + :param bool default_recipients: Whether the default recipients are notified + :param str notification_level: What level of notifications are sent + :param Sequence[str] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> bool: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> str: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[Sequence[str]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + +@pulumi.output_type +class GroupRoleManagementPolicyNotificationRulesEligibleAssignments(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "adminNotifications": + suggest = "admin_notifications" + elif key == "approverNotifications": + suggest = "approver_notifications" + elif key == "assigneeNotifications": + suggest = "assignee_notifications" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyNotificationRulesEligibleAssignments. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyNotificationRulesEligibleAssignments.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyNotificationRulesEligibleAssignments.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + admin_notifications: Optional['outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications'] = None, + approver_notifications: Optional['outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications'] = None, + assignee_notifications: Optional['outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications'] = None): + """ + :param 'GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs' admin_notifications: Admin notification settings + :param 'GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs' approver_notifications: Approver notification settings + :param 'GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs' assignee_notifications: Assignee notification settings + """ + if admin_notifications is not None: + pulumi.set(__self__, "admin_notifications", admin_notifications) + if approver_notifications is not None: + pulumi.set(__self__, "approver_notifications", approver_notifications) + if assignee_notifications is not None: + pulumi.set(__self__, "assignee_notifications", assignee_notifications) + + @property + @pulumi.getter(name="adminNotifications") + def admin_notifications(self) -> Optional['outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications']: + """ + Admin notification settings + """ + return pulumi.get(self, "admin_notifications") + + @property + @pulumi.getter(name="approverNotifications") + def approver_notifications(self) -> Optional['outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications']: + """ + Approver notification settings + """ + return pulumi.get(self, "approver_notifications") + + @property + @pulumi.getter(name="assigneeNotifications") + def assignee_notifications(self) -> Optional['outputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications']: + """ + Assignee notification settings + """ + return pulumi.get(self, "assignee_notifications") + + +@pulumi.output_type +class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "defaultRecipients": + suggest = "default_recipients" + elif key == "notificationLevel": + suggest = "notification_level" + elif key == "additionalRecipients": + suggest = "additional_recipients" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + default_recipients: bool, + notification_level: str, + additional_recipients: Optional[Sequence[str]] = None): + """ + :param bool default_recipients: Whether the default recipients are notified + :param str notification_level: What level of notifications are sent + :param Sequence[str] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> bool: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> str: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[Sequence[str]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + +@pulumi.output_type +class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "defaultRecipients": + suggest = "default_recipients" + elif key == "notificationLevel": + suggest = "notification_level" + elif key == "additionalRecipients": + suggest = "additional_recipients" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + default_recipients: bool, + notification_level: str, + additional_recipients: Optional[Sequence[str]] = None): + """ + :param bool default_recipients: Whether the default recipients are notified + :param str notification_level: What level of notifications are sent + :param Sequence[str] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> bool: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> str: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[Sequence[str]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + +@pulumi.output_type +class GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "defaultRecipients": + suggest = "default_recipients" + elif key == "notificationLevel": + suggest = "notification_level" + elif key == "additionalRecipients": + suggest = "additional_recipients" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + default_recipients: bool, + notification_level: str, + additional_recipients: Optional[Sequence[str]] = None): + """ + :param bool default_recipients: Whether the default recipients are notified + :param str notification_level: What level of notifications are sent + :param Sequence[str] additional_recipients: The additional recipients to notify + """ + pulumi.set(__self__, "default_recipients", default_recipients) + pulumi.set(__self__, "notification_level", notification_level) + if additional_recipients is not None: + pulumi.set(__self__, "additional_recipients", additional_recipients) + + @property + @pulumi.getter(name="defaultRecipients") + def default_recipients(self) -> bool: + """ + Whether the default recipients are notified + """ + return pulumi.get(self, "default_recipients") + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> str: + """ + What level of notifications are sent + """ + return pulumi.get(self, "notification_level") + + @property + @pulumi.getter(name="additionalRecipients") + def additional_recipients(self) -> Optional[Sequence[str]]: + """ + The additional recipients to notify + """ + return pulumi.get(self, "additional_recipients") + + @pulumi.output_type class InvitationMessage(dict): @staticmethod @@ -3538,6 +4728,100 @@ def relay_state(self) -> Optional[str]: return pulumi.get(self, "relay_state") +@pulumi.output_type +class SynchronizationJobProvisionOnDemandParameter(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "ruleId": + suggest = "rule_id" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in SynchronizationJobProvisionOnDemandParameter. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + SynchronizationJobProvisionOnDemandParameter.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + SynchronizationJobProvisionOnDemandParameter.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + rule_id: str, + subjects: Sequence['outputs.SynchronizationJobProvisionOnDemandParameterSubject']): + """ + :param str rule_id: The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + :param Sequence['SynchronizationJobProvisionOnDemandParameterSubjectArgs'] subjects: One or more `subject` blocks as documented below. + """ + pulumi.set(__self__, "rule_id", rule_id) + pulumi.set(__self__, "subjects", subjects) + + @property + @pulumi.getter(name="ruleId") + def rule_id(self) -> str: + """ + The identifier of the synchronization rule to be applied. This rule ID is defined in the schema for a given synchronization job or template. + """ + return pulumi.get(self, "rule_id") + + @property + @pulumi.getter + def subjects(self) -> Sequence['outputs.SynchronizationJobProvisionOnDemandParameterSubject']: + """ + One or more `subject` blocks as documented below. + """ + return pulumi.get(self, "subjects") + + +@pulumi.output_type +class SynchronizationJobProvisionOnDemandParameterSubject(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "objectId": + suggest = "object_id" + elif key == "objectTypeName": + suggest = "object_type_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in SynchronizationJobProvisionOnDemandParameterSubject. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + SynchronizationJobProvisionOnDemandParameterSubject.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + SynchronizationJobProvisionOnDemandParameterSubject.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + object_id: str, + object_type_name: str): + """ + :param str object_id: The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + :param str object_type_name: The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + """ + pulumi.set(__self__, "object_id", object_id) + pulumi.set(__self__, "object_type_name", object_type_name) + + @property + @pulumi.getter(name="objectId") + def object_id(self) -> str: + """ + The identifier of an object to which a synchronization job is to be applied. Can be one of the following: (1) An onPremisesDistinguishedName for synchronization from Active Directory to Azure AD. (2) The user ID for synchronization from Azure AD to a third-party. (3) The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD. + """ + return pulumi.get(self, "object_id") + + @property + @pulumi.getter(name="objectTypeName") + def object_type_name(self) -> str: + """ + The type of the object to which a synchronization job is to be applied. Can be one of the following: `user` for synchronizing between Active Directory and Azure AD, `User` for synchronizing a user between Azure AD and a third-party application, `Worker` for synchronization a user between Workday and either Active Directory or Azure AD, `Group` for synchronizing a group between Azure AD and a third-party application. + """ + return pulumi.get(self, "object_type_name") + + @pulumi.output_type class SynchronizationJobSchedule(dict): def __init__(__self__, *, diff --git a/sdk/python/pulumi_azuread/privileged_access_group_assignment_schedule.py b/sdk/python/pulumi_azuread/privileged_access_group_assignment_schedule.py new file mode 100644 index 000000000..626ed0236 --- /dev/null +++ b/sdk/python/pulumi_azuread/privileged_access_group_assignment_schedule.py @@ -0,0 +1,689 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from . import _utilities + +__all__ = ['PrivilegedAccessGroupAssignmentScheduleArgs', 'PrivilegedAccessGroupAssignmentSchedule'] + +@pulumi.input_type +class PrivilegedAccessGroupAssignmentScheduleArgs: + def __init__(__self__, *, + assignment_type: pulumi.Input[str], + group_id: pulumi.Input[str], + principal_id: pulumi.Input[str], + duration: Optional[pulumi.Input[str]] = None, + expiration_date: Optional[pulumi.Input[str]] = None, + justification: Optional[pulumi.Input[str]] = None, + permanent_assignment: Optional[pulumi.Input[bool]] = None, + start_date: Optional[pulumi.Input[str]] = None, + ticket_number: Optional[pulumi.Input[str]] = None, + ticket_system: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a PrivilegedAccessGroupAssignmentSchedule resource. + :param pulumi.Input[str] assignment_type: The type of assignment to the group. Can be either `member` or `owner`. + :param pulumi.Input[str] group_id: The Object ID of the Azure AD group to which the principal will be assigned. + :param pulumi.Input[str] principal_id: The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + :param pulumi.Input[str] duration: The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + :param pulumi.Input[str] expiration_date: The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + :param pulumi.Input[str] justification: The justification for this assignment. May be required by the role policy. + :param pulumi.Input[bool] permanent_assignment: Is this assigment permanently valid. + + At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + :param pulumi.Input[str] start_date: The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + :param pulumi.Input[str] ticket_number: The ticket number in the ticket system approving this assignment. May be required by the role policy. + :param pulumi.Input[str] ticket_system: The ticket system containing the ticket number approving this assignment. May be required by the role policy. + """ + pulumi.set(__self__, "assignment_type", assignment_type) + pulumi.set(__self__, "group_id", group_id) + pulumi.set(__self__, "principal_id", principal_id) + if duration is not None: + pulumi.set(__self__, "duration", duration) + if expiration_date is not None: + pulumi.set(__self__, "expiration_date", expiration_date) + if justification is not None: + pulumi.set(__self__, "justification", justification) + if permanent_assignment is not None: + pulumi.set(__self__, "permanent_assignment", permanent_assignment) + if start_date is not None: + pulumi.set(__self__, "start_date", start_date) + if ticket_number is not None: + pulumi.set(__self__, "ticket_number", ticket_number) + if ticket_system is not None: + pulumi.set(__self__, "ticket_system", ticket_system) + + @property + @pulumi.getter(name="assignmentType") + def assignment_type(self) -> pulumi.Input[str]: + """ + The type of assignment to the group. Can be either `member` or `owner`. + """ + return pulumi.get(self, "assignment_type") + + @assignment_type.setter + def assignment_type(self, value: pulumi.Input[str]): + pulumi.set(self, "assignment_type", value) + + @property + @pulumi.getter(name="groupId") + def group_id(self) -> pulumi.Input[str]: + """ + The Object ID of the Azure AD group to which the principal will be assigned. + """ + return pulumi.get(self, "group_id") + + @group_id.setter + def group_id(self, value: pulumi.Input[str]): + pulumi.set(self, "group_id", value) + + @property + @pulumi.getter(name="principalId") + def principal_id(self) -> pulumi.Input[str]: + """ + The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + """ + return pulumi.get(self, "principal_id") + + @principal_id.setter + def principal_id(self, value: pulumi.Input[str]): + pulumi.set(self, "principal_id", value) + + @property + @pulumi.getter + def duration(self) -> Optional[pulumi.Input[str]]: + """ + The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + """ + return pulumi.get(self, "duration") + + @duration.setter + def duration(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "duration", value) + + @property + @pulumi.getter(name="expirationDate") + def expiration_date(self) -> Optional[pulumi.Input[str]]: + """ + The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + """ + return pulumi.get(self, "expiration_date") + + @expiration_date.setter + def expiration_date(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "expiration_date", value) + + @property + @pulumi.getter + def justification(self) -> Optional[pulumi.Input[str]]: + """ + The justification for this assignment. May be required by the role policy. + """ + return pulumi.get(self, "justification") + + @justification.setter + def justification(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "justification", value) + + @property + @pulumi.getter(name="permanentAssignment") + def permanent_assignment(self) -> Optional[pulumi.Input[bool]]: + """ + Is this assigment permanently valid. + + At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + """ + return pulumi.get(self, "permanent_assignment") + + @permanent_assignment.setter + def permanent_assignment(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "permanent_assignment", value) + + @property + @pulumi.getter(name="startDate") + def start_date(self) -> Optional[pulumi.Input[str]]: + """ + The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + """ + return pulumi.get(self, "start_date") + + @start_date.setter + def start_date(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "start_date", value) + + @property + @pulumi.getter(name="ticketNumber") + def ticket_number(self) -> Optional[pulumi.Input[str]]: + """ + The ticket number in the ticket system approving this assignment. May be required by the role policy. + """ + return pulumi.get(self, "ticket_number") + + @ticket_number.setter + def ticket_number(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ticket_number", value) + + @property + @pulumi.getter(name="ticketSystem") + def ticket_system(self) -> Optional[pulumi.Input[str]]: + """ + The ticket system containing the ticket number approving this assignment. May be required by the role policy. + """ + return pulumi.get(self, "ticket_system") + + @ticket_system.setter + def ticket_system(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ticket_system", value) + + +@pulumi.input_type +class _PrivilegedAccessGroupAssignmentScheduleState: + def __init__(__self__, *, + assignment_type: Optional[pulumi.Input[str]] = None, + duration: Optional[pulumi.Input[str]] = None, + expiration_date: Optional[pulumi.Input[str]] = None, + group_id: Optional[pulumi.Input[str]] = None, + justification: Optional[pulumi.Input[str]] = None, + permanent_assignment: Optional[pulumi.Input[bool]] = None, + principal_id: Optional[pulumi.Input[str]] = None, + start_date: Optional[pulumi.Input[str]] = None, + status: Optional[pulumi.Input[str]] = None, + ticket_number: Optional[pulumi.Input[str]] = None, + ticket_system: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering PrivilegedAccessGroupAssignmentSchedule resources. + :param pulumi.Input[str] assignment_type: The type of assignment to the group. Can be either `member` or `owner`. + :param pulumi.Input[str] duration: The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + :param pulumi.Input[str] expiration_date: The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + :param pulumi.Input[str] group_id: The Object ID of the Azure AD group to which the principal will be assigned. + :param pulumi.Input[str] justification: The justification for this assignment. May be required by the role policy. + :param pulumi.Input[bool] permanent_assignment: Is this assigment permanently valid. + + At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + :param pulumi.Input[str] principal_id: The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + :param pulumi.Input[str] start_date: The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + :param pulumi.Input[str] status: (String) The provisioning status of this request. + :param pulumi.Input[str] ticket_number: The ticket number in the ticket system approving this assignment. May be required by the role policy. + :param pulumi.Input[str] ticket_system: The ticket system containing the ticket number approving this assignment. May be required by the role policy. + """ + if assignment_type is not None: + pulumi.set(__self__, "assignment_type", assignment_type) + if duration is not None: + pulumi.set(__self__, "duration", duration) + if expiration_date is not None: + pulumi.set(__self__, "expiration_date", expiration_date) + if group_id is not None: + pulumi.set(__self__, "group_id", group_id) + if justification is not None: + pulumi.set(__self__, "justification", justification) + if permanent_assignment is not None: + pulumi.set(__self__, "permanent_assignment", permanent_assignment) + if principal_id is not None: + pulumi.set(__self__, "principal_id", principal_id) + if start_date is not None: + pulumi.set(__self__, "start_date", start_date) + if status is not None: + pulumi.set(__self__, "status", status) + if ticket_number is not None: + pulumi.set(__self__, "ticket_number", ticket_number) + if ticket_system is not None: + pulumi.set(__self__, "ticket_system", ticket_system) + + @property + @pulumi.getter(name="assignmentType") + def assignment_type(self) -> Optional[pulumi.Input[str]]: + """ + The type of assignment to the group. Can be either `member` or `owner`. + """ + return pulumi.get(self, "assignment_type") + + @assignment_type.setter + def assignment_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "assignment_type", value) + + @property + @pulumi.getter + def duration(self) -> Optional[pulumi.Input[str]]: + """ + The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + """ + return pulumi.get(self, "duration") + + @duration.setter + def duration(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "duration", value) + + @property + @pulumi.getter(name="expirationDate") + def expiration_date(self) -> Optional[pulumi.Input[str]]: + """ + The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + """ + return pulumi.get(self, "expiration_date") + + @expiration_date.setter + def expiration_date(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "expiration_date", value) + + @property + @pulumi.getter(name="groupId") + def group_id(self) -> Optional[pulumi.Input[str]]: + """ + The Object ID of the Azure AD group to which the principal will be assigned. + """ + return pulumi.get(self, "group_id") + + @group_id.setter + def group_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "group_id", value) + + @property + @pulumi.getter + def justification(self) -> Optional[pulumi.Input[str]]: + """ + The justification for this assignment. May be required by the role policy. + """ + return pulumi.get(self, "justification") + + @justification.setter + def justification(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "justification", value) + + @property + @pulumi.getter(name="permanentAssignment") + def permanent_assignment(self) -> Optional[pulumi.Input[bool]]: + """ + Is this assigment permanently valid. + + At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + """ + return pulumi.get(self, "permanent_assignment") + + @permanent_assignment.setter + def permanent_assignment(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "permanent_assignment", value) + + @property + @pulumi.getter(name="principalId") + def principal_id(self) -> Optional[pulumi.Input[str]]: + """ + The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + """ + return pulumi.get(self, "principal_id") + + @principal_id.setter + def principal_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "principal_id", value) + + @property + @pulumi.getter(name="startDate") + def start_date(self) -> Optional[pulumi.Input[str]]: + """ + The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + """ + return pulumi.get(self, "start_date") + + @start_date.setter + def start_date(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "start_date", value) + + @property + @pulumi.getter + def status(self) -> Optional[pulumi.Input[str]]: + """ + (String) The provisioning status of this request. + """ + return pulumi.get(self, "status") + + @status.setter + def status(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "status", value) + + @property + @pulumi.getter(name="ticketNumber") + def ticket_number(self) -> Optional[pulumi.Input[str]]: + """ + The ticket number in the ticket system approving this assignment. May be required by the role policy. + """ + return pulumi.get(self, "ticket_number") + + @ticket_number.setter + def ticket_number(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ticket_number", value) + + @property + @pulumi.getter(name="ticketSystem") + def ticket_system(self) -> Optional[pulumi.Input[str]]: + """ + The ticket system containing the ticket number approving this assignment. May be required by the role policy. + """ + return pulumi.get(self, "ticket_system") + + @ticket_system.setter + def ticket_system(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ticket_system", value) + + +class PrivilegedAccessGroupAssignmentSchedule(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + assignment_type: Optional[pulumi.Input[str]] = None, + duration: Optional[pulumi.Input[str]] = None, + expiration_date: Optional[pulumi.Input[str]] = None, + group_id: Optional[pulumi.Input[str]] = None, + justification: Optional[pulumi.Input[str]] = None, + permanent_assignment: Optional[pulumi.Input[bool]] = None, + principal_id: Optional[pulumi.Input[str]] = None, + start_date: Optional[pulumi.Input[str]] = None, + ticket_number: Optional[pulumi.Input[str]] = None, + ticket_system: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Manages an active assignment to a privileged access group. + + ## API Permissions + + The following API permissions are required in order to use this resource. + + When authenticated with a service principal, this resource requires the `PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup` Microsoft Graph API permissions. + + When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + + ## Example Usage + + ```python + import pulumi + import pulumi_azuread as azuread + + example = azuread.Group("example", + display_name="group-name", + security_enabled=True) + member = azuread.User("member", + user_principal_name="jdoe@example.com", + display_name="J. Doe", + mail_nickname="jdoe", + password="SecretP@sswd99!") + example_privileged_access_group_assignment_schedule = azuread.PrivilegedAccessGroupAssignmentSchedule("example", + group_id=pim["id"], + principal_id=member.id, + assignment_type="member", + duration="P30D", + justification="as requested") + ``` + + ## Import + + An assignment schedule can be imported using the schedule ID, e.g. + + ```sh + $ pulumi import azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000 + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] assignment_type: The type of assignment to the group. Can be either `member` or `owner`. + :param pulumi.Input[str] duration: The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + :param pulumi.Input[str] expiration_date: The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + :param pulumi.Input[str] group_id: The Object ID of the Azure AD group to which the principal will be assigned. + :param pulumi.Input[str] justification: The justification for this assignment. May be required by the role policy. + :param pulumi.Input[bool] permanent_assignment: Is this assigment permanently valid. + + At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + :param pulumi.Input[str] principal_id: The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + :param pulumi.Input[str] start_date: The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + :param pulumi.Input[str] ticket_number: The ticket number in the ticket system approving this assignment. May be required by the role policy. + :param pulumi.Input[str] ticket_system: The ticket system containing the ticket number approving this assignment. May be required by the role policy. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: PrivilegedAccessGroupAssignmentScheduleArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Manages an active assignment to a privileged access group. + + ## API Permissions + + The following API permissions are required in order to use this resource. + + When authenticated with a service principal, this resource requires the `PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup` Microsoft Graph API permissions. + + When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + + ## Example Usage + + ```python + import pulumi + import pulumi_azuread as azuread + + example = azuread.Group("example", + display_name="group-name", + security_enabled=True) + member = azuread.User("member", + user_principal_name="jdoe@example.com", + display_name="J. Doe", + mail_nickname="jdoe", + password="SecretP@sswd99!") + example_privileged_access_group_assignment_schedule = azuread.PrivilegedAccessGroupAssignmentSchedule("example", + group_id=pim["id"], + principal_id=member.id, + assignment_type="member", + duration="P30D", + justification="as requested") + ``` + + ## Import + + An assignment schedule can be imported using the schedule ID, e.g. + + ```sh + $ pulumi import azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000 + ``` + + :param str resource_name: The name of the resource. + :param PrivilegedAccessGroupAssignmentScheduleArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(PrivilegedAccessGroupAssignmentScheduleArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + assignment_type: Optional[pulumi.Input[str]] = None, + duration: Optional[pulumi.Input[str]] = None, + expiration_date: Optional[pulumi.Input[str]] = None, + group_id: Optional[pulumi.Input[str]] = None, + justification: Optional[pulumi.Input[str]] = None, + permanent_assignment: Optional[pulumi.Input[bool]] = None, + principal_id: Optional[pulumi.Input[str]] = None, + start_date: Optional[pulumi.Input[str]] = None, + ticket_number: Optional[pulumi.Input[str]] = None, + ticket_system: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = PrivilegedAccessGroupAssignmentScheduleArgs.__new__(PrivilegedAccessGroupAssignmentScheduleArgs) + + if assignment_type is None and not opts.urn: + raise TypeError("Missing required property 'assignment_type'") + __props__.__dict__["assignment_type"] = assignment_type + __props__.__dict__["duration"] = duration + __props__.__dict__["expiration_date"] = expiration_date + if group_id is None and not opts.urn: + raise TypeError("Missing required property 'group_id'") + __props__.__dict__["group_id"] = group_id + __props__.__dict__["justification"] = justification + __props__.__dict__["permanent_assignment"] = permanent_assignment + if principal_id is None and not opts.urn: + raise TypeError("Missing required property 'principal_id'") + __props__.__dict__["principal_id"] = principal_id + __props__.__dict__["start_date"] = start_date + __props__.__dict__["ticket_number"] = ticket_number + __props__.__dict__["ticket_system"] = ticket_system + __props__.__dict__["status"] = None + super(PrivilegedAccessGroupAssignmentSchedule, __self__).__init__( + 'azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + assignment_type: Optional[pulumi.Input[str]] = None, + duration: Optional[pulumi.Input[str]] = None, + expiration_date: Optional[pulumi.Input[str]] = None, + group_id: Optional[pulumi.Input[str]] = None, + justification: Optional[pulumi.Input[str]] = None, + permanent_assignment: Optional[pulumi.Input[bool]] = None, + principal_id: Optional[pulumi.Input[str]] = None, + start_date: Optional[pulumi.Input[str]] = None, + status: Optional[pulumi.Input[str]] = None, + ticket_number: Optional[pulumi.Input[str]] = None, + ticket_system: Optional[pulumi.Input[str]] = None) -> 'PrivilegedAccessGroupAssignmentSchedule': + """ + Get an existing PrivilegedAccessGroupAssignmentSchedule resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] assignment_type: The type of assignment to the group. Can be either `member` or `owner`. + :param pulumi.Input[str] duration: The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + :param pulumi.Input[str] expiration_date: The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + :param pulumi.Input[str] group_id: The Object ID of the Azure AD group to which the principal will be assigned. + :param pulumi.Input[str] justification: The justification for this assignment. May be required by the role policy. + :param pulumi.Input[bool] permanent_assignment: Is this assigment permanently valid. + + At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + :param pulumi.Input[str] principal_id: The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + :param pulumi.Input[str] start_date: The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + :param pulumi.Input[str] status: (String) The provisioning status of this request. + :param pulumi.Input[str] ticket_number: The ticket number in the ticket system approving this assignment. May be required by the role policy. + :param pulumi.Input[str] ticket_system: The ticket system containing the ticket number approving this assignment. May be required by the role policy. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _PrivilegedAccessGroupAssignmentScheduleState.__new__(_PrivilegedAccessGroupAssignmentScheduleState) + + __props__.__dict__["assignment_type"] = assignment_type + __props__.__dict__["duration"] = duration + __props__.__dict__["expiration_date"] = expiration_date + __props__.__dict__["group_id"] = group_id + __props__.__dict__["justification"] = justification + __props__.__dict__["permanent_assignment"] = permanent_assignment + __props__.__dict__["principal_id"] = principal_id + __props__.__dict__["start_date"] = start_date + __props__.__dict__["status"] = status + __props__.__dict__["ticket_number"] = ticket_number + __props__.__dict__["ticket_system"] = ticket_system + return PrivilegedAccessGroupAssignmentSchedule(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="assignmentType") + def assignment_type(self) -> pulumi.Output[str]: + """ + The type of assignment to the group. Can be either `member` or `owner`. + """ + return pulumi.get(self, "assignment_type") + + @property + @pulumi.getter + def duration(self) -> pulumi.Output[Optional[str]]: + """ + The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + """ + return pulumi.get(self, "duration") + + @property + @pulumi.getter(name="expirationDate") + def expiration_date(self) -> pulumi.Output[str]: + """ + The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + """ + return pulumi.get(self, "expiration_date") + + @property + @pulumi.getter(name="groupId") + def group_id(self) -> pulumi.Output[str]: + """ + The Object ID of the Azure AD group to which the principal will be assigned. + """ + return pulumi.get(self, "group_id") + + @property + @pulumi.getter + def justification(self) -> pulumi.Output[Optional[str]]: + """ + The justification for this assignment. May be required by the role policy. + """ + return pulumi.get(self, "justification") + + @property + @pulumi.getter(name="permanentAssignment") + def permanent_assignment(self) -> pulumi.Output[bool]: + """ + Is this assigment permanently valid. + + At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + """ + return pulumi.get(self, "permanent_assignment") + + @property + @pulumi.getter(name="principalId") + def principal_id(self) -> pulumi.Output[str]: + """ + The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + """ + return pulumi.get(self, "principal_id") + + @property + @pulumi.getter(name="startDate") + def start_date(self) -> pulumi.Output[str]: + """ + The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + """ + return pulumi.get(self, "start_date") + + @property + @pulumi.getter + def status(self) -> pulumi.Output[str]: + """ + (String) The provisioning status of this request. + """ + return pulumi.get(self, "status") + + @property + @pulumi.getter(name="ticketNumber") + def ticket_number(self) -> pulumi.Output[Optional[str]]: + """ + The ticket number in the ticket system approving this assignment. May be required by the role policy. + """ + return pulumi.get(self, "ticket_number") + + @property + @pulumi.getter(name="ticketSystem") + def ticket_system(self) -> pulumi.Output[Optional[str]]: + """ + The ticket system containing the ticket number approving this assignment. May be required by the role policy. + """ + return pulumi.get(self, "ticket_system") + diff --git a/sdk/python/pulumi_azuread/privileged_access_group_eligibility_schedule.py b/sdk/python/pulumi_azuread/privileged_access_group_eligibility_schedule.py new file mode 100644 index 000000000..b3ba93bc4 --- /dev/null +++ b/sdk/python/pulumi_azuread/privileged_access_group_eligibility_schedule.py @@ -0,0 +1,689 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from . import _utilities + +__all__ = ['PrivilegedAccessGroupEligibilityScheduleArgs', 'PrivilegedAccessGroupEligibilitySchedule'] + +@pulumi.input_type +class PrivilegedAccessGroupEligibilityScheduleArgs: + def __init__(__self__, *, + assignment_type: pulumi.Input[str], + group_id: pulumi.Input[str], + principal_id: pulumi.Input[str], + duration: Optional[pulumi.Input[str]] = None, + expiration_date: Optional[pulumi.Input[str]] = None, + justification: Optional[pulumi.Input[str]] = None, + permanent_assignment: Optional[pulumi.Input[bool]] = None, + start_date: Optional[pulumi.Input[str]] = None, + ticket_number: Optional[pulumi.Input[str]] = None, + ticket_system: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a PrivilegedAccessGroupEligibilitySchedule resource. + :param pulumi.Input[str] assignment_type: The type of assignment to the group. Can be either `member` or `owner`. + :param pulumi.Input[str] group_id: The Object ID of the Azure AD group to which the principal will be assigned. + :param pulumi.Input[str] principal_id: The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + :param pulumi.Input[str] duration: The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + :param pulumi.Input[str] expiration_date: The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + :param pulumi.Input[str] justification: The justification for this assignment. May be required by the role policy. + :param pulumi.Input[bool] permanent_assignment: Is this assigment permanently valid. + + At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + :param pulumi.Input[str] start_date: The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + :param pulumi.Input[str] ticket_number: The ticket number in the ticket system approving this assignment. May be required by the role policy. + :param pulumi.Input[str] ticket_system: The ticket system containing the ticket number approving this assignment. May be required by the role policy. + """ + pulumi.set(__self__, "assignment_type", assignment_type) + pulumi.set(__self__, "group_id", group_id) + pulumi.set(__self__, "principal_id", principal_id) + if duration is not None: + pulumi.set(__self__, "duration", duration) + if expiration_date is not None: + pulumi.set(__self__, "expiration_date", expiration_date) + if justification is not None: + pulumi.set(__self__, "justification", justification) + if permanent_assignment is not None: + pulumi.set(__self__, "permanent_assignment", permanent_assignment) + if start_date is not None: + pulumi.set(__self__, "start_date", start_date) + if ticket_number is not None: + pulumi.set(__self__, "ticket_number", ticket_number) + if ticket_system is not None: + pulumi.set(__self__, "ticket_system", ticket_system) + + @property + @pulumi.getter(name="assignmentType") + def assignment_type(self) -> pulumi.Input[str]: + """ + The type of assignment to the group. Can be either `member` or `owner`. + """ + return pulumi.get(self, "assignment_type") + + @assignment_type.setter + def assignment_type(self, value: pulumi.Input[str]): + pulumi.set(self, "assignment_type", value) + + @property + @pulumi.getter(name="groupId") + def group_id(self) -> pulumi.Input[str]: + """ + The Object ID of the Azure AD group to which the principal will be assigned. + """ + return pulumi.get(self, "group_id") + + @group_id.setter + def group_id(self, value: pulumi.Input[str]): + pulumi.set(self, "group_id", value) + + @property + @pulumi.getter(name="principalId") + def principal_id(self) -> pulumi.Input[str]: + """ + The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + """ + return pulumi.get(self, "principal_id") + + @principal_id.setter + def principal_id(self, value: pulumi.Input[str]): + pulumi.set(self, "principal_id", value) + + @property + @pulumi.getter + def duration(self) -> Optional[pulumi.Input[str]]: + """ + The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + """ + return pulumi.get(self, "duration") + + @duration.setter + def duration(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "duration", value) + + @property + @pulumi.getter(name="expirationDate") + def expiration_date(self) -> Optional[pulumi.Input[str]]: + """ + The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + """ + return pulumi.get(self, "expiration_date") + + @expiration_date.setter + def expiration_date(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "expiration_date", value) + + @property + @pulumi.getter + def justification(self) -> Optional[pulumi.Input[str]]: + """ + The justification for this assignment. May be required by the role policy. + """ + return pulumi.get(self, "justification") + + @justification.setter + def justification(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "justification", value) + + @property + @pulumi.getter(name="permanentAssignment") + def permanent_assignment(self) -> Optional[pulumi.Input[bool]]: + """ + Is this assigment permanently valid. + + At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + """ + return pulumi.get(self, "permanent_assignment") + + @permanent_assignment.setter + def permanent_assignment(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "permanent_assignment", value) + + @property + @pulumi.getter(name="startDate") + def start_date(self) -> Optional[pulumi.Input[str]]: + """ + The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + """ + return pulumi.get(self, "start_date") + + @start_date.setter + def start_date(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "start_date", value) + + @property + @pulumi.getter(name="ticketNumber") + def ticket_number(self) -> Optional[pulumi.Input[str]]: + """ + The ticket number in the ticket system approving this assignment. May be required by the role policy. + """ + return pulumi.get(self, "ticket_number") + + @ticket_number.setter + def ticket_number(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ticket_number", value) + + @property + @pulumi.getter(name="ticketSystem") + def ticket_system(self) -> Optional[pulumi.Input[str]]: + """ + The ticket system containing the ticket number approving this assignment. May be required by the role policy. + """ + return pulumi.get(self, "ticket_system") + + @ticket_system.setter + def ticket_system(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ticket_system", value) + + +@pulumi.input_type +class _PrivilegedAccessGroupEligibilityScheduleState: + def __init__(__self__, *, + assignment_type: Optional[pulumi.Input[str]] = None, + duration: Optional[pulumi.Input[str]] = None, + expiration_date: Optional[pulumi.Input[str]] = None, + group_id: Optional[pulumi.Input[str]] = None, + justification: Optional[pulumi.Input[str]] = None, + permanent_assignment: Optional[pulumi.Input[bool]] = None, + principal_id: Optional[pulumi.Input[str]] = None, + start_date: Optional[pulumi.Input[str]] = None, + status: Optional[pulumi.Input[str]] = None, + ticket_number: Optional[pulumi.Input[str]] = None, + ticket_system: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering PrivilegedAccessGroupEligibilitySchedule resources. + :param pulumi.Input[str] assignment_type: The type of assignment to the group. Can be either `member` or `owner`. + :param pulumi.Input[str] duration: The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + :param pulumi.Input[str] expiration_date: The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + :param pulumi.Input[str] group_id: The Object ID of the Azure AD group to which the principal will be assigned. + :param pulumi.Input[str] justification: The justification for this assignment. May be required by the role policy. + :param pulumi.Input[bool] permanent_assignment: Is this assigment permanently valid. + + At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + :param pulumi.Input[str] principal_id: The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + :param pulumi.Input[str] start_date: The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + :param pulumi.Input[str] status: (String) The provisioning status of this request. + :param pulumi.Input[str] ticket_number: The ticket number in the ticket system approving this assignment. May be required by the role policy. + :param pulumi.Input[str] ticket_system: The ticket system containing the ticket number approving this assignment. May be required by the role policy. + """ + if assignment_type is not None: + pulumi.set(__self__, "assignment_type", assignment_type) + if duration is not None: + pulumi.set(__self__, "duration", duration) + if expiration_date is not None: + pulumi.set(__self__, "expiration_date", expiration_date) + if group_id is not None: + pulumi.set(__self__, "group_id", group_id) + if justification is not None: + pulumi.set(__self__, "justification", justification) + if permanent_assignment is not None: + pulumi.set(__self__, "permanent_assignment", permanent_assignment) + if principal_id is not None: + pulumi.set(__self__, "principal_id", principal_id) + if start_date is not None: + pulumi.set(__self__, "start_date", start_date) + if status is not None: + pulumi.set(__self__, "status", status) + if ticket_number is not None: + pulumi.set(__self__, "ticket_number", ticket_number) + if ticket_system is not None: + pulumi.set(__self__, "ticket_system", ticket_system) + + @property + @pulumi.getter(name="assignmentType") + def assignment_type(self) -> Optional[pulumi.Input[str]]: + """ + The type of assignment to the group. Can be either `member` or `owner`. + """ + return pulumi.get(self, "assignment_type") + + @assignment_type.setter + def assignment_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "assignment_type", value) + + @property + @pulumi.getter + def duration(self) -> Optional[pulumi.Input[str]]: + """ + The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + """ + return pulumi.get(self, "duration") + + @duration.setter + def duration(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "duration", value) + + @property + @pulumi.getter(name="expirationDate") + def expiration_date(self) -> Optional[pulumi.Input[str]]: + """ + The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + """ + return pulumi.get(self, "expiration_date") + + @expiration_date.setter + def expiration_date(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "expiration_date", value) + + @property + @pulumi.getter(name="groupId") + def group_id(self) -> Optional[pulumi.Input[str]]: + """ + The Object ID of the Azure AD group to which the principal will be assigned. + """ + return pulumi.get(self, "group_id") + + @group_id.setter + def group_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "group_id", value) + + @property + @pulumi.getter + def justification(self) -> Optional[pulumi.Input[str]]: + """ + The justification for this assignment. May be required by the role policy. + """ + return pulumi.get(self, "justification") + + @justification.setter + def justification(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "justification", value) + + @property + @pulumi.getter(name="permanentAssignment") + def permanent_assignment(self) -> Optional[pulumi.Input[bool]]: + """ + Is this assigment permanently valid. + + At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + """ + return pulumi.get(self, "permanent_assignment") + + @permanent_assignment.setter + def permanent_assignment(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "permanent_assignment", value) + + @property + @pulumi.getter(name="principalId") + def principal_id(self) -> Optional[pulumi.Input[str]]: + """ + The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + """ + return pulumi.get(self, "principal_id") + + @principal_id.setter + def principal_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "principal_id", value) + + @property + @pulumi.getter(name="startDate") + def start_date(self) -> Optional[pulumi.Input[str]]: + """ + The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + """ + return pulumi.get(self, "start_date") + + @start_date.setter + def start_date(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "start_date", value) + + @property + @pulumi.getter + def status(self) -> Optional[pulumi.Input[str]]: + """ + (String) The provisioning status of this request. + """ + return pulumi.get(self, "status") + + @status.setter + def status(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "status", value) + + @property + @pulumi.getter(name="ticketNumber") + def ticket_number(self) -> Optional[pulumi.Input[str]]: + """ + The ticket number in the ticket system approving this assignment. May be required by the role policy. + """ + return pulumi.get(self, "ticket_number") + + @ticket_number.setter + def ticket_number(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ticket_number", value) + + @property + @pulumi.getter(name="ticketSystem") + def ticket_system(self) -> Optional[pulumi.Input[str]]: + """ + The ticket system containing the ticket number approving this assignment. May be required by the role policy. + """ + return pulumi.get(self, "ticket_system") + + @ticket_system.setter + def ticket_system(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "ticket_system", value) + + +class PrivilegedAccessGroupEligibilitySchedule(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + assignment_type: Optional[pulumi.Input[str]] = None, + duration: Optional[pulumi.Input[str]] = None, + expiration_date: Optional[pulumi.Input[str]] = None, + group_id: Optional[pulumi.Input[str]] = None, + justification: Optional[pulumi.Input[str]] = None, + permanent_assignment: Optional[pulumi.Input[bool]] = None, + principal_id: Optional[pulumi.Input[str]] = None, + start_date: Optional[pulumi.Input[str]] = None, + ticket_number: Optional[pulumi.Input[str]] = None, + ticket_system: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Manages an eligible assignment to a privileged access group. + + ## API Permissions + + The following API permissions are required in order to use this resource. + + When authenticated with a service principal, this resource requires the `PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup` Microsoft Graph API permissions. + + When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + + ## Example Usage + + ```python + import pulumi + import pulumi_azuread as azuread + + example = azuread.Group("example", + display_name="group-name", + security_enabled=True) + member = azuread.User("member", + user_principal_name="jdoe@example.com", + display_name="J. Doe", + mail_nickname="jdoe", + password="SecretP@sswd99!") + example_privileged_access_group_eligibility_schedule = azuread.PrivilegedAccessGroupEligibilitySchedule("example", + group_id=pim["id"], + principal_id=member.id, + assignment_type="member", + duration="P30D", + justification="as requested") + ``` + + ## Import + + An assignment schedule can be imported using the schedule ID, e.g. + + ```sh + $ pulumi import azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000 + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] assignment_type: The type of assignment to the group. Can be either `member` or `owner`. + :param pulumi.Input[str] duration: The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + :param pulumi.Input[str] expiration_date: The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + :param pulumi.Input[str] group_id: The Object ID of the Azure AD group to which the principal will be assigned. + :param pulumi.Input[str] justification: The justification for this assignment. May be required by the role policy. + :param pulumi.Input[bool] permanent_assignment: Is this assigment permanently valid. + + At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + :param pulumi.Input[str] principal_id: The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + :param pulumi.Input[str] start_date: The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + :param pulumi.Input[str] ticket_number: The ticket number in the ticket system approving this assignment. May be required by the role policy. + :param pulumi.Input[str] ticket_system: The ticket system containing the ticket number approving this assignment. May be required by the role policy. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: PrivilegedAccessGroupEligibilityScheduleArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Manages an eligible assignment to a privileged access group. + + ## API Permissions + + The following API permissions are required in order to use this resource. + + When authenticated with a service principal, this resource requires the `PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup` Microsoft Graph API permissions. + + When authenticated with a user principal, this resource requires `Global Administrator` directory role, or the `Privileged Role Administrator` role in Identity Governance. + + ## Example Usage + + ```python + import pulumi + import pulumi_azuread as azuread + + example = azuread.Group("example", + display_name="group-name", + security_enabled=True) + member = azuread.User("member", + user_principal_name="jdoe@example.com", + display_name="J. Doe", + mail_nickname="jdoe", + password="SecretP@sswd99!") + example_privileged_access_group_eligibility_schedule = azuread.PrivilegedAccessGroupEligibilitySchedule("example", + group_id=pim["id"], + principal_id=member.id, + assignment_type="member", + duration="P30D", + justification="as requested") + ``` + + ## Import + + An assignment schedule can be imported using the schedule ID, e.g. + + ```sh + $ pulumi import azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000 + ``` + + :param str resource_name: The name of the resource. + :param PrivilegedAccessGroupEligibilityScheduleArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(PrivilegedAccessGroupEligibilityScheduleArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + assignment_type: Optional[pulumi.Input[str]] = None, + duration: Optional[pulumi.Input[str]] = None, + expiration_date: Optional[pulumi.Input[str]] = None, + group_id: Optional[pulumi.Input[str]] = None, + justification: Optional[pulumi.Input[str]] = None, + permanent_assignment: Optional[pulumi.Input[bool]] = None, + principal_id: Optional[pulumi.Input[str]] = None, + start_date: Optional[pulumi.Input[str]] = None, + ticket_number: Optional[pulumi.Input[str]] = None, + ticket_system: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = PrivilegedAccessGroupEligibilityScheduleArgs.__new__(PrivilegedAccessGroupEligibilityScheduleArgs) + + if assignment_type is None and not opts.urn: + raise TypeError("Missing required property 'assignment_type'") + __props__.__dict__["assignment_type"] = assignment_type + __props__.__dict__["duration"] = duration + __props__.__dict__["expiration_date"] = expiration_date + if group_id is None and not opts.urn: + raise TypeError("Missing required property 'group_id'") + __props__.__dict__["group_id"] = group_id + __props__.__dict__["justification"] = justification + __props__.__dict__["permanent_assignment"] = permanent_assignment + if principal_id is None and not opts.urn: + raise TypeError("Missing required property 'principal_id'") + __props__.__dict__["principal_id"] = principal_id + __props__.__dict__["start_date"] = start_date + __props__.__dict__["ticket_number"] = ticket_number + __props__.__dict__["ticket_system"] = ticket_system + __props__.__dict__["status"] = None + super(PrivilegedAccessGroupEligibilitySchedule, __self__).__init__( + 'azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + assignment_type: Optional[pulumi.Input[str]] = None, + duration: Optional[pulumi.Input[str]] = None, + expiration_date: Optional[pulumi.Input[str]] = None, + group_id: Optional[pulumi.Input[str]] = None, + justification: Optional[pulumi.Input[str]] = None, + permanent_assignment: Optional[pulumi.Input[bool]] = None, + principal_id: Optional[pulumi.Input[str]] = None, + start_date: Optional[pulumi.Input[str]] = None, + status: Optional[pulumi.Input[str]] = None, + ticket_number: Optional[pulumi.Input[str]] = None, + ticket_system: Optional[pulumi.Input[str]] = None) -> 'PrivilegedAccessGroupEligibilitySchedule': + """ + Get an existing PrivilegedAccessGroupEligibilitySchedule resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] assignment_type: The type of assignment to the group. Can be either `member` or `owner`. + :param pulumi.Input[str] duration: The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + :param pulumi.Input[str] expiration_date: The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + :param pulumi.Input[str] group_id: The Object ID of the Azure AD group to which the principal will be assigned. + :param pulumi.Input[str] justification: The justification for this assignment. May be required by the role policy. + :param pulumi.Input[bool] permanent_assignment: Is this assigment permanently valid. + + At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + :param pulumi.Input[str] principal_id: The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + :param pulumi.Input[str] start_date: The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + :param pulumi.Input[str] status: (String) The provisioning status of this request. + :param pulumi.Input[str] ticket_number: The ticket number in the ticket system approving this assignment. May be required by the role policy. + :param pulumi.Input[str] ticket_system: The ticket system containing the ticket number approving this assignment. May be required by the role policy. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _PrivilegedAccessGroupEligibilityScheduleState.__new__(_PrivilegedAccessGroupEligibilityScheduleState) + + __props__.__dict__["assignment_type"] = assignment_type + __props__.__dict__["duration"] = duration + __props__.__dict__["expiration_date"] = expiration_date + __props__.__dict__["group_id"] = group_id + __props__.__dict__["justification"] = justification + __props__.__dict__["permanent_assignment"] = permanent_assignment + __props__.__dict__["principal_id"] = principal_id + __props__.__dict__["start_date"] = start_date + __props__.__dict__["status"] = status + __props__.__dict__["ticket_number"] = ticket_number + __props__.__dict__["ticket_system"] = ticket_system + return PrivilegedAccessGroupEligibilitySchedule(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="assignmentType") + def assignment_type(self) -> pulumi.Output[str]: + """ + The type of assignment to the group. Can be either `member` or `owner`. + """ + return pulumi.get(self, "assignment_type") + + @property + @pulumi.getter + def duration(self) -> pulumi.Output[Optional[str]]: + """ + The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours). + """ + return pulumi.get(self, "duration") + + @property + @pulumi.getter(name="expirationDate") + def expiration_date(self) -> pulumi.Output[str]: + """ + The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). + """ + return pulumi.get(self, "expiration_date") + + @property + @pulumi.getter(name="groupId") + def group_id(self) -> pulumi.Output[str]: + """ + The Object ID of the Azure AD group to which the principal will be assigned. + """ + return pulumi.get(self, "group_id") + + @property + @pulumi.getter + def justification(self) -> pulumi.Output[Optional[str]]: + """ + The justification for this assignment. May be required by the role policy. + """ + return pulumi.get(self, "justification") + + @property + @pulumi.getter(name="permanentAssignment") + def permanent_assignment(self) -> pulumi.Output[bool]: + """ + Is this assigment permanently valid. + + At least one of `expiration_date`, `duration`, or `permanent_assignment` must be supplied. The role policy may limit the maximum duration which can be supplied. + """ + return pulumi.get(self, "permanent_assignment") + + @property + @pulumi.getter(name="principalId") + def principal_id(self) -> pulumi.Output[str]: + """ + The Object ID of the principal to be assigned to the above group. Can be either a user or a group. + """ + return pulumi.get(self, "principal_id") + + @property + @pulumi.getter(name="startDate") + def start_date(self) -> pulumi.Output[str]: + """ + The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid. + """ + return pulumi.get(self, "start_date") + + @property + @pulumi.getter + def status(self) -> pulumi.Output[str]: + """ + (String) The provisioning status of this request. + """ + return pulumi.get(self, "status") + + @property + @pulumi.getter(name="ticketNumber") + def ticket_number(self) -> pulumi.Output[Optional[str]]: + """ + The ticket number in the ticket system approving this assignment. May be required by the role policy. + """ + return pulumi.get(self, "ticket_number") + + @property + @pulumi.getter(name="ticketSystem") + def ticket_system(self) -> pulumi.Output[Optional[str]]: + """ + The ticket system containing the ticket number approving this assignment. May be required by the role policy. + """ + return pulumi.get(self, "ticket_system") + diff --git a/sdk/python/pulumi_azuread/synchronization_job_provision_on_demand.py b/sdk/python/pulumi_azuread/synchronization_job_provision_on_demand.py new file mode 100644 index 000000000..b6cf3875d --- /dev/null +++ b/sdk/python/pulumi_azuread/synchronization_job_provision_on_demand.py @@ -0,0 +1,402 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +from . import _utilities +from . import outputs +from ._inputs import * + +__all__ = ['SynchronizationJobProvisionOnDemandArgs', 'SynchronizationJobProvisionOnDemand'] + +@pulumi.input_type +class SynchronizationJobProvisionOnDemandArgs: + def __init__(__self__, *, + parameters: pulumi.Input[Sequence[pulumi.Input['SynchronizationJobProvisionOnDemandParameterArgs']]], + service_principal_id: pulumi.Input[str], + synchronization_job_id: pulumi.Input[str], + triggers: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + The set of arguments for constructing a SynchronizationJobProvisionOnDemand resource. + :param pulumi.Input[Sequence[pulumi.Input['SynchronizationJobProvisionOnDemandParameterArgs']]] parameters: One or more `parameter` blocks as documented below. + :param pulumi.Input[str] service_principal_id: The object ID of the service principal for the synchronization job. + :param pulumi.Input[str] synchronization_job_id: Identifier of the synchronization template this job is based on. + """ + pulumi.set(__self__, "parameters", parameters) + pulumi.set(__self__, "service_principal_id", service_principal_id) + pulumi.set(__self__, "synchronization_job_id", synchronization_job_id) + if triggers is not None: + pulumi.set(__self__, "triggers", triggers) + + @property + @pulumi.getter + def parameters(self) -> pulumi.Input[Sequence[pulumi.Input['SynchronizationJobProvisionOnDemandParameterArgs']]]: + """ + One or more `parameter` blocks as documented below. + """ + return pulumi.get(self, "parameters") + + @parameters.setter + def parameters(self, value: pulumi.Input[Sequence[pulumi.Input['SynchronizationJobProvisionOnDemandParameterArgs']]]): + pulumi.set(self, "parameters", value) + + @property + @pulumi.getter(name="servicePrincipalId") + def service_principal_id(self) -> pulumi.Input[str]: + """ + The object ID of the service principal for the synchronization job. + """ + return pulumi.get(self, "service_principal_id") + + @service_principal_id.setter + def service_principal_id(self, value: pulumi.Input[str]): + pulumi.set(self, "service_principal_id", value) + + @property + @pulumi.getter(name="synchronizationJobId") + def synchronization_job_id(self) -> pulumi.Input[str]: + """ + Identifier of the synchronization template this job is based on. + """ + return pulumi.get(self, "synchronization_job_id") + + @synchronization_job_id.setter + def synchronization_job_id(self, value: pulumi.Input[str]): + pulumi.set(self, "synchronization_job_id", value) + + @property + @pulumi.getter + def triggers(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + return pulumi.get(self, "triggers") + + @triggers.setter + def triggers(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "triggers", value) + + +@pulumi.input_type +class _SynchronizationJobProvisionOnDemandState: + def __init__(__self__, *, + parameters: Optional[pulumi.Input[Sequence[pulumi.Input['SynchronizationJobProvisionOnDemandParameterArgs']]]] = None, + service_principal_id: Optional[pulumi.Input[str]] = None, + synchronization_job_id: Optional[pulumi.Input[str]] = None, + triggers: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): + """ + Input properties used for looking up and filtering SynchronizationJobProvisionOnDemand resources. + :param pulumi.Input[Sequence[pulumi.Input['SynchronizationJobProvisionOnDemandParameterArgs']]] parameters: One or more `parameter` blocks as documented below. + :param pulumi.Input[str] service_principal_id: The object ID of the service principal for the synchronization job. + :param pulumi.Input[str] synchronization_job_id: Identifier of the synchronization template this job is based on. + """ + if parameters is not None: + pulumi.set(__self__, "parameters", parameters) + if service_principal_id is not None: + pulumi.set(__self__, "service_principal_id", service_principal_id) + if synchronization_job_id is not None: + pulumi.set(__self__, "synchronization_job_id", synchronization_job_id) + if triggers is not None: + pulumi.set(__self__, "triggers", triggers) + + @property + @pulumi.getter + def parameters(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SynchronizationJobProvisionOnDemandParameterArgs']]]]: + """ + One or more `parameter` blocks as documented below. + """ + return pulumi.get(self, "parameters") + + @parameters.setter + def parameters(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SynchronizationJobProvisionOnDemandParameterArgs']]]]): + pulumi.set(self, "parameters", value) + + @property + @pulumi.getter(name="servicePrincipalId") + def service_principal_id(self) -> Optional[pulumi.Input[str]]: + """ + The object ID of the service principal for the synchronization job. + """ + return pulumi.get(self, "service_principal_id") + + @service_principal_id.setter + def service_principal_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service_principal_id", value) + + @property + @pulumi.getter(name="synchronizationJobId") + def synchronization_job_id(self) -> Optional[pulumi.Input[str]]: + """ + Identifier of the synchronization template this job is based on. + """ + return pulumi.get(self, "synchronization_job_id") + + @synchronization_job_id.setter + def synchronization_job_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "synchronization_job_id", value) + + @property + @pulumi.getter + def triggers(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + return pulumi.get(self, "triggers") + + @triggers.setter + def triggers(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "triggers", value) + + +class SynchronizationJobProvisionOnDemand(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + parameters: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SynchronizationJobProvisionOnDemandParameterArgs']]]]] = None, + service_principal_id: Optional[pulumi.Input[str]] = None, + synchronization_job_id: Optional[pulumi.Input[str]] = None, + triggers: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + __props__=None): + """ + Manages synchronization job on demand provisioning associated with a service principal (enterprise application) within Azure Active Directory. + + ## API Permissions + + The following API permissions are required in order to use this resource. + + When authenticated with a service principal, this resource requires one of the following application roles: `Synchronization.ReadWrite.All` + + ## Example Usage + + *Basic example* + + ```python + import pulumi + import pulumi_azuread as azuread + + current = azuread.get_client_config() + example_group = azuread.Group("example", + display_name="example", + owners=[current.object_id], + security_enabled=True) + example = azuread.get_application_template(display_name="Azure Databricks SCIM Provisioning Connector") + example_application = azuread.Application("example", + display_name="example", + template_id=example.template_id, + feature_tags=[azuread.ApplicationFeatureTagArgs( + enterprise=True, + gallery=True, + )]) + example_service_principal = azuread.ServicePrincipal("example", + client_id=example_application.client_id, + use_existing=True) + example_synchronization_secret = azuread.SynchronizationSecret("example", + service_principal_id=example_service_principal.id, + credentials=[ + azuread.SynchronizationSecretCredentialArgs( + key="BaseAddress", + value="https://adb-example.azuredatabricks.net/api/2.0/preview/scim", + ), + azuread.SynchronizationSecretCredentialArgs( + key="SecretToken", + value="some-token", + ), + ]) + example_synchronization_job = azuread.SynchronizationJob("example", + service_principal_id=example_service_principal.id, + template_id="dataBricks", + enabled=True) + example_synchronization_job_provision_on_demand = azuread.SynchronizationJobProvisionOnDemand("example", + service_principal_id=example_service_principal.id, + synchronization_job_id=example_synchronization_job.id, + parameters=[azuread.SynchronizationJobProvisionOnDemandParameterArgs( + rule_id="", + subjects=[azuread.SynchronizationJobProvisionOnDemandParameterSubjectArgs( + object_id=example_group.object_id, + object_type_name="Group", + )], + )]) + ``` + + ## Import + + This resource does not support importing. + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SynchronizationJobProvisionOnDemandParameterArgs']]]] parameters: One or more `parameter` blocks as documented below. + :param pulumi.Input[str] service_principal_id: The object ID of the service principal for the synchronization job. + :param pulumi.Input[str] synchronization_job_id: Identifier of the synchronization template this job is based on. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: SynchronizationJobProvisionOnDemandArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Manages synchronization job on demand provisioning associated with a service principal (enterprise application) within Azure Active Directory. + + ## API Permissions + + The following API permissions are required in order to use this resource. + + When authenticated with a service principal, this resource requires one of the following application roles: `Synchronization.ReadWrite.All` + + ## Example Usage + + *Basic example* + + ```python + import pulumi + import pulumi_azuread as azuread + + current = azuread.get_client_config() + example_group = azuread.Group("example", + display_name="example", + owners=[current.object_id], + security_enabled=True) + example = azuread.get_application_template(display_name="Azure Databricks SCIM Provisioning Connector") + example_application = azuread.Application("example", + display_name="example", + template_id=example.template_id, + feature_tags=[azuread.ApplicationFeatureTagArgs( + enterprise=True, + gallery=True, + )]) + example_service_principal = azuread.ServicePrincipal("example", + client_id=example_application.client_id, + use_existing=True) + example_synchronization_secret = azuread.SynchronizationSecret("example", + service_principal_id=example_service_principal.id, + credentials=[ + azuread.SynchronizationSecretCredentialArgs( + key="BaseAddress", + value="https://adb-example.azuredatabricks.net/api/2.0/preview/scim", + ), + azuread.SynchronizationSecretCredentialArgs( + key="SecretToken", + value="some-token", + ), + ]) + example_synchronization_job = azuread.SynchronizationJob("example", + service_principal_id=example_service_principal.id, + template_id="dataBricks", + enabled=True) + example_synchronization_job_provision_on_demand = azuread.SynchronizationJobProvisionOnDemand("example", + service_principal_id=example_service_principal.id, + synchronization_job_id=example_synchronization_job.id, + parameters=[azuread.SynchronizationJobProvisionOnDemandParameterArgs( + rule_id="", + subjects=[azuread.SynchronizationJobProvisionOnDemandParameterSubjectArgs( + object_id=example_group.object_id, + object_type_name="Group", + )], + )]) + ``` + + ## Import + + This resource does not support importing. + + :param str resource_name: The name of the resource. + :param SynchronizationJobProvisionOnDemandArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(SynchronizationJobProvisionOnDemandArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + parameters: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SynchronizationJobProvisionOnDemandParameterArgs']]]]] = None, + service_principal_id: Optional[pulumi.Input[str]] = None, + synchronization_job_id: Optional[pulumi.Input[str]] = None, + triggers: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = SynchronizationJobProvisionOnDemandArgs.__new__(SynchronizationJobProvisionOnDemandArgs) + + if parameters is None and not opts.urn: + raise TypeError("Missing required property 'parameters'") + __props__.__dict__["parameters"] = parameters + if service_principal_id is None and not opts.urn: + raise TypeError("Missing required property 'service_principal_id'") + __props__.__dict__["service_principal_id"] = service_principal_id + if synchronization_job_id is None and not opts.urn: + raise TypeError("Missing required property 'synchronization_job_id'") + __props__.__dict__["synchronization_job_id"] = synchronization_job_id + __props__.__dict__["triggers"] = triggers + super(SynchronizationJobProvisionOnDemand, __self__).__init__( + 'azuread:index/synchronizationJobProvisionOnDemand:SynchronizationJobProvisionOnDemand', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + parameters: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SynchronizationJobProvisionOnDemandParameterArgs']]]]] = None, + service_principal_id: Optional[pulumi.Input[str]] = None, + synchronization_job_id: Optional[pulumi.Input[str]] = None, + triggers: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None) -> 'SynchronizationJobProvisionOnDemand': + """ + Get an existing SynchronizationJobProvisionOnDemand resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SynchronizationJobProvisionOnDemandParameterArgs']]]] parameters: One or more `parameter` blocks as documented below. + :param pulumi.Input[str] service_principal_id: The object ID of the service principal for the synchronization job. + :param pulumi.Input[str] synchronization_job_id: Identifier of the synchronization template this job is based on. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _SynchronizationJobProvisionOnDemandState.__new__(_SynchronizationJobProvisionOnDemandState) + + __props__.__dict__["parameters"] = parameters + __props__.__dict__["service_principal_id"] = service_principal_id + __props__.__dict__["synchronization_job_id"] = synchronization_job_id + __props__.__dict__["triggers"] = triggers + return SynchronizationJobProvisionOnDemand(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def parameters(self) -> pulumi.Output[Sequence['outputs.SynchronizationJobProvisionOnDemandParameter']]: + """ + One or more `parameter` blocks as documented below. + """ + return pulumi.get(self, "parameters") + + @property + @pulumi.getter(name="servicePrincipalId") + def service_principal_id(self) -> pulumi.Output[str]: + """ + The object ID of the service principal for the synchronization job. + """ + return pulumi.get(self, "service_principal_id") + + @property + @pulumi.getter(name="synchronizationJobId") + def synchronization_job_id(self) -> pulumi.Output[str]: + """ + Identifier of the synchronization template this job is based on. + """ + return pulumi.get(self, "synchronization_job_id") + + @property + @pulumi.getter + def triggers(self) -> pulumi.Output[Optional[Mapping[str, str]]]: + return pulumi.get(self, "triggers") +