ServicePrincipal

Manages a Service Principal associated with an Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API. Please see The Granting a Service Principal permission to manage AAD for the required steps.

Example Usage

using Pulumi;
using AzureAD = Pulumi.AzureAD;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleApplication = new AzureAD.Application("exampleApplication", new AzureAD.ApplicationArgs
        {
            Homepage = "http://homepage",
            IdentifierUris = 
            {
                "http://uri",
            },
            ReplyUrls = 
            {
                "http://replyurl",
            },
            AvailableToOtherTenants = false,
            Oauth2AllowImplicitFlow = true,
        });
        var exampleServicePrincipal = new AzureAD.ServicePrincipal("exampleServicePrincipal", new AzureAD.ServicePrincipalArgs
        {
            ApplicationId = exampleApplication.ApplicationId,
            AppRoleAssignmentRequired = false,
            Tags = 
            {
                "example",
                "tags",
                "here",
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v4/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleApplication, err := azuread.NewApplication(ctx, "exampleApplication", &azuread.ApplicationArgs{
			Homepage: pulumi.String("http://homepage"),
			IdentifierUris: pulumi.StringArray{
				pulumi.String("http://uri"),
			},
			ReplyUrls: pulumi.StringArray{
				pulumi.String("http://replyurl"),
			},
			AvailableToOtherTenants: pulumi.Bool(false),
			Oauth2AllowImplicitFlow: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = azuread.NewServicePrincipal(ctx, "exampleServicePrincipal", &azuread.ServicePrincipalArgs{
			ApplicationId:             exampleApplication.ApplicationId,
			AppRoleAssignmentRequired: pulumi.Bool(false),
			Tags: pulumi.StringArray{
				pulumi.String("example"),
				pulumi.String("tags"),
				pulumi.String("here"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_azuread as azuread

example_application = azuread.Application("exampleApplication",
    homepage="http://homepage",
    identifier_uris=["http://uri"],
    reply_urls=["http://replyurl"],
    available_to_other_tenants=False,
    oauth2_allow_implicit_flow=True)
example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal",
    application_id=example_application.application_id,
    app_role_assignment_required=False,
    tags=[
        "example",
        "tags",
        "here",
    ])
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const exampleApplication = new azuread.Application("exampleApplication", {
    homepage: "http://homepage",
    identifierUris: ["http://uri"],
    replyUrls: ["http://replyurl"],
    availableToOtherTenants: false,
    oauth2AllowImplicitFlow: true,
});
const exampleServicePrincipal = new azuread.ServicePrincipal("exampleServicePrincipal", {
    applicationId: exampleApplication.applicationId,
    appRoleAssignmentRequired: false,
    tags: [
        "example",
        "tags",
        "here",
    ],
});

Create a ServicePrincipal Resource

new ServicePrincipal(name: string, args: ServicePrincipalArgs, opts?: CustomResourceOptions);
@overload
def ServicePrincipal(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     app_role_assignment_required: Optional[bool] = None,
                     application_id: Optional[str] = None,
                     oauth2_permissions: Optional[Sequence[ServicePrincipalOauth2PermissionArgs]] = None,
                     tags: Optional[Sequence[str]] = None)
@overload
def ServicePrincipal(resource_name: str,
                     args: ServicePrincipalArgs,
                     opts: Optional[ResourceOptions] = None)
func NewServicePrincipal(ctx *Context, name string, args ServicePrincipalArgs, opts ...ResourceOption) (*ServicePrincipal, error)
public ServicePrincipal(string name, ServicePrincipalArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args ServicePrincipalArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ServicePrincipalArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ServicePrincipalArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ServicePrincipalArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

ServicePrincipal Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The ServicePrincipal resource accepts the following input properties:

ApplicationId string
The App ID of the Application for which to create a Service Principal.
AppRoleAssignmentRequired bool
Whether this Service Principal requires an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.
Oauth2Permissions List<Pulumi.AzureAD.Inputs.ServicePrincipalOauth2PermissionArgs>
A collection of OAuth 2.0 permissions exposed by the associated Application. Each permission is covered by an oauth2_permission block as documented below.
Tags List<string>
A list of tags to apply to the Service Principal.
ApplicationId string
The App ID of the Application for which to create a Service Principal.
AppRoleAssignmentRequired bool
Whether this Service Principal requires an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.
Oauth2Permissions []ServicePrincipalOauth2Permission
A collection of OAuth 2.0 permissions exposed by the associated Application. Each permission is covered by an oauth2_permission block as documented below.
Tags []string
A list of tags to apply to the Service Principal.
applicationId string
The App ID of the Application for which to create a Service Principal.
appRoleAssignmentRequired boolean
Whether this Service Principal requires an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.
oauth2Permissions ServicePrincipalOauth2PermissionArgs[]
A collection of OAuth 2.0 permissions exposed by the associated Application. Each permission is covered by an oauth2_permission block as documented below.
tags string[]
A list of tags to apply to the Service Principal.
application_id str
The App ID of the Application for which to create a Service Principal.
app_role_assignment_required bool
Whether this Service Principal requires an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.
oauth2_permissions Sequence[ServicePrincipalOauth2PermissionArgs]
A collection of OAuth 2.0 permissions exposed by the associated Application. Each permission is covered by an oauth2_permission block as documented below.
tags Sequence[str]
A list of tags to apply to the Service Principal.

Outputs

All input properties are implicitly available as output properties. Additionally, the ServicePrincipal resource produces the following output properties:

AppRoles List<Pulumi.AzureAD.Outputs.ServicePrincipalAppRole>
DisplayName string
The Display Name of the Application associated with this Service Principal.
Id string
The provider-assigned unique ID for this managed resource.
ObjectId string
The Object ID of the Service Principal.
AppRoles []ServicePrincipalAppRole
DisplayName string
The Display Name of the Application associated with this Service Principal.
Id string
The provider-assigned unique ID for this managed resource.
ObjectId string
The Object ID of the Service Principal.
appRoles ServicePrincipalAppRole[]
displayName string
The Display Name of the Application associated with this Service Principal.
id string
The provider-assigned unique ID for this managed resource.
objectId string
The Object ID of the Service Principal.
app_roles Sequence[ServicePrincipalAppRole]
display_name str
The Display Name of the Application associated with this Service Principal.
id str
The provider-assigned unique ID for this managed resource.
object_id str
The Object ID of the Service Principal.

Look up an Existing ServicePrincipal Resource

Get an existing ServicePrincipal resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ServicePrincipalState, opts?: CustomResourceOptions): ServicePrincipal
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        app_role_assignment_required: Optional[bool] = None,
        app_roles: Optional[Sequence[ServicePrincipalAppRoleArgs]] = None,
        application_id: Optional[str] = None,
        display_name: Optional[str] = None,
        oauth2_permissions: Optional[Sequence[ServicePrincipalOauth2PermissionArgs]] = None,
        object_id: Optional[str] = None,
        tags: Optional[Sequence[str]] = None) -> ServicePrincipal
func GetServicePrincipal(ctx *Context, name string, id IDInput, state *ServicePrincipalState, opts ...ResourceOption) (*ServicePrincipal, error)
public static ServicePrincipal Get(string name, Input<string> id, ServicePrincipalState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AppRoleAssignmentRequired bool
Whether this Service Principal requires an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.
AppRoles List<Pulumi.AzureAD.Inputs.ServicePrincipalAppRoleArgs>
ApplicationId string
The App ID of the Application for which to create a Service Principal.
DisplayName string
The Display Name of the Application associated with this Service Principal.
Oauth2Permissions List<Pulumi.AzureAD.Inputs.ServicePrincipalOauth2PermissionArgs>
A collection of OAuth 2.0 permissions exposed by the associated Application. Each permission is covered by an oauth2_permission block as documented below.
ObjectId string
The Object ID of the Service Principal.
Tags List<string>
A list of tags to apply to the Service Principal.
AppRoleAssignmentRequired bool
Whether this Service Principal requires an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.
AppRoles []ServicePrincipalAppRole
ApplicationId string
The App ID of the Application for which to create a Service Principal.
DisplayName string
The Display Name of the Application associated with this Service Principal.
Oauth2Permissions []ServicePrincipalOauth2Permission
A collection of OAuth 2.0 permissions exposed by the associated Application. Each permission is covered by an oauth2_permission block as documented below.
ObjectId string
The Object ID of the Service Principal.
Tags []string
A list of tags to apply to the Service Principal.
appRoleAssignmentRequired boolean
Whether this Service Principal requires an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.
appRoles ServicePrincipalAppRoleArgs[]
applicationId string
The App ID of the Application for which to create a Service Principal.
displayName string
The Display Name of the Application associated with this Service Principal.
oauth2Permissions ServicePrincipalOauth2PermissionArgs[]
A collection of OAuth 2.0 permissions exposed by the associated Application. Each permission is covered by an oauth2_permission block as documented below.
objectId string
The Object ID of the Service Principal.
tags string[]
A list of tags to apply to the Service Principal.
app_role_assignment_required bool
Whether this Service Principal requires an AppRoleAssignment to a user or group before Azure AD will issue a user or access token to the application. Defaults to false.
app_roles Sequence[ServicePrincipalAppRoleArgs]
application_id str
The App ID of the Application for which to create a Service Principal.
display_name str
The Display Name of the Application associated with this Service Principal.
oauth2_permissions Sequence[ServicePrincipalOauth2PermissionArgs]
A collection of OAuth 2.0 permissions exposed by the associated Application. Each permission is covered by an oauth2_permission block as documented below.
object_id str
The Object ID of the Service Principal.
tags Sequence[str]
A list of tags to apply to the Service Principal.

Supporting Types

ServicePrincipalAppRole

AllowedMemberTypes List<string>
Description string
DisplayName string
The Display Name of the Application associated with this Service Principal.
Id string
The unique identifier for one of the OAuth2Permission.
IsEnabled bool
Is this permission enabled?
Value string
The name of this permission.
AllowedMemberTypes []string
Description string
DisplayName string
The Display Name of the Application associated with this Service Principal.
Id string
The unique identifier for one of the OAuth2Permission.
IsEnabled bool
Is this permission enabled?
Value string
The name of this permission.
allowedMemberTypes string[]
description string
displayName string
The Display Name of the Application associated with this Service Principal.
id string
The unique identifier for one of the OAuth2Permission.
isEnabled boolean
Is this permission enabled?
value string
The name of this permission.
allowed_member_types Sequence[str]
description str
display_name str
The Display Name of the Application associated with this Service Principal.
id str
The unique identifier for one of the OAuth2Permission.
is_enabled bool
Is this permission enabled?
value str
The name of this permission.

ServicePrincipalOauth2Permission

AdminConsentDescription string
The description of the admin consent.
AdminConsentDisplayName string
The display name of the admin consent.
Id string
The unique identifier for one of the OAuth2Permission.
IsEnabled bool
Is this permission enabled?
Type string
The type of the permission.
UserConsentDescription string
The description of the user consent.
UserConsentDisplayName string
The display name of the user consent.
Value string
The name of this permission.
AdminConsentDescription string
The description of the admin consent.
AdminConsentDisplayName string
The display name of the admin consent.
Id string
The unique identifier for one of the OAuth2Permission.
IsEnabled bool
Is this permission enabled?
Type string
The type of the permission.
UserConsentDescription string
The description of the user consent.
UserConsentDisplayName string
The display name of the user consent.
Value string
The name of this permission.
adminConsentDescription string
The description of the admin consent.
adminConsentDisplayName string
The display name of the admin consent.
id string
The unique identifier for one of the OAuth2Permission.
isEnabled boolean
Is this permission enabled?
type string
The type of the permission.
userConsentDescription string
The description of the user consent.
userConsentDisplayName string
The display name of the user consent.
value string
The name of this permission.
admin_consent_description str
The description of the admin consent.
admin_consent_display_name str
The display name of the admin consent.
id str
The unique identifier for one of the OAuth2Permission.
is_enabled bool
Is this permission enabled?
type str
The type of the permission.
user_consent_description str
The description of the user consent.
user_consent_display_name str
The display name of the user consent.
value str
The name of this permission.

Import

Azure Active Directory Service Principals can be imported using the object id, e.g.

 $ pulumi import azuread:index/servicePrincipal:ServicePrincipal test 00000000-0000-0000-0000-000000000000

Package Details

Repository
https://github.com/pulumi/pulumi-azuread
License
Apache-2.0
Notes
This Pulumi package is based on the azuread Terraform Provider.