ApplicationAppRole

Manages an App Role associated with an Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API.

Example Usage

using Pulumi;
using AzureAD = Pulumi.AzureAD;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleApplication = new AzureAD.Application("exampleApplication", new AzureAD.ApplicationArgs
        {
        });
        var exampleApplicationAppRole = new AzureAD.ApplicationAppRole("exampleApplicationAppRole", new AzureAD.ApplicationAppRoleArgs
        {
            ApplicationObjectId = exampleApplication.Id,
            AllowedMemberTypes = 
            {
                "User",
            },
            Description = "Admins can manage roles and perform all task actions",
            DisplayName = "Admin",
            IsEnabled = true,
            Value = "administer",
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v4/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleApplication, err := azuread.NewApplication(ctx, "exampleApplication", nil)
		if err != nil {
			return err
		}
		_, err = azuread.NewApplicationAppRole(ctx, "exampleApplicationAppRole", &azuread.ApplicationAppRoleArgs{
			ApplicationObjectId: exampleApplication.ID(),
			AllowedMemberTypes: pulumi.StringArray{
				pulumi.String("User"),
			},
			Description: pulumi.String("Admins can manage roles and perform all task actions"),
			DisplayName: pulumi.String("Admin"),
			IsEnabled:   pulumi.Bool(true),
			Value:       pulumi.String("administer"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_azuread as azuread

example_application = azuread.Application("exampleApplication")
example_application_app_role = azuread.ApplicationAppRole("exampleApplicationAppRole",
    application_object_id=example_application.id,
    allowed_member_types=["User"],
    description="Admins can manage roles and perform all task actions",
    display_name="Admin",
    is_enabled=True,
    value="administer")
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const exampleApplication = new azuread.Application("exampleApplication", {});
const exampleApplicationAppRole = new azuread.ApplicationAppRole("exampleApplicationAppRole", {
    applicationObjectId: exampleApplication.id,
    allowedMemberTypes: ["User"],
    description: "Admins can manage roles and perform all task actions",
    displayName: "Admin",
    isEnabled: true,
    value: "administer",
});

Create a ApplicationAppRole Resource

new ApplicationAppRole(name: string, args: ApplicationAppRoleArgs, opts?: CustomResourceOptions);
@overload
def ApplicationAppRole(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       allowed_member_types: Optional[Sequence[str]] = None,
                       application_object_id: Optional[str] = None,
                       description: Optional[str] = None,
                       display_name: Optional[str] = None,
                       is_enabled: Optional[bool] = None,
                       role_id: Optional[str] = None,
                       value: Optional[str] = None)
@overload
def ApplicationAppRole(resource_name: str,
                       args: ApplicationAppRoleArgs,
                       opts: Optional[ResourceOptions] = None)
func NewApplicationAppRole(ctx *Context, name string, args ApplicationAppRoleArgs, opts ...ResourceOption) (*ApplicationAppRole, error)
public ApplicationAppRole(string name, ApplicationAppRoleArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args ApplicationAppRoleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ApplicationAppRoleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ApplicationAppRoleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ApplicationAppRoleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

ApplicationAppRole Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The ApplicationAppRole resource accepts the following input properties:

AllowedMemberTypes List<string>
Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in daemon service scenarios) by setting to Application, or to both.
ApplicationObjectId string
The Object ID of the Application for which this App Role should be created. Changing this field forces a new resource to be created.
Description string
Permission help text that appears in the admin app assignment and consent experiences.
DisplayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
IsEnabled bool
Determines if the app role is enabled. Defaults to true.
RoleId string
Specifies a custom UUID for the app role. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
Value string
Specifies the value of the roles claim that the application should expect in the authentication and access tokens.
AllowedMemberTypes []string
Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in daemon service scenarios) by setting to Application, or to both.
ApplicationObjectId string
The Object ID of the Application for which this App Role should be created. Changing this field forces a new resource to be created.
Description string
Permission help text that appears in the admin app assignment and consent experiences.
DisplayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
IsEnabled bool
Determines if the app role is enabled. Defaults to true.
RoleId string
Specifies a custom UUID for the app role. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
Value string
Specifies the value of the roles claim that the application should expect in the authentication and access tokens.
allowedMemberTypes string[]
Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in daemon service scenarios) by setting to Application, or to both.
applicationObjectId string
The Object ID of the Application for which this App Role should be created. Changing this field forces a new resource to be created.
description string
Permission help text that appears in the admin app assignment and consent experiences.
displayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
isEnabled boolean
Determines if the app role is enabled. Defaults to true.
roleId string
Specifies a custom UUID for the app role. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
value string
Specifies the value of the roles claim that the application should expect in the authentication and access tokens.
allowed_member_types Sequence[str]
Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in daemon service scenarios) by setting to Application, or to both.
application_object_id str
The Object ID of the Application for which this App Role should be created. Changing this field forces a new resource to be created.
description str
Permission help text that appears in the admin app assignment and consent experiences.
display_name str
Display name for the permission that appears in the admin consent and app assignment experiences.
is_enabled bool
Determines if the app role is enabled. Defaults to true.
role_id str
Specifies a custom UUID for the app role. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
value str
Specifies the value of the roles claim that the application should expect in the authentication and access tokens.

Outputs

All input properties are implicitly available as output properties. Additionally, the ApplicationAppRole resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing ApplicationAppRole Resource

Get an existing ApplicationAppRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ApplicationAppRoleState, opts?: CustomResourceOptions): ApplicationAppRole
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allowed_member_types: Optional[Sequence[str]] = None,
        application_object_id: Optional[str] = None,
        description: Optional[str] = None,
        display_name: Optional[str] = None,
        is_enabled: Optional[bool] = None,
        role_id: Optional[str] = None,
        value: Optional[str] = None) -> ApplicationAppRole
func GetApplicationAppRole(ctx *Context, name string, id IDInput, state *ApplicationAppRoleState, opts ...ResourceOption) (*ApplicationAppRole, error)
public static ApplicationAppRole Get(string name, Input<string> id, ApplicationAppRoleState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowedMemberTypes List<string>
Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in daemon service scenarios) by setting to Application, or to both.
ApplicationObjectId string
The Object ID of the Application for which this App Role should be created. Changing this field forces a new resource to be created.
Description string
Permission help text that appears in the admin app assignment and consent experiences.
DisplayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
IsEnabled bool
Determines if the app role is enabled. Defaults to true.
RoleId string
Specifies a custom UUID for the app role. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
Value string
Specifies the value of the roles claim that the application should expect in the authentication and access tokens.
AllowedMemberTypes []string
Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in daemon service scenarios) by setting to Application, or to both.
ApplicationObjectId string
The Object ID of the Application for which this App Role should be created. Changing this field forces a new resource to be created.
Description string
Permission help text that appears in the admin app assignment and consent experiences.
DisplayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
IsEnabled bool
Determines if the app role is enabled. Defaults to true.
RoleId string
Specifies a custom UUID for the app role. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
Value string
Specifies the value of the roles claim that the application should expect in the authentication and access tokens.
allowedMemberTypes string[]
Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in daemon service scenarios) by setting to Application, or to both.
applicationObjectId string
The Object ID of the Application for which this App Role should be created. Changing this field forces a new resource to be created.
description string
Permission help text that appears in the admin app assignment and consent experiences.
displayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
isEnabled boolean
Determines if the app role is enabled. Defaults to true.
roleId string
Specifies a custom UUID for the app role. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
value string
Specifies the value of the roles claim that the application should expect in the authentication and access tokens.
allowed_member_types Sequence[str]
Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in daemon service scenarios) by setting to Application, or to both.
application_object_id str
The Object ID of the Application for which this App Role should be created. Changing this field forces a new resource to be created.
description str
Permission help text that appears in the admin app assignment and consent experiences.
display_name str
Display name for the permission that appears in the admin consent and app assignment experiences.
is_enabled bool
Determines if the app role is enabled. Defaults to true.
role_id str
Specifies a custom UUID for the app role. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
value str
Specifies the value of the roles claim that the application should expect in the authentication and access tokens.

Import

App Roles can be imported using the object id of an Application and the id of the App Role, e.g.

 $ pulumi import azuread:index/applicationAppRole:ApplicationAppRole test 00000000-0000-0000-0000-000000000000/role/11111111-1111-1111-1111-111111111111

Package Details

Repository
https://github.com/pulumi/pulumi-azuread
License
Apache-2.0
Notes
This Pulumi package is based on the azuread Terraform Provider.