import * as pulumi from "@pulumi/pulumi"; /** * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * import * as random from "@pulumi/random"; * * const example = new azuread.ApplicationRegistration("example", {displayName: "example"}); * const exampleAdministrator = new random.RandomUuid("example_administrator", {}); * const exampleAdminister = new azuread.ApplicationAppRole("example_administer", { * applicationId: example.id, * roleId: exampleAdministrator.id, * allowedMemberTypes: ["User"], * description: "My role description", * displayName: "Administer", * value: "admin", * }); * ``` * * > **Tip** For managing more app roles, create additional instances of this resource * * *Usage with azuread.Application resource* * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuread from "@pulumi/azuread"; * * const example = new azuread.Application("example", {displayName: "example"}); * const exampleAdminister = new azuread.ApplicationAppRole("example_administer", {applicationId: example.id}); * ``` * * ## Import * * Application App Roles can be imported using the object ID of the application and the ID of the app role, in the following format. * * ```sh * $ pulumi import azuread:index/applicationAppRole:ApplicationAppRole example /applications/00000000-0000-0000-0000-000000000000/appRoles/11111111-1111-1111-1111-111111111111 * ``` */ export declare class ApplicationAppRole extends pulumi.CustomResource { /** * Get an existing ApplicationAppRole resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ApplicationAppRoleState, opts?: pulumi.CustomResourceOptions): ApplicationAppRole; /** * Returns true if the given object is an instance of ApplicationAppRole. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ApplicationAppRole; /** * A set of values to specify whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications by setting to `Application`, or to both. */ readonly allowedMemberTypes: pulumi.Output; /** * The resource ID of the application registration. Changing this forces a new resource to be created. */ readonly applicationId: pulumi.Output; /** * Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences. */ readonly description: pulumi.Output; /** * Display name for the app role that appears during app role assignment and in consent experiences. */ readonly displayName: pulumi.Output; /** * The unique identifier of the app role */ readonly roleId: pulumi.Output; /** * The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal. * * > **Roles and Permission Scopes** In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values. */ readonly value: pulumi.Output; /** * Create a ApplicationAppRole resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ApplicationAppRoleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ApplicationAppRole resources. */ export interface ApplicationAppRoleState { /** * A set of values to specify whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications by setting to `Application`, or to both. */ allowedMemberTypes?: pulumi.Input[]>; /** * The resource ID of the application registration. Changing this forces a new resource to be created. */ applicationId?: pulumi.Input; /** * Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences. */ description?: pulumi.Input; /** * Display name for the app role that appears during app role assignment and in consent experiences. */ displayName?: pulumi.Input; /** * The unique identifier of the app role */ roleId?: pulumi.Input; /** * The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal. * * > **Roles and Permission Scopes** In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values. */ value?: pulumi.Input; } /** * The set of arguments for constructing a ApplicationAppRole resource. */ export interface ApplicationAppRoleArgs { /** * A set of values to specify whether this app role definition can be assigned to users and groups by setting to `User`, or to other applications by setting to `Application`, or to both. */ allowedMemberTypes: pulumi.Input[]>; /** * The resource ID of the application registration. Changing this forces a new resource to be created. */ applicationId: pulumi.Input; /** * Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences. */ description: pulumi.Input; /** * Display name for the app role that appears during app role assignment and in consent experiences. */ displayName: pulumi.Input; /** * The unique identifier of the app role */ roleId: pulumi.Input; /** * The value that is used for the `roles` claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal. * * > **Roles and Permission Scopes** In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values. */ value?: pulumi.Input; }