ServicePrincipalPassword

Manages a Password associated with a Service Principal within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API.

Example Usage

using Pulumi;
using AzureAD = Pulumi.AzureAD;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleApplication = new AzureAD.Application("exampleApplication", new AzureAD.ApplicationArgs
        {
        });
        var exampleServicePrincipal = new AzureAD.ServicePrincipal("exampleServicePrincipal", new AzureAD.ServicePrincipalArgs
        {
            ApplicationId = exampleApplication.ApplicationId,
        });
        var exampleServicePrincipalPassword = new AzureAD.ServicePrincipalPassword("exampleServicePrincipalPassword", new AzureAD.ServicePrincipalPasswordArgs
        {
            ServicePrincipalId = exampleServicePrincipal.Id,
            Description = "My managed password",
            Value = "VT=uSgbTanZhyz@%nL9Hpd+Tfay_MRV#",
            EndDate = "2099-01-01T01:02:03Z",
        });
    }

}
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-azuread/sdk/v4/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleApplication, err := azuread.NewApplication(ctx, "exampleApplication", nil)
		if err != nil {
			return err
		}
		exampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, "exampleServicePrincipal", &azuread.ServicePrincipalArgs{
			ApplicationId: exampleApplication.ApplicationId,
		})
		if err != nil {
			return err
		}
		_, err = azuread.NewServicePrincipalPassword(ctx, "exampleServicePrincipalPassword", &azuread.ServicePrincipalPasswordArgs{
			ServicePrincipalId: exampleServicePrincipal.ID(),
			Description:        pulumi.String("My managed password"),
			Value:              pulumi.String(fmt.Sprintf("%v%v%v", "VT=uSgbTanZhyz@", "%", "nL9Hpd+Tfay_MRV#")),
			EndDate:            pulumi.String("2099-01-01T01:02:03Z"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_azuread as azuread

example_application = azuread.Application("exampleApplication")
example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal", application_id=example_application.application_id)
example_service_principal_password = azuread.ServicePrincipalPassword("exampleServicePrincipalPassword",
    service_principal_id=example_service_principal.id,
    description="My managed password",
    value="VT=uSgbTanZhyz@%nL9Hpd+Tfay_MRV#",
    end_date="2099-01-01T01:02:03Z")
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const exampleApplication = new azuread.Application("exampleApplication", {});
const exampleServicePrincipal = new azuread.ServicePrincipal("exampleServicePrincipal", {applicationId: exampleApplication.applicationId});
const exampleServicePrincipalPassword = new azuread.ServicePrincipalPassword("exampleServicePrincipalPassword", {
    servicePrincipalId: exampleServicePrincipal.id,
    description: "My managed password",
    value: `VT=uSgbTanZhyz@%nL9Hpd+Tfay_MRV#`,
    endDate: "2099-01-01T01:02:03Z",
});

Create a ServicePrincipalPassword Resource

new ServicePrincipalPassword(name: string, args: ServicePrincipalPasswordArgs, opts?: CustomResourceOptions);
@overload
def ServicePrincipalPassword(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             description: Optional[str] = None,
                             end_date: Optional[str] = None,
                             end_date_relative: Optional[str] = None,
                             key_id: Optional[str] = None,
                             service_principal_id: Optional[str] = None,
                             start_date: Optional[str] = None,
                             value: Optional[str] = None)
@overload
def ServicePrincipalPassword(resource_name: str,
                             args: ServicePrincipalPasswordArgs,
                             opts: Optional[ResourceOptions] = None)
func NewServicePrincipalPassword(ctx *Context, name string, args ServicePrincipalPasswordArgs, opts ...ResourceOption) (*ServicePrincipalPassword, error)
public ServicePrincipalPassword(string name, ServicePrincipalPasswordArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args ServicePrincipalPasswordArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ServicePrincipalPasswordArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ServicePrincipalPasswordArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ServicePrincipalPasswordArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

ServicePrincipalPassword Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The ServicePrincipalPassword resource accepts the following input properties:

ServicePrincipalId string
The ID of the Service Principal for which this password should be created. Changing this field forces a new resource to be created.
Value string
The Password for this Service Principal.
Description string
A description for the Password.
EndDate string
The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
EndDateRelative string
A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. Changing this field forces a new resource to be created.
KeyId string
A GUID used to uniquely identify this Key. If not specified a GUID will be created. Changing this field forces a new resource to be created.
StartDate string
The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn’t specified, the current date is used. Changing this field forces a new resource to be created.
ServicePrincipalId string
The ID of the Service Principal for which this password should be created. Changing this field forces a new resource to be created.
Value string
The Password for this Service Principal.
Description string
A description for the Password.
EndDate string
The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
EndDateRelative string
A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. Changing this field forces a new resource to be created.
KeyId string
A GUID used to uniquely identify this Key. If not specified a GUID will be created. Changing this field forces a new resource to be created.
StartDate string
The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn’t specified, the current date is used. Changing this field forces a new resource to be created.
servicePrincipalId string
The ID of the Service Principal for which this password should be created. Changing this field forces a new resource to be created.
value string
The Password for this Service Principal.
description string
A description for the Password.
endDate string
The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
endDateRelative string
A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. Changing this field forces a new resource to be created.
keyId string
A GUID used to uniquely identify this Key. If not specified a GUID will be created. Changing this field forces a new resource to be created.
startDate string
The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn’t specified, the current date is used. Changing this field forces a new resource to be created.
service_principal_id str
The ID of the Service Principal for which this password should be created. Changing this field forces a new resource to be created.
value str
The Password for this Service Principal.
description str
A description for the Password.
end_date str
The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
end_date_relative str
A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. Changing this field forces a new resource to be created.
key_id str
A GUID used to uniquely identify this Key. If not specified a GUID will be created. Changing this field forces a new resource to be created.
start_date str
The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn’t specified, the current date is used. Changing this field forces a new resource to be created.

Outputs

All input properties are implicitly available as output properties. Additionally, the ServicePrincipalPassword resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing ServicePrincipalPassword Resource

Get an existing ServicePrincipalPassword resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ServicePrincipalPasswordState, opts?: CustomResourceOptions): ServicePrincipalPassword
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description: Optional[str] = None,
        end_date: Optional[str] = None,
        end_date_relative: Optional[str] = None,
        key_id: Optional[str] = None,
        service_principal_id: Optional[str] = None,
        start_date: Optional[str] = None,
        value: Optional[str] = None) -> ServicePrincipalPassword
func GetServicePrincipalPassword(ctx *Context, name string, id IDInput, state *ServicePrincipalPasswordState, opts ...ResourceOption) (*ServicePrincipalPassword, error)
public static ServicePrincipalPassword Get(string name, Input<string> id, ServicePrincipalPasswordState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Description string
A description for the Password.
EndDate string
The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
EndDateRelative string
A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. Changing this field forces a new resource to be created.
KeyId string
A GUID used to uniquely identify this Key. If not specified a GUID will be created. Changing this field forces a new resource to be created.
ServicePrincipalId string
The ID of the Service Principal for which this password should be created. Changing this field forces a new resource to be created.
StartDate string
The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn’t specified, the current date is used. Changing this field forces a new resource to be created.
Value string
The Password for this Service Principal.
Description string
A description for the Password.
EndDate string
The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
EndDateRelative string
A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. Changing this field forces a new resource to be created.
KeyId string
A GUID used to uniquely identify this Key. If not specified a GUID will be created. Changing this field forces a new resource to be created.
ServicePrincipalId string
The ID of the Service Principal for which this password should be created. Changing this field forces a new resource to be created.
StartDate string
The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn’t specified, the current date is used. Changing this field forces a new resource to be created.
Value string
The Password for this Service Principal.
description string
A description for the Password.
endDate string
The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
endDateRelative string
A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. Changing this field forces a new resource to be created.
keyId string
A GUID used to uniquely identify this Key. If not specified a GUID will be created. Changing this field forces a new resource to be created.
servicePrincipalId string
The ID of the Service Principal for which this password should be created. Changing this field forces a new resource to be created.
startDate string
The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn’t specified, the current date is used. Changing this field forces a new resource to be created.
value string
The Password for this Service Principal.
description str
A description for the Password.
end_date str
The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.
end_date_relative str
A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. Changing this field forces a new resource to be created.
key_id str
A GUID used to uniquely identify this Key. If not specified a GUID will be created. Changing this field forces a new resource to be created.
service_principal_id str
The ID of the Service Principal for which this password should be created. Changing this field forces a new resource to be created.
start_date str
The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn’t specified, the current date is used. Changing this field forces a new resource to be created.
value str
The Password for this Service Principal.

Import

Passwords can be imported using the object id of a Service Principal and the key id of the password, e.g.

 $ pulumi import azuread:index/servicePrincipalPassword:ServicePrincipalPassword test 00000000-0000-0000-0000-000000000000/password/11111111-1111-1111-1111-111111111111

Package Details

Repository
https://github.com/pulumi/pulumi-azuread
License
Apache-2.0
Notes
This Pulumi package is based on the azuread Terraform Provider.