1. Packages
  2. Azure Classic
  3. API Docs
  4. authorization
  5. getRoleDefinition

We recommend using Azure Native.

Azure v6.13.0 published on Monday, Dec 9, 2024 by Pulumi

azure.authorization.getRoleDefinition

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure v6.13.0 published on Monday, Dec 9, 2024 by Pulumi

    Use this data source to access information about an existing Role Definition.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const primary = azure.core.getSubscription({});
    const customRoleDefinition = new azure.authorization.RoleDefinition("custom", {
        roleDefinitionId: "00000000-0000-0000-0000-000000000000",
        name: "CustomRoleDef",
        scope: primary.then(primary => primary.id),
    });
    const custom = pulumi.all([customRoleDefinition.roleDefinitionId, primary]).apply(([roleDefinitionId, primary]) => azure.authorization.getRoleDefinitionOutput({
        roleDefinitionId: roleDefinitionId,
        scope: primary.id,
    }));
    const custom-byname = pulumi.all([customRoleDefinition.name, primary]).apply(([name, primary]) => azure.authorization.getRoleDefinitionOutput({
        name: name,
        scope: primary.id,
    }));
    const builtin = azure.authorization.getRoleDefinition({
        name: "Contributor",
    });
    export const customRoleDefinitionId = custom.apply(custom => custom.id);
    export const contributorRoleDefinitionId = builtin.then(builtin => builtin.id);
    
    import pulumi
    import pulumi_azure as azure
    
    primary = azure.core.get_subscription()
    custom_role_definition = azure.authorization.RoleDefinition("custom",
        role_definition_id="00000000-0000-0000-0000-000000000000",
        name="CustomRoleDef",
        scope=primary.id)
    custom = custom_role_definition.role_definition_id.apply(lambda role_definition_id: azure.authorization.get_role_definition_output(role_definition_id=role_definition_id,
        scope=primary.id))
    custom_byname = custom_role_definition.name.apply(lambda name: azure.authorization.get_role_definition_output(name=name,
        scope=primary.id))
    builtin = azure.authorization.get_role_definition(name="Contributor")
    pulumi.export("customRoleDefinitionId", custom.id)
    pulumi.export("contributorRoleDefinitionId", builtin.id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		primary, err := core.LookupSubscription(ctx, &core.LookupSubscriptionArgs{}, nil)
    		if err != nil {
    			return err
    		}
    		customRoleDefinition, err := authorization.NewRoleDefinition(ctx, "custom", &authorization.RoleDefinitionArgs{
    			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
    			Name:             pulumi.String("CustomRoleDef"),
    			Scope:            pulumi.String(primary.Id),
    		})
    		if err != nil {
    			return err
    		}
    		custom := customRoleDefinition.RoleDefinitionId.ApplyT(func(roleDefinitionId string) (authorization.GetRoleDefinitionResult, error) {
    			return authorization.GetRoleDefinitionResult(interface{}(authorization.LookupRoleDefinitionOutput(ctx, authorization.GetRoleDefinitionOutputArgs{
    				RoleDefinitionId: roleDefinitionId,
    				Scope:            primary.Id,
    			}, nil))), nil
    		}).(authorization.GetRoleDefinitionResultOutput)
    		_ = customRoleDefinition.Name.ApplyT(func(name string) (authorization.GetRoleDefinitionResult, error) {
    			return authorization.GetRoleDefinitionResult(interface{}(authorization.LookupRoleDefinitionOutput(ctx, authorization.GetRoleDefinitionOutputArgs{
    				Name:  name,
    				Scope: primary.Id,
    			}, nil))), nil
    		}).(authorization.GetRoleDefinitionResultOutput)
    		builtin, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
    			Name: pulumi.StringRef("Contributor"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		ctx.Export("customRoleDefinitionId", custom.ApplyT(func(custom authorization.GetRoleDefinitionResult) (*string, error) {
    			return &custom.Id, nil
    		}).(pulumi.StringPtrOutput))
    		ctx.Export("contributorRoleDefinitionId", builtin.Id)
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var primary = Azure.Core.GetSubscription.Invoke();
    
        var customRoleDefinition = new Azure.Authorization.RoleDefinition("custom", new()
        {
            RoleDefinitionId = "00000000-0000-0000-0000-000000000000",
            Name = "CustomRoleDef",
            Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
        });
    
        var custom = Azure.Authorization.GetRoleDefinition.Invoke(new()
        {
            RoleDefinitionId = customRoleDefinition.RoleDefinitionId,
            Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
        });
    
        var custom_byname = Azure.Authorization.GetRoleDefinition.Invoke(new()
        {
            Name = customRoleDefinition.Name,
            Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
        });
    
        var builtin = Azure.Authorization.GetRoleDefinition.Invoke(new()
        {
            Name = "Contributor",
        });
    
        return new Dictionary<string, object?>
        {
            ["customRoleDefinitionId"] = custom.Apply(getRoleDefinitionResult => getRoleDefinitionResult.Id),
            ["contributorRoleDefinitionId"] = builtin.Apply(getRoleDefinitionResult => getRoleDefinitionResult.Id),
        };
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.CoreFunctions;
    import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
    import com.pulumi.azure.authorization.RoleDefinition;
    import com.pulumi.azure.authorization.RoleDefinitionArgs;
    import com.pulumi.azure.authorization.AuthorizationFunctions;
    import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var primary = CoreFunctions.getSubscription();
    
            var customRoleDefinition = new RoleDefinition("customRoleDefinition", RoleDefinitionArgs.builder()
                .roleDefinitionId("00000000-0000-0000-0000-000000000000")
                .name("CustomRoleDef")
                .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
                .build());
    
            final var custom = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
                .roleDefinitionId(customRoleDefinition.roleDefinitionId())
                .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
                .build());
    
            final var custom-byname = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
                .name(customRoleDefinition.name())
                .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
                .build());
    
            final var builtin = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
                .name("Contributor")
                .build());
    
            ctx.export("customRoleDefinitionId", custom.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult).applyValue(custom -> custom.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.id())));
            ctx.export("contributorRoleDefinitionId", builtin.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.id()));
        }
    }
    
    resources:
      customRoleDefinition:
        type: azure:authorization:RoleDefinition
        name: custom
        properties:
          roleDefinitionId: 00000000-0000-0000-0000-000000000000
          name: CustomRoleDef
          scope: ${primary.id}
    variables:
      primary:
        fn::invoke:
          Function: azure:core:getSubscription
          Arguments: {}
      custom:
        fn::invoke:
          Function: azure:authorization:getRoleDefinition
          Arguments:
            roleDefinitionId: ${customRoleDefinition.roleDefinitionId}
            scope: ${primary.id}
      custom-byname:
        fn::invoke:
          Function: azure:authorization:getRoleDefinition
          Arguments:
            name: ${customRoleDefinition.name}
            scope: ${primary.id}
      builtin:
        fn::invoke:
          Function: azure:authorization:getRoleDefinition
          Arguments:
            name: Contributor
    outputs:
      customRoleDefinitionId: ${custom.id}
      contributorRoleDefinitionId: ${builtin.id}
    

    Using getRoleDefinition

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getRoleDefinition(args: GetRoleDefinitionArgs, opts?: InvokeOptions): Promise<GetRoleDefinitionResult>
    function getRoleDefinitionOutput(args: GetRoleDefinitionOutputArgs, opts?: InvokeOptions): Output<GetRoleDefinitionResult>
    def get_role_definition(name: Optional[str] = None,
                            role_definition_id: Optional[str] = None,
                            scope: Optional[str] = None,
                            opts: Optional[InvokeOptions] = None) -> GetRoleDefinitionResult
    def get_role_definition_output(name: Optional[pulumi.Input[str]] = None,
                            role_definition_id: Optional[pulumi.Input[str]] = None,
                            scope: Optional[pulumi.Input[str]] = None,
                            opts: Optional[InvokeOptions] = None) -> Output[GetRoleDefinitionResult]
    func LookupRoleDefinition(ctx *Context, args *LookupRoleDefinitionArgs, opts ...InvokeOption) (*LookupRoleDefinitionResult, error)
    func LookupRoleDefinitionOutput(ctx *Context, args *LookupRoleDefinitionOutputArgs, opts ...InvokeOption) LookupRoleDefinitionResultOutput

    > Note: This function is named LookupRoleDefinition in the Go SDK.

    public static class GetRoleDefinition 
    {
        public static Task<GetRoleDefinitionResult> InvokeAsync(GetRoleDefinitionArgs args, InvokeOptions? opts = null)
        public static Output<GetRoleDefinitionResult> Invoke(GetRoleDefinitionInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetRoleDefinitionResult> getRoleDefinition(GetRoleDefinitionArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: azure:authorization/getRoleDefinition:getRoleDefinition
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Name string

    Specifies the Name of either a built-in or custom Role Definition.

    You can also use this for built-in roles such as Contributor, Owner, Reader and Virtual Machine Contributor

    RoleDefinitionId string
    Specifies the ID of the Role Definition as a UUID/GUID.
    Scope string

    Specifies the Scope at which the Custom Role Definition exists.

    Note: One of name or role_definition_id must be specified.

    Name string

    Specifies the Name of either a built-in or custom Role Definition.

    You can also use this for built-in roles such as Contributor, Owner, Reader and Virtual Machine Contributor

    RoleDefinitionId string
    Specifies the ID of the Role Definition as a UUID/GUID.
    Scope string

    Specifies the Scope at which the Custom Role Definition exists.

    Note: One of name or role_definition_id must be specified.

    name String

    Specifies the Name of either a built-in or custom Role Definition.

    You can also use this for built-in roles such as Contributor, Owner, Reader and Virtual Machine Contributor

    roleDefinitionId String
    Specifies the ID of the Role Definition as a UUID/GUID.
    scope String

    Specifies the Scope at which the Custom Role Definition exists.

    Note: One of name or role_definition_id must be specified.

    name string

    Specifies the Name of either a built-in or custom Role Definition.

    You can also use this for built-in roles such as Contributor, Owner, Reader and Virtual Machine Contributor

    roleDefinitionId string
    Specifies the ID of the Role Definition as a UUID/GUID.
    scope string

    Specifies the Scope at which the Custom Role Definition exists.

    Note: One of name or role_definition_id must be specified.

    name str

    Specifies the Name of either a built-in or custom Role Definition.

    You can also use this for built-in roles such as Contributor, Owner, Reader and Virtual Machine Contributor

    role_definition_id str
    Specifies the ID of the Role Definition as a UUID/GUID.
    scope str

    Specifies the Scope at which the Custom Role Definition exists.

    Note: One of name or role_definition_id must be specified.

    name String

    Specifies the Name of either a built-in or custom Role Definition.

    You can also use this for built-in roles such as Contributor, Owner, Reader and Virtual Machine Contributor

    roleDefinitionId String
    Specifies the ID of the Role Definition as a UUID/GUID.
    scope String

    Specifies the Scope at which the Custom Role Definition exists.

    Note: One of name or role_definition_id must be specified.

    getRoleDefinition Result

    The following output properties are available:

    AssignableScopes List<string>
    One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.
    Description string
    The Description of the built-in Role.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Permissions List<GetRoleDefinitionPermission>
    A permissions block as documented below.
    RoleDefinitionId string
    Type string
    The Type of the Role.
    Scope string
    AssignableScopes []string
    One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.
    Description string
    The Description of the built-in Role.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Permissions []GetRoleDefinitionPermission
    A permissions block as documented below.
    RoleDefinitionId string
    Type string
    The Type of the Role.
    Scope string
    assignableScopes List<String>
    One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.
    description String
    The Description of the built-in Role.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    permissions List<GetRoleDefinitionPermission>
    A permissions block as documented below.
    roleDefinitionId String
    type String
    The Type of the Role.
    scope String
    assignableScopes string[]
    One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.
    description string
    The Description of the built-in Role.
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    permissions GetRoleDefinitionPermission[]
    A permissions block as documented below.
    roleDefinitionId string
    type string
    The Type of the Role.
    scope string
    assignable_scopes Sequence[str]
    One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.
    description str
    The Description of the built-in Role.
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    permissions Sequence[GetRoleDefinitionPermission]
    A permissions block as documented below.
    role_definition_id str
    type str
    The Type of the Role.
    scope str
    assignableScopes List<String>
    One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.
    description String
    The Description of the built-in Role.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    permissions List<Property Map>
    A permissions block as documented below.
    roleDefinitionId String
    type String
    The Type of the Role.
    scope String

    Supporting Types

    GetRoleDefinitionPermission

    Actions List<string>
    A list of actions supported by this role.
    Condition string
    The conditions on this role definition, which limits the resources it can be assigned to.
    ConditionVersion string
    The version of the condition.
    NotActions List<string>
    A list of actions which are denied by this role.
    DataActions List<string>
    A list of data actions allowed by this role.
    NotDataActions List<string>
    A list of data actions which are denied by this role.
    Actions []string
    A list of actions supported by this role.
    Condition string
    The conditions on this role definition, which limits the resources it can be assigned to.
    ConditionVersion string
    The version of the condition.
    NotActions []string
    A list of actions which are denied by this role.
    DataActions []string
    A list of data actions allowed by this role.
    NotDataActions []string
    A list of data actions which are denied by this role.
    actions List<String>
    A list of actions supported by this role.
    condition String
    The conditions on this role definition, which limits the resources it can be assigned to.
    conditionVersion String
    The version of the condition.
    notActions List<String>
    A list of actions which are denied by this role.
    dataActions List<String>
    A list of data actions allowed by this role.
    notDataActions List<String>
    A list of data actions which are denied by this role.
    actions string[]
    A list of actions supported by this role.
    condition string
    The conditions on this role definition, which limits the resources it can be assigned to.
    conditionVersion string
    The version of the condition.
    notActions string[]
    A list of actions which are denied by this role.
    dataActions string[]
    A list of data actions allowed by this role.
    notDataActions string[]
    A list of data actions which are denied by this role.
    actions Sequence[str]
    A list of actions supported by this role.
    condition str
    The conditions on this role definition, which limits the resources it can be assigned to.
    condition_version str
    The version of the condition.
    not_actions Sequence[str]
    A list of actions which are denied by this role.
    data_actions Sequence[str]
    A list of data actions allowed by this role.
    not_data_actions Sequence[str]
    A list of data actions which are denied by this role.
    actions List<String>
    A list of actions supported by this role.
    condition String
    The conditions on this role definition, which limits the resources it can be assigned to.
    conditionVersion String
    The version of the condition.
    notActions List<String>
    A list of actions which are denied by this role.
    dataActions List<String>
    A list of data actions allowed by this role.
    notDataActions List<String>
    A list of data actions which are denied by this role.

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure v6.13.0 published on Monday, Dec 9, 2024 by Pulumi