Docs
Packages
Alibaba Cloud v3.37.0, May 15 23
Alibaba Cloud v3.37.0, May 15 23
alicloud.cloudsso.AccessManagement
Explore with Pulumi AI
Provides a Cloud SSO Access Assignment resource.
For information about Cloud SSO Access Assignment and how to use it, see What is Access Assignment.
NOTE: When you configure access assignment for the first time, access configuration will be automatically deployed.
NOTE: Available in v1.145.0+.
NOTE: Cloud SSO Only Support
cn-shanghaiAndus-west-1Region
Create AccessManagement Resource
new AccessManagement(name: string, args: AccessManagementArgs, opts?: CustomResourceOptions);@overload
def AccessManagement(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_configuration_id: Optional[str] = None,
deprovision_strategy: Optional[str] = None,
directory_id: Optional[str] = None,
principal_id: Optional[str] = None,
principal_type: Optional[str] = None,
target_id: Optional[str] = None,
target_type: Optional[str] = None)
@overload
def AccessManagement(resource_name: str,
args: AccessManagementArgs,
opts: Optional[ResourceOptions] = None)func NewAccessManagement(ctx *Context, name string, args AccessManagementArgs, opts ...ResourceOption) (*AccessManagement, error)public AccessManagement(string name, AccessManagementArgs args, CustomResourceOptions? opts = null)
public AccessManagement(String name, AccessManagementArgs args)
public AccessManagement(String name, AccessManagementArgs args, CustomResourceOptions options)
type: alicloud:cloudsso:AccessManagement
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessManagementArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessManagementArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessManagementArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessManagementArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessManagementArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AccessManagement Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AccessManagement resource accepts the following input properties:
- Access
Configuration stringId The Access configuration ID.
- Directory
Id string The ID of the Directory.
- Principal
Id string The ID of the access assignment.
- Principal
Type string The identity type of the access assignment, which can be a user or a user group. Valid values:
Group,User.- Target
Id string The ID of the target to create the resource range.
- Target
Type string The type of the resource range target to be accessed. Valid values:
RD-Account.- Deprovision
Strategy string The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
- Access
Configuration stringId The Access configuration ID.
- Directory
Id string The ID of the Directory.
- Principal
Id string The ID of the access assignment.
- Principal
Type string The identity type of the access assignment, which can be a user or a user group. Valid values:
Group,User.- Target
Id string The ID of the target to create the resource range.
- Target
Type string The type of the resource range target to be accessed. Valid values:
RD-Account.- Deprovision
Strategy string The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
- access
Configuration StringId The Access configuration ID.
- directory
Id String The ID of the Directory.
- principal
Id String The ID of the access assignment.
- principal
Type String The identity type of the access assignment, which can be a user or a user group. Valid values:
Group,User.- target
Id String The ID of the target to create the resource range.
- target
Type String The type of the resource range target to be accessed. Valid values:
RD-Account.- deprovision
Strategy String The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
- access
Configuration stringId The Access configuration ID.
- directory
Id string The ID of the Directory.
- principal
Id string The ID of the access assignment.
- principal
Type string The identity type of the access assignment, which can be a user or a user group. Valid values:
Group,User.- target
Id string The ID of the target to create the resource range.
- target
Type string The type of the resource range target to be accessed. Valid values:
RD-Account.- deprovision
Strategy string The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
- access_
configuration_ strid The Access configuration ID.
- directory_
id str The ID of the Directory.
- principal_
id str The ID of the access assignment.
- principal_
type str The identity type of the access assignment, which can be a user or a user group. Valid values:
Group,User.- target_
id str The ID of the target to create the resource range.
- target_
type str The type of the resource range target to be accessed. Valid values:
RD-Account.- deprovision_
strategy str The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
- access
Configuration StringId The Access configuration ID.
- directory
Id String The ID of the Directory.
- principal
Id String The ID of the access assignment.
- principal
Type String The identity type of the access assignment, which can be a user or a user group. Valid values:
Group,User.- target
Id String The ID of the target to create the resource range.
- target
Type String The type of the resource range target to be accessed. Valid values:
RD-Account.- deprovision
Strategy String The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessManagement resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing AccessManagement Resource
Get an existing AccessManagement resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccessManagementState, opts?: CustomResourceOptions): AccessManagement@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_configuration_id: Optional[str] = None,
deprovision_strategy: Optional[str] = None,
directory_id: Optional[str] = None,
principal_id: Optional[str] = None,
principal_type: Optional[str] = None,
target_id: Optional[str] = None,
target_type: Optional[str] = None) -> AccessManagementfunc GetAccessManagement(ctx *Context, name string, id IDInput, state *AccessManagementState, opts ...ResourceOption) (*AccessManagement, error)public static AccessManagement Get(string name, Input<string> id, AccessManagementState? state, CustomResourceOptions? opts = null)public static AccessManagement get(String name, Output<String> id, AccessManagementState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Configuration stringId The Access configuration ID.
- Deprovision
Strategy string The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。- Directory
Id string The ID of the Directory.
- Principal
Id string The ID of the access assignment.
- Principal
Type string The identity type of the access assignment, which can be a user or a user group. Valid values:
Group,User.- Target
Id string The ID of the target to create the resource range.
- Target
Type string The type of the resource range target to be accessed. Valid values:
RD-Account.
- Access
Configuration stringId The Access configuration ID.
- Deprovision
Strategy string The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。- Directory
Id string The ID of the Directory.
- Principal
Id string The ID of the access assignment.
- Principal
Type string The identity type of the access assignment, which can be a user or a user group. Valid values:
Group,User.- Target
Id string The ID of the target to create the resource range.
- Target
Type string The type of the resource range target to be accessed. Valid values:
RD-Account.
- access
Configuration StringId The Access configuration ID.
- deprovision
Strategy String The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。- directory
Id String The ID of the Directory.
- principal
Id String The ID of the access assignment.
- principal
Type String The identity type of the access assignment, which can be a user or a user group. Valid values:
Group,User.- target
Id String The ID of the target to create the resource range.
- target
Type String The type of the resource range target to be accessed. Valid values:
RD-Account.
- access
Configuration stringId The Access configuration ID.
- deprovision
Strategy string The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。- directory
Id string The ID of the Directory.
- principal
Id string The ID of the access assignment.
- principal
Type string The identity type of the access assignment, which can be a user or a user group. Valid values:
Group,User.- target
Id string The ID of the target to create the resource range.
- target
Type string The type of the resource range target to be accessed. Valid values:
RD-Account.
- access_
configuration_ strid The Access configuration ID.
- deprovision_
strategy str The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。- directory_
id str The ID of the Directory.
- principal_
id str The ID of the access assignment.
- principal_
type str The identity type of the access assignment, which can be a user or a user group. Valid values:
Group,User.- target_
id str The ID of the target to create the resource range.
- target_
type str The type of the resource range target to be accessed. Valid values:
RD-Account.
- access
Configuration StringId The Access configuration ID.
- deprovision
Strategy String The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。- directory
Id String The ID of the Directory.
- principal
Id String The ID of the access assignment.
- principal
Type String The identity type of the access assignment, which can be a user or a user group. Valid values:
Group,User.- target
Id String The ID of the target to create the resource range.
- target
Type String The type of the resource range target to be accessed. Valid values:
RD-Account.
Import
Cloud SSO Access Assignment can be imported using the id, e.g.
$ pulumi import alicloud:cloudsso/accessManagement:AccessManagement example <directory_id>:<access_configuration_id>:<target_type>:<target_id>:<principal_type>:<principal_id>
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
alicloudTerraform Provider.