import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * Manages an assignment policy for an access package within Identity Governance in Azure Active Directory. * * ## API Permissions * * The following API permissions are required in order to use this resource. * * When authenticated with a service principal, this resource requires the following application role: `EntitlementManagement.ReadWrite.All`. * * When authenticated with a user principal, this resource requires `Global Administrator` directory role, or one of the `Catalog Owner` and `Access Package Manager` role in Identity Governance. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * * const example = new azuread.Group("example", { * displayName: "group-name", * securityEnabled: true, * }); * const exampleAccessPackageCatalog = new azuread.AccessPackageCatalog("example", { * displayName: "example-catalog", * description: "Example catalog", * }); * const exampleAccessPackage = new azuread.AccessPackage("example", { * catalogId: exampleAccessPackageCatalog.id, * displayName: "access-package", * description: "Access Package", * }); * const exampleAccessPackageAssignmentPolicy = new azuread.AccessPackageAssignmentPolicy("example", { * accessPackageId: exampleAccessPackage.id, * displayName: "assignment-policy", * description: "My assignment policy", * durationInDays: 90, * requestorSettings: { * scopeType: "AllExistingDirectoryMemberUsers", * }, * approvalSettings: { * approvalRequired: true, * approvalStages: [{ * approvalTimeoutInDays: 14, * primaryApprovers: [{ * objectId: example.objectId, * subjectType: "groupMembers", * }], * }], * }, * assignmentReviewSettings: { * enabled: true, * reviewFrequency: "weekly", * durationInDays: 3, * reviewType: "Self", * accessReviewTimeoutBehavior: "keepAccess", * }, * questions: [{ * text: { * defaultText: "hello, how are you?", * }, * }], * }); * ``` * * ## Import * * An access package assignment policy can be imported using the ID, e.g. * * ```sh * $ pulumi import azuread:index/accessPackageAssignmentPolicy:AccessPackageAssignmentPolicy example 00000000-0000-0000-0000-000000000000 * ``` */ export declare class AccessPackageAssignmentPolicy extends pulumi.CustomResource { /** * Get an existing AccessPackageAssignmentPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: AccessPackageAssignmentPolicyState, opts?: pulumi.CustomResourceOptions): AccessPackageAssignmentPolicy; /** * Returns true if the given object is an instance of AccessPackageAssignmentPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is AccessPackageAssignmentPolicy; /** * The ID of the access package that will contain the policy. */ readonly accessPackageId: pulumi.Output; /** * An `approvalSettings` block to specify whether approvals are required and how they are obtained, as documented below. */ readonly approvalSettings: pulumi.Output; /** * An `assignmentReviewSettings` block, to specify whether assignment review is needed and how it is conducted, as documented below. */ readonly assignmentReviewSettings: pulumi.Output; /** * The description of the policy. */ readonly description: pulumi.Output; /** * The display name of the policy. */ readonly displayName: pulumi.Output; /** * How many days this assignment is valid for. */ readonly durationInDays: pulumi.Output; /** * The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z). */ readonly expirationDate: pulumi.Output; /** * Whether users will be able to request extension of their access to this package before their access expires. */ readonly extensionEnabled: pulumi.Output; /** * One or more `question` blocks for the requestor, as documented below. */ readonly questions: pulumi.Output; /** * A `requestorSettings` block to configure the users who can request access, as documented below. */ readonly requestorSettings: pulumi.Output; /** * Create a AccessPackageAssignmentPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: AccessPackageAssignmentPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering AccessPackageAssignmentPolicy resources. */ export interface AccessPackageAssignmentPolicyState { /** * The ID of the access package that will contain the policy. */ accessPackageId?: pulumi.Input; /** * An `approvalSettings` block to specify whether approvals are required and how they are obtained, as documented below. */ approvalSettings?: pulumi.Input; /** * An `assignmentReviewSettings` block, to specify whether assignment review is needed and how it is conducted, as documented below. */ assignmentReviewSettings?: pulumi.Input; /** * The description of the policy. */ description?: pulumi.Input; /** * The display name of the policy. */ displayName?: pulumi.Input; /** * How many days this assignment is valid for. */ durationInDays?: pulumi.Input; /** * The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z). */ expirationDate?: pulumi.Input; /** * Whether users will be able to request extension of their access to this package before their access expires. */ extensionEnabled?: pulumi.Input; /** * One or more `question` blocks for the requestor, as documented below. */ questions?: pulumi.Input[]>; /** * A `requestorSettings` block to configure the users who can request access, as documented below. */ requestorSettings?: pulumi.Input; } /** * The set of arguments for constructing a AccessPackageAssignmentPolicy resource. */ export interface AccessPackageAssignmentPolicyArgs { /** * The ID of the access package that will contain the policy. */ accessPackageId: pulumi.Input; /** * An `approvalSettings` block to specify whether approvals are required and how they are obtained, as documented below. */ approvalSettings?: pulumi.Input; /** * An `assignmentReviewSettings` block, to specify whether assignment review is needed and how it is conducted, as documented below. */ assignmentReviewSettings?: pulumi.Input; /** * The description of the policy. */ description: pulumi.Input; /** * The display name of the policy. */ displayName: pulumi.Input; /** * How many days this assignment is valid for. */ durationInDays?: pulumi.Input; /** * The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z). */ expirationDate?: pulumi.Input; /** * Whether users will be able to request extension of their access to this package before their access expires. */ extensionEnabled?: pulumi.Input; /** * One or more `question` blocks for the requestor, as documented below. */ questions?: pulumi.Input[]>; /** * A `requestorSettings` block to configure the users who can request access, as documented below. */ requestorSettings?: pulumi.Input; }