Package @pulumi/azuread

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-azuread repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-azuread repo.

var azuread = require("@pulumi/azuread");
import * as azuread from "@pulumi/azuread";

Modules ▾

class Application

extends CustomResource

Manages an Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = new azuread.Application("example", {
    appRoles: [{
        allowedMemberTypes: [
            "User",
            "Application",
        ],
        description: "Admins can manage roles and perform all task actions",
        displayName: "Admin",
        isEnabled: true,
        value: "Admin",
    }],
    availableToOtherTenants: false,
    homepage: "https://homepage",
    identifierUris: ["https://uri"],
    oauth2AllowImplicitFlow: true,
    replyUrls: ["https://replyurl"],
    requiredResourceAccesses: [
        {
            resourceAccesses: [
                {
                    id: "...",
                    type: "Role",
                },
                {
                    id: "...",
                    type: "Scope",
                },
                {
                    id: "...",
                    type: "Scope",
                },
            ],
            resourceAppId: "00000003-0000-0000-c000-000000000000",
        },
        {
            resourceAccesses: [{
                id: "...",
                type: "Scope",
            }],
            resourceAppId: "00000002-0000-0000-c000-000000000000",
        },
    ],
    type: "webapp/api",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-azuread/blob/master/website/docs/r/application.html.markdown.

constructor

new Application(name: string, args?: ApplicationArgs, opts?: pulumi.CustomResourceOptions)

Create a Application resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ApplicationState, opts?: pulumi.CustomResourceOptions): Application

Get an existing Application resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Application. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property appRoles

public appRoles: pulumi.Output<{
    allowedMemberTypes: string[];
    description: string;
    displayName: string;
    id: string;
    isEnabled: undefined | false | true;
    value: string;
}[] | undefined>;

A collection of appRole blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles

property applicationId

public applicationId: pulumi.Output<string>;

The Application ID.

property availableToOtherTenants

public availableToOtherTenants: pulumi.Output<boolean | undefined>;

Is this Azure AD Application available to other tenants? Defaults to false.

property groupMembershipClaims

public groupMembershipClaims: pulumi.Output<string | undefined>;

Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup or All.

property homepage

public homepage: pulumi.Output<string>;

The URL to the application’s home page. If no homepage is specified this defaults to https://{name}.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identifierUris

public identifierUris: pulumi.Output<string[]>;

A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.

property name

public name: pulumi.Output<string>;

The display name for the application.

property oauth2AllowImplicitFlow

public oauth2AllowImplicitFlow: pulumi.Output<boolean | undefined>;

Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.

property oauth2Permissions

public oauth2Permissions: pulumi.Output<{
    adminConsentDescription: string;
    adminConsentDisplayName: string;
    id: string;
    isEnabled: boolean;
    type: string;
    userConsentDescription: string;
    userConsentDisplayName: string;
    value: string;
}[]>;

A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by a oauth2Permission block as documented below.

property objectId

public objectId: pulumi.Output<string>;

The Application’s Object ID.

property publicClient

public publicClient: pulumi.Output<boolean>;

Is this Azure AD Application a public client? Defaults to false.

property replyUrls

public replyUrls: pulumi.Output<string[]>;

A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.

property requiredResourceAccesses

public requiredResourceAccesses: pulumi.Output<{
    resourceAccesses: {
        id: string;
        type: string;
    }[];
    resourceAppId: string;
}[] | undefined>;

A collection of requiredResourceAccess blocks as documented below.

property type

public type: pulumi.Output<string | undefined>;

Specifies whether the id property references an OAuth2Permission or an AppRole. Possible values are Scope or Role.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class ApplicationPassword

extends CustomResource

Manages a Password associated with an Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const exampleApplication = new azuread.Application("example", {
    availableToOtherTenants: false,
    homepage: "http://homepage",
    identifierUris: ["http://uri"],
    oauth2AllowImplicitFlow: true,
    replyUrls: ["http://replyurl"],
});
const exampleApplicationPassword = new azuread.ApplicationPassword("example", {
    applicationId: exampleApplication.id,
    endDate: "2020-01-01T01:02:03Z",
    value: "VT=uSgbTanZhyz@%nL9Hpd+Tfay_MRV#",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-azuread/blob/master/website/docs/r/application_password.html.markdown.

constructor

new ApplicationPassword(name: string, args: ApplicationPasswordArgs, opts?: pulumi.CustomResourceOptions)

Create a ApplicationPassword resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ApplicationPasswordState, opts?: pulumi.CustomResourceOptions): ApplicationPassword

Get an existing ApplicationPassword resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of ApplicationPassword. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property applicationId

public applicationId: pulumi.Output<string>;

property applicationObjectId

public applicationObjectId: pulumi.Output<string>;

The Object ID of the Application for which this password should be created. Changing this field forces a new resource to be created.

property endDate

public endDate: pulumi.Output<string>;

The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

public endDateRelative: pulumi.Output<string | undefined>;

A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyId

public keyId: pulumi.Output<string>;

A GUID used to uniquely identify this Password. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property startDate

public startDate: pulumi.Output<string>;

The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn’t specified, the current date is used. Changing this field forces a new resource to be created.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property value

public value: pulumi.Output<string>;

The Password for this Application .

class Group

extends CustomResource

This content is derived from https://github.com/terraform-providers/terraform-provider-azuread/blob/master/website/docs/r/group.html.markdown.

constructor

new Group(name: string, args?: GroupArgs, opts?: pulumi.CustomResourceOptions)

Create a Group resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupState, opts?: pulumi.CustomResourceOptions): Group

Get an existing Group resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Group. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

A set of members who should be present in this Group. Supported Object types are Users, Groups or Service Principals.

property name

public name: pulumi.Output<string>;

The display name for the Group. Changing this forces a new resource to be created.

property objectId

public objectId: pulumi.Output<string>;

property owners

public owners: pulumi.Output<string[]>;

A set of owners who own this Group. Supported Object types are Users or Service Principals.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class GroupMember

extends CustomResource

Manages a single Group Membership within Azure Active Directory.

NOTE: Do not use this resource at the same time as azuread_group.members.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const exampleGroup = new azuread.Group("example", {});
const exampleUser = pulumi.output(azuread.getUser({
    userPrincipalName: "jdoe@hashicorp.com",
}));
const exampleGroupMember = new azuread.GroupMember("example", {
    groupObjectId: exampleGroup.id,
    memberObjectId: exampleUser.id,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-azuread/blob/master/website/docs/r/group_member.html.markdown.

constructor

new GroupMember(name: string, args: GroupMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a GroupMember resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupMemberState, opts?: pulumi.CustomResourceOptions): GroupMember

Get an existing GroupMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of GroupMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property groupObjectId

public groupObjectId: pulumi.Output<string>;

The Object ID of the Azure AD Group you want to add the Member to. Changing this forces a new resource to be created.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property memberObjectId

public memberObjectId: pulumi.Output<string>;

The Object ID of the Azure AD Object you want to add as a Member to the Group. Supported Object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Provider

extends ProviderResource

The provider type for the azuread package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.

This content is derived from https://github.com/terraform-providers/terraform-provider-azuread/blob/master/website/docs/index.html.markdown.

constructor

new Provider(name: string, args?: ProviderArgs, opts?: pulumi.ResourceOptions)

Create a Provider resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Provider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class ServicePrincipal

extends CustomResource

Manages a Service Principal associated with an Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API. Please see The Granting a Service Principal permission to manage AAD for the required steps.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const exampleApplication = new azuread.Application("example", {
    availableToOtherTenants: false,
    homepage: "http://homepage",
    identifierUris: ["http://uri"],
    oauth2AllowImplicitFlow: true,
    replyUrls: ["http://replyurl"],
});
const exampleServicePrincipal = new azuread.ServicePrincipal("example", {
    applicationId: exampleApplication.applicationId,
    tags: [
        "example",
        "tags",
        "here",
    ],
});

This content is derived from https://github.com/terraform-providers/terraform-provider-azuread/blob/master/website/docs/r/service_principal.html.markdown.

constructor

new ServicePrincipal(name: string, args: ServicePrincipalArgs, opts?: pulumi.CustomResourceOptions)

Create a ServicePrincipal resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServicePrincipalState, opts?: pulumi.CustomResourceOptions): ServicePrincipal

Get an existing ServicePrincipal resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of ServicePrincipal. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property applicationId

public applicationId: pulumi.Output<string>;

The ID of the Azure AD Application for which to create a Service Principal.

property displayName

public displayName: pulumi.Output<string>;

The Display Name of the Azure Active Directory Application associated with this Service Principal.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property oauth2Permissions

public oauth2Permissions: pulumi.Output<{
    adminConsentDescription: string;
    adminConsentDisplayName: string;
    id: string;
    isEnabled: boolean;
    type: string;
    userConsentDescription: string;
    userConsentDisplayName: string;
    value: string;
}[]>;

A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a oauth2Permission block as documented below.

property objectId

public objectId: pulumi.Output<string>;

The Service Principal’s Object ID.

property tags

public tags: pulumi.Output<string[] | undefined>;

A list of tags to apply to the Service Principal.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class ServicePrincipalPassword

extends CustomResource

Manages a Password associated with a Service Principal within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const exampleApplication = new azuread.Application("example", {
    availableToOtherTenants: false,
    homepage: "http://homepage",
    identifierUris: ["http://uri"],
    oauth2AllowImplicitFlow: true,
    replyUrls: ["http://replyurl"],
});
const exampleServicePrincipalPassword = new azuread.ServicePrincipalPassword("example", {
    endDate: "2020-01-01T01:02:03Z",
    servicePrincipalId: azuread_service_principal_test.id,
    value: "VT=uSgbTanZhyz@%nL9Hpd+Tfay_MRV#",
});
const exampleServicePrincipal = new azuread.ServicePrincipal("example", {
    applicationId: exampleApplication.applicationId,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-azuread/blob/master/website/docs/r/service_principal_password.html.markdown.

constructor

new ServicePrincipalPassword(name: string, args: ServicePrincipalPasswordArgs, opts?: pulumi.CustomResourceOptions)

Create a ServicePrincipalPassword resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServicePrincipalPasswordState, opts?: pulumi.CustomResourceOptions): ServicePrincipalPassword

Get an existing ServicePrincipalPassword resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of ServicePrincipalPassword. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property endDate

public endDate: pulumi.Output<string>;

The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

public endDateRelative: pulumi.Output<string | undefined>;

A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyId

public keyId: pulumi.Output<string>;

A GUID used to uniquely identify this Key. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property servicePrincipalId

public servicePrincipalId: pulumi.Output<string>;

The ID of the Service Principal for which this password should be created. Changing this field forces a new resource to be created.

property startDate

public startDate: pulumi.Output<string>;

The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn’t specified, the current date is used. Changing this field forces a new resource to be created.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property value

public value: pulumi.Output<string>;

The Password for this Service Principal.

class User

extends CustomResource

Manages a User within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to Directory.ReadWrite.All within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = new azuread.User("example", {
    displayName: "J. Doe",
    mailNickname: "jdoe",
    password: "SecretP@sswd99!",
    userPrincipalName: "jdo@hashicorp.com",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-azuread/blob/master/website/docs/r/user.html.markdown.

constructor

new User(name: string, args: UserArgs, opts?: pulumi.CustomResourceOptions)

Create a User resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserState, opts?: pulumi.CustomResourceOptions): User

Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of User. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountEnabled

public accountEnabled: pulumi.Output<boolean | undefined>;

true if the account should be enabled, otherwise false. Defaults to true. * mailNickname- (Optional) The mail alias for the user. Defaults to the user name part of the User Principal Name.

property displayName

public displayName: pulumi.Output<string>;

The name to display in the address book for the user.

property forcePasswordChange

public forcePasswordChange: pulumi.Output<boolean | undefined>;

true if the User is forced to change the password during the next sign-in. Defaults to false.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property mail

public mail: pulumi.Output<string>;

The primary email address of the Azure AD User.

property mailNickname

public mailNickname: pulumi.Output<string>;

property objectId

public objectId: pulumi.Output<string>;

The Object ID of the Azure AD User.

property password

public password: pulumi.Output<string>;

The password for the User. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userPrincipalName

public userPrincipalName: pulumi.Output<string>;

The User Principal Name of the Azure AD User.

function getApplication

getApplication(args?: GetApplicationArgs, opts?: pulumi.InvokeOptions): Promise<GetApplicationResult> & GetApplicationResult

Use this data source to access information about an existing Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = pulumi.output(azuread.getApplication({
    name: "My First AzureAD Application",
}));

export const azureAdObjectId = example.id;

This content is derived from https://github.com/terraform-providers/terraform-provider-azuread/blob/master/website/docs/d/application.html.markdown.

function getDomains

getDomains(args?: GetDomainsArgs, opts?: pulumi.InvokeOptions): Promise<GetDomainsResult> & GetDomainsResult

Use this data source to access information about an existing Domains within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to Directory.Read.All within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const aadDomains = pulumi.output(azuread.getDomains({}));

export const domains = aadDomains.domains;

This content is derived from https://github.com/terraform-providers/terraform-provider-azuread/blob/master/website/docs/d/domains.html.markdown.

function getEnv

getEnv(vars: string[]): string | undefined

function getEnvBoolean

getEnvBoolean(vars: string[]): boolean | undefined

function getEnvNumber

getEnvNumber(vars: string[]): number | undefined

function getGroup

getGroup(args?: GetGroupArgs, opts?: pulumi.InvokeOptions): Promise<GetGroupResult> & GetGroupResult

Gets information about an Azure Active Directory group.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to Read directory data within the Windows Azure Active Directory API.

Example Usage (by Group Display Name)

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = pulumi.output(azuread.getGroup({
    name: "A-AD-Group",
}));

This content is derived from https://github.com/terraform-providers/terraform-provider-azuread/blob/master/website/docs/d/group.html.markdown.

function getGroups

getGroups(args?: GetGroupsArgs, opts?: pulumi.InvokeOptions): Promise<GetGroupsResult> & GetGroupsResult

Gets Object IDs or Display Names for multiple Azure Active Directory groups.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to Read directory data within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const groups = pulumi.output(azuread.getGroups({
    names: [
        "group-a",
        "group-b",
    ],
}));

This content is derived from https://github.com/terraform-providers/terraform-provider-azuread/blob/master/website/docs/d/groups.html.markdown.

function getServicePrincipal

getServicePrincipal(args?: GetServicePrincipalArgs, opts?: pulumi.InvokeOptions): Promise<GetServicePrincipalResult> & GetServicePrincipalResult

Gets information about an existing Service Principal associated with an Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API.

Example Usage (by Application Display Name)

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = pulumi.output(azuread.getServicePrincipal({
    displayName: "my-awesome-application",
}));

Example Usage (by Application ID)

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = pulumi.output(azuread.getServicePrincipal({
    applicationId: "00000000-0000-0000-0000-000000000000",
}));

Example Usage (by Object ID)

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = pulumi.output(azuread.getServicePrincipal({
    objectId: "00000000-0000-0000-0000-000000000000",
}));

This content is derived from https://github.com/terraform-providers/terraform-provider-azuread/blob/master/website/docs/d/service_principal.html.markdown.

function getUser

getUser(args?: GetUserArgs, opts?: pulumi.InvokeOptions): Promise<GetUserResult> & GetUserResult

Gets information about an Azure Active Directory user.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to Read directory data within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = pulumi.output(azuread.getUser({
    userPrincipalName: "user@hashicorp.com",
}));

This content is derived from https://github.com/terraform-providers/terraform-provider-azuread/blob/master/website/docs/d/user.html.markdown.

function getUsers

getUsers(args?: GetUsersArgs, opts?: pulumi.InvokeOptions): Promise<GetUsersResult> & GetUsersResult

Gets Object IDs or UPNs for multiple Azure Active Directory users.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to Read directory data within the Windows Azure Active Directory API.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const users = pulumi.output(azuread.getUsers({
    userPrincipalName: [
        "kat@hashicorp.com",
        "byte@hashicorp.com",
    ],
}));

This content is derived from https://github.com/terraform-providers/terraform-provider-azuread/blob/master/website/docs/d/users.html.markdown.

function getVersion

getVersion(): string

interface ApplicationArgs

The set of arguments for constructing a Application resource.

property appRoles

appRoles?: pulumi.Input<pulumi.Input<{
    allowedMemberTypes: pulumi.Input<pulumi.Input<string>[]>;
    description: pulumi.Input<string>;
    displayName: pulumi.Input<string>;
    id: pulumi.Input<string>;
    isEnabled: pulumi.Input<boolean>;
    value: pulumi.Input<string>;
}>[]>;

A collection of appRole blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles

property availableToOtherTenants

availableToOtherTenants?: pulumi.Input<boolean>;

Is this Azure AD Application available to other tenants? Defaults to false.

property groupMembershipClaims

groupMembershipClaims?: pulumi.Input<string>;

Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup or All.

property homepage

homepage?: pulumi.Input<string>;

The URL to the application’s home page. If no homepage is specified this defaults to https://{name}.

property identifierUris

identifierUris?: pulumi.Input<pulumi.Input<string>[]>;

A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.

property name

name?: pulumi.Input<string>;

The display name for the application.

property oauth2AllowImplicitFlow

oauth2AllowImplicitFlow?: pulumi.Input<boolean>;

Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.

property oauth2Permissions

oauth2Permissions?: pulumi.Input<pulumi.Input<{
    adminConsentDescription: pulumi.Input<string>;
    adminConsentDisplayName: pulumi.Input<string>;
    id: pulumi.Input<string>;
    isEnabled: pulumi.Input<boolean>;
    type: pulumi.Input<string>;
    userConsentDescription: pulumi.Input<string>;
    userConsentDisplayName: pulumi.Input<string>;
    value: pulumi.Input<string>;
}>[]>;

A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by a oauth2Permission block as documented below.

property publicClient

publicClient?: pulumi.Input<boolean>;

Is this Azure AD Application a public client? Defaults to false.

property replyUrls

replyUrls?: pulumi.Input<pulumi.Input<string>[]>;

A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.

property requiredResourceAccesses

requiredResourceAccesses?: pulumi.Input<pulumi.Input<{
    resourceAccesses: pulumi.Input<pulumi.Input<{
        id: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>[]>;
    resourceAppId: pulumi.Input<string>;
}>[]>;

A collection of requiredResourceAccess blocks as documented below.

property type

type?: pulumi.Input<string>;

Specifies whether the id property references an OAuth2Permission or an AppRole. Possible values are Scope or Role.

interface ApplicationPasswordArgs

The set of arguments for constructing a ApplicationPassword resource.

property applicationId

applicationId?: pulumi.Input<string>;

property applicationObjectId

applicationObjectId?: pulumi.Input<string>;

The Object ID of the Application for which this password should be created. Changing this field forces a new resource to be created.

property endDate

endDate?: pulumi.Input<string>;

The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

endDateRelative?: pulumi.Input<string>;

A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

property keyId

keyId?: pulumi.Input<string>;

A GUID used to uniquely identify this Password. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property startDate

startDate?: pulumi.Input<string>;

The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn’t specified, the current date is used. Changing this field forces a new resource to be created.

property value

value: pulumi.Input<string>;

The Password for this Application .

interface ApplicationPasswordState

Input properties used for looking up and filtering ApplicationPassword resources.

property applicationId

applicationId?: pulumi.Input<string>;

property applicationObjectId

applicationObjectId?: pulumi.Input<string>;

The Object ID of the Application for which this password should be created. Changing this field forces a new resource to be created.

property endDate

endDate?: pulumi.Input<string>;

The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

endDateRelative?: pulumi.Input<string>;

A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

property keyId

keyId?: pulumi.Input<string>;

A GUID used to uniquely identify this Password. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property startDate

startDate?: pulumi.Input<string>;

The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn’t specified, the current date is used. Changing this field forces a new resource to be created.

property value

value?: pulumi.Input<string>;

The Password for this Application .

interface ApplicationState

Input properties used for looking up and filtering Application resources.

property appRoles

appRoles?: pulumi.Input<pulumi.Input<{
    allowedMemberTypes: pulumi.Input<pulumi.Input<string>[]>;
    description: pulumi.Input<string>;
    displayName: pulumi.Input<string>;
    id: pulumi.Input<string>;
    isEnabled: pulumi.Input<boolean>;
    value: pulumi.Input<string>;
}>[]>;

A collection of appRole blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles

property applicationId

applicationId?: pulumi.Input<string>;

The Application ID.

property availableToOtherTenants

availableToOtherTenants?: pulumi.Input<boolean>;

Is this Azure AD Application available to other tenants? Defaults to false.

property groupMembershipClaims

groupMembershipClaims?: pulumi.Input<string>;

Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup or All.

property homepage

homepage?: pulumi.Input<string>;

The URL to the application’s home page. If no homepage is specified this defaults to https://{name}.

property identifierUris

identifierUris?: pulumi.Input<pulumi.Input<string>[]>;

A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.

property name

name?: pulumi.Input<string>;

The display name for the application.

property oauth2AllowImplicitFlow

oauth2AllowImplicitFlow?: pulumi.Input<boolean>;

Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.

property oauth2Permissions

oauth2Permissions?: pulumi.Input<pulumi.Input<{
    adminConsentDescription: pulumi.Input<string>;
    adminConsentDisplayName: pulumi.Input<string>;
    id: pulumi.Input<string>;
    isEnabled: pulumi.Input<boolean>;
    type: pulumi.Input<string>;
    userConsentDescription: pulumi.Input<string>;
    userConsentDisplayName: pulumi.Input<string>;
    value: pulumi.Input<string>;
}>[]>;

A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by a oauth2Permission block as documented below.

property objectId

objectId?: pulumi.Input<string>;

The Application’s Object ID.

property publicClient

publicClient?: pulumi.Input<boolean>;

Is this Azure AD Application a public client? Defaults to false.

property replyUrls

replyUrls?: pulumi.Input<pulumi.Input<string>[]>;

A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.

property requiredResourceAccesses

requiredResourceAccesses?: pulumi.Input<pulumi.Input<{
    resourceAccesses: pulumi.Input<pulumi.Input<{
        id: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>[]>;
    resourceAppId: pulumi.Input<string>;
}>[]>;

A collection of requiredResourceAccess blocks as documented below.

property type

type?: pulumi.Input<string>;

Specifies whether the id property references an OAuth2Permission or an AppRole. Possible values are Scope or Role.

interface GetApplicationArgs

A collection of arguments for invoking getApplication.

property appRoles

appRoles?: {
    allowedMemberTypes: string[];
    description: undefined | string;
    displayName: undefined | string;
    id: undefined | string;
    isEnabled: undefined | false | true;
    value: undefined | string;
}[];

property name

name?: undefined | string;

Specifies the name of the Application within Azure Active Directory.

property oauth2Permissions

oauth2Permissions?: {
    adminConsentDescription: undefined | string;
    adminConsentDisplayName: undefined | string;
    id: undefined | string;
    isEnabled: undefined | false | true;
    type: undefined | string;
    userConsentDescription: undefined | string;
    userConsentDisplayName: undefined | string;
    value: undefined | string;
}[];

property objectId

objectId?: undefined | string;

Specifies the Object ID of the Application within Azure Active Directory.

interface GetApplicationResult

A collection of values returned by getApplication.

property appRoles

appRoles: {
    allowedMemberTypes: string[];
    description: string;
    displayName: string;
    id: string;
    isEnabled: boolean;
    value: string;
}[];

A collection of appRole blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles

property applicationId

applicationId: string;

the Application ID of the Azure Active Directory Application.

property availableToOtherTenants

availableToOtherTenants: boolean;

Is this Azure AD Application available to other tenants?

property groupMembershipClaims

groupMembershipClaims: string;

The groups claim issued in a user or OAuth 2.0 access token that the app expects.

property homepage

homepage: string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property identifierUris

identifierUris: string[];

A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.

property name

name: string;

property oauth2AllowImplicitFlow

oauth2AllowImplicitFlow: boolean;

Does this Azure AD Application allow OAuth2.0 implicit flow tokens?

property oauth2Permissions

oauth2Permissions: {
    adminConsentDescription: string;
    adminConsentDisplayName: string;
    id: string;
    isEnabled: boolean;
    type: string;
    userConsentDescription: string;
    userConsentDisplayName: string;
    value: string;
}[];

A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by a oauth2Permission block as documented below.

property objectId

objectId: string;

the Object ID of the Azure Active Directory Application.

property replyUrls

replyUrls: string[];

A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.

property requiredResourceAccesses

requiredResourceAccesses: {
    resourceAccesses: {
        id: string;
        type: string;
    }[];
    resourceAppId: string;
}[];

A collection of requiredResourceAccess blocks as documented below.

property type

type: string;

The type of the permission

interface GetDomainsArgs

A collection of arguments for invoking getDomains.

property includeUnverified

includeUnverified?: undefined | false | true;

Set to true if unverified Azure AD Domains should be included. Defaults to false.

property onlyDefault

onlyDefault?: undefined | false | true;

Set to true to only return the default domain.

property onlyInitial

onlyInitial?: undefined | false | true;

Set to true to only return the initial domain, which is your primary Azure Active Directory tenant domain. Defaults to false.

interface GetDomainsResult

A collection of values returned by getDomains.

property domains

domains: {
    authenticationType: string;
    domainName: string;
    isDefault: boolean;
    isInitial: boolean;
    isVerified: boolean;
}[];

One or more domain blocks as defined below.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property includeUnverified

includeUnverified?: undefined | false | true;

property onlyDefault

onlyDefault?: undefined | false | true;

property onlyInitial

onlyInitial?: undefined | false | true;

interface GetGroupArgs

A collection of arguments for invoking getGroup.

property name

name?: undefined | string;

The Name of the AD Group we want to lookup.

property objectId

objectId?: undefined | string;

Specifies the Object ID of the AD Group within Azure Active Directory.

interface GetGroupResult

A collection of values returned by getGroup.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property members

members: string[];

property name

name: string;

property objectId

objectId: string;

property owners

owners: string[];

interface GetGroupsArgs

A collection of arguments for invoking getGroups.

property names

names?: string[];

The Display Names of the Azure AD Groups.

property objectIds

objectIds?: string[];

The Object IDs of the Azure AD Groups.

interface GetGroupsResult

A collection of values returned by getGroups.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property names

names: string[];

The Display Names of the Azure AD Groups.

property objectIds

objectIds: string[];

The Object IDs of the Azure AD Groups.

interface GetServicePrincipalArgs

A collection of arguments for invoking getServicePrincipal.

property appRoles

appRoles?: {
    allowedMemberTypes: string[];
    description: undefined | string;
    displayName: undefined | string;
    id: undefined | string;
    isEnabled: undefined | false | true;
    value: undefined | string;
}[];

A collection of appRole blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles

property applicationId

applicationId?: undefined | string;

The ID of the Azure AD Application.

property displayName

displayName?: undefined | string;

The Display Name of the Azure AD Application associated with this Service Principal.

property oauth2Permissions

oauth2Permissions?: {
    adminConsentDescription: undefined | string;
    adminConsentDisplayName: undefined | string;
    id: undefined | string;
    isEnabled: undefined | false | true;
    type: undefined | string;
    userConsentDescription: undefined | string;
    userConsentDisplayName: undefined | string;
    value: undefined | string;
}[];

A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a oauth2Permission block as documented below.

property objectId

objectId?: undefined | string;

The ID of the Azure AD Service Principal.

interface GetServicePrincipalResult

A collection of values returned by getServicePrincipal.

property appRoles

appRoles: {
    allowedMemberTypes: string[];
    description: string;
    displayName: string;
    id: string;
    isEnabled: boolean;
    value: string;
}[];

property applicationId

applicationId: string;

property displayName

displayName: string;

Display name for the permission that appears in the admin consent and app assignment experiences.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property oauth2Permissions

oauth2Permissions: {
    adminConsentDescription: string;
    adminConsentDisplayName: string;
    id: string;
    isEnabled: boolean;
    type: string;
    userConsentDescription: string;
    userConsentDisplayName: string;
    value: string;
}[];

property objectId

objectId: string;

interface GetUserArgs

A collection of arguments for invoking getUser.

property objectId

objectId?: undefined | string;

Specifies the Object ID of the Application within Azure Active Directory.

property userPrincipalName

userPrincipalName?: undefined | string;

The User Principal Name of the Azure AD User.

interface GetUserResult

A collection of values returned by getUser.

property accountEnabled

accountEnabled: boolean;

True if the account is enabled; otherwise False.

property displayName

displayName: string;

The Display Name of the Azure AD User.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property mail

mail: string;

The primary email address of the Azure AD User.

property mailNickname

mailNickname: string;

The email alias of the Azure AD User.

property objectId

objectId: string;

property userPrincipalName

userPrincipalName: string;

The User Principal Name of the Azure AD User.

interface GetUsersArgs

A collection of arguments for invoking getUsers.

property objectIds

objectIds?: string[];

The Object IDs of the Azure AD Users.

property userPrincipalNames

userPrincipalNames?: string[];

The User Principal Names of the Azure AD Users.

interface GetUsersResult

A collection of values returned by getUsers.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property objectIds

objectIds: string[];

The Object IDs of the Azure AD Users.

property userPrincipalNames

userPrincipalNames: string[];

The User Principal Names of the Azure AD Users.

interface GroupArgs

The set of arguments for constructing a Group resource.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

A set of members who should be present in this Group. Supported Object types are Users, Groups or Service Principals.

property name

name?: pulumi.Input<string>;

The display name for the Group. Changing this forces a new resource to be created.

property owners

owners?: pulumi.Input<pulumi.Input<string>[]>;

A set of owners who own this Group. Supported Object types are Users or Service Principals.

interface GroupMemberArgs

The set of arguments for constructing a GroupMember resource.

property groupObjectId

groupObjectId: pulumi.Input<string>;

The Object ID of the Azure AD Group you want to add the Member to. Changing this forces a new resource to be created.

property memberObjectId

memberObjectId: pulumi.Input<string>;

The Object ID of the Azure AD Object you want to add as a Member to the Group. Supported Object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.

interface GroupMemberState

Input properties used for looking up and filtering GroupMember resources.

property groupObjectId

groupObjectId?: pulumi.Input<string>;

The Object ID of the Azure AD Group you want to add the Member to. Changing this forces a new resource to be created.

property memberObjectId

memberObjectId?: pulumi.Input<string>;

The Object ID of the Azure AD Object you want to add as a Member to the Group. Supported Object types are Users, Groups or Service Principals. Changing this forces a new resource to be created.

interface GroupState

Input properties used for looking up and filtering Group resources.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

A set of members who should be present in this Group. Supported Object types are Users, Groups or Service Principals.

property name

name?: pulumi.Input<string>;

The display name for the Group. Changing this forces a new resource to be created.

property objectId

objectId?: pulumi.Input<string>;

property owners

owners?: pulumi.Input<pulumi.Input<string>[]>;

A set of owners who own this Group. Supported Object types are Users or Service Principals.

interface ProviderArgs

The set of arguments for constructing a Provider resource.

property clientCertificatePassword

clientCertificatePassword?: pulumi.Input<string>;

property clientCertificatePath

clientCertificatePath?: pulumi.Input<string>;

property clientId

clientId?: pulumi.Input<string>;

property clientSecret

clientSecret?: pulumi.Input<string>;

property environment

environment?: pulumi.Input<string>;

property msiEndpoint

msiEndpoint?: pulumi.Input<string>;

property subscriptionId

subscriptionId?: pulumi.Input<string>;

property tenantId

tenantId?: pulumi.Input<string>;

property useMsi

useMsi?: pulumi.Input<boolean>;

interface ServicePrincipalArgs

The set of arguments for constructing a ServicePrincipal resource.

property applicationId

applicationId: pulumi.Input<string>;

The ID of the Azure AD Application for which to create a Service Principal.

property oauth2Permissions

oauth2Permissions?: pulumi.Input<pulumi.Input<{
    adminConsentDescription: pulumi.Input<string>;
    adminConsentDisplayName: pulumi.Input<string>;
    id: pulumi.Input<string>;
    isEnabled: pulumi.Input<boolean>;
    type: pulumi.Input<string>;
    userConsentDescription: pulumi.Input<string>;
    userConsentDisplayName: pulumi.Input<string>;
    value: pulumi.Input<string>;
}>[]>;

A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a oauth2Permission block as documented below.

property tags

tags?: pulumi.Input<pulumi.Input<string>[]>;

A list of tags to apply to the Service Principal.

interface ServicePrincipalPasswordArgs

The set of arguments for constructing a ServicePrincipalPassword resource.

property endDate

endDate?: pulumi.Input<string>;

The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

endDateRelative?: pulumi.Input<string>;

A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

property keyId

keyId?: pulumi.Input<string>;

A GUID used to uniquely identify this Key. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property servicePrincipalId

servicePrincipalId: pulumi.Input<string>;

The ID of the Service Principal for which this password should be created. Changing this field forces a new resource to be created.

property startDate

startDate?: pulumi.Input<string>;

The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn’t specified, the current date is used. Changing this field forces a new resource to be created.

property value

value: pulumi.Input<string>;

The Password for this Service Principal.

interface ServicePrincipalPasswordState

Input properties used for looking up and filtering ServicePrincipalPassword resources.

property endDate

endDate?: pulumi.Input<string>;

The End Date which the Password is valid until, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). Changing this field forces a new resource to be created.

property endDateRelative

endDateRelative?: pulumi.Input<string>;

A relative duration for which the Password is valid until, for example 240h (10 days) or 2400h30m. Changing this field forces a new resource to be created.

property keyId

keyId?: pulumi.Input<string>;

A GUID used to uniquely identify this Key. If not specified a GUID will be created. Changing this field forces a new resource to be created.

property servicePrincipalId

servicePrincipalId?: pulumi.Input<string>;

The ID of the Service Principal for which this password should be created. Changing this field forces a new resource to be created.

property startDate

startDate?: pulumi.Input<string>;

The Start Date which the Password is valid from, formatted as a RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If this isn’t specified, the current date is used. Changing this field forces a new resource to be created.

property value

value?: pulumi.Input<string>;

The Password for this Service Principal.

interface ServicePrincipalState

Input properties used for looking up and filtering ServicePrincipal resources.

property applicationId

applicationId?: pulumi.Input<string>;

The ID of the Azure AD Application for which to create a Service Principal.

property displayName

displayName?: pulumi.Input<string>;

The Display Name of the Azure Active Directory Application associated with this Service Principal.

property oauth2Permissions

oauth2Permissions?: pulumi.Input<pulumi.Input<{
    adminConsentDescription: pulumi.Input<string>;
    adminConsentDisplayName: pulumi.Input<string>;
    id: pulumi.Input<string>;
    isEnabled: pulumi.Input<boolean>;
    type: pulumi.Input<string>;
    userConsentDescription: pulumi.Input<string>;
    userConsentDisplayName: pulumi.Input<string>;
    value: pulumi.Input<string>;
}>[]>;

A collection of OAuth 2.0 permissions exposed by the associated application. Each permission is covered by a oauth2Permission block as documented below.

property objectId

objectId?: pulumi.Input<string>;

The Service Principal’s Object ID.

property tags

tags?: pulumi.Input<pulumi.Input<string>[]>;

A list of tags to apply to the Service Principal.

interface UserArgs

The set of arguments for constructing a User resource.

property accountEnabled

accountEnabled?: pulumi.Input<boolean>;

true if the account should be enabled, otherwise false. Defaults to true. * mailNickname- (Optional) The mail alias for the user. Defaults to the user name part of the User Principal Name.

property displayName

displayName: pulumi.Input<string>;

The name to display in the address book for the user.

property forcePasswordChange

forcePasswordChange?: pulumi.Input<boolean>;

true if the User is forced to change the password during the next sign-in. Defaults to false.

property mailNickname

mailNickname?: pulumi.Input<string>;

property password

password: pulumi.Input<string>;

The password for the User. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters.

property userPrincipalName

userPrincipalName: pulumi.Input<string>;

The User Principal Name of the Azure AD User.

interface UserState

Input properties used for looking up and filtering User resources.

property accountEnabled

accountEnabled?: pulumi.Input<boolean>;

true if the account should be enabled, otherwise false. Defaults to true. * mailNickname- (Optional) The mail alias for the user. Defaults to the user name part of the User Principal Name.

property displayName

displayName?: pulumi.Input<string>;

The name to display in the address book for the user.

property forcePasswordChange

forcePasswordChange?: pulumi.Input<boolean>;

true if the User is forced to change the password during the next sign-in. Defaults to false.

property mail

mail?: pulumi.Input<string>;

The primary email address of the Azure AD User.

property mailNickname

mailNickname?: pulumi.Input<string>;

property objectId

objectId?: pulumi.Input<string>;

The Object ID of the Azure AD User.

property password

password?: pulumi.Input<string>;

The password for the User. The password must satisfy minimum requirements as specified by the password policy. The maximum length is 256 characters.

property userPrincipalName

userPrincipalName?: pulumi.Input<string>;

The User Principal Name of the Azure AD User.