Docs Home
We recommend using Azure Native.
Azure v6.22.1 published on Monday, May 12, 2025 by Pulumi
azure.blueprint.Assignment
Explore with Pulumi AI
Manages a Blueprint Assignment resource
NOTE: Azure Blueprints are in Preview and potentially subject to breaking change without notice.
NOTE: Azure Blueprint Assignments can only be applied to Subscriptions. Assignments to Management Groups is not currently supported by the service or by this provider.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const current = azure.core.getClientConfig({});
const example = azure.core.getSubscription({});
const exampleGetDefinition = example.then(example => azure.blueprint.getDefinition({
name: "exampleBlueprint",
scopeId: example.id,
}));
const exampleGetPublishedVersion = Promise.all([exampleGetDefinition, exampleGetDefinition]).then(([exampleGetDefinition, exampleGetDefinition1]) => azure.blueprint.getPublishedVersion({
scopeId: exampleGetDefinition.scopeId,
blueprintName: exampleGetDefinition1.name,
version: "v1.0.0",
}));
const exampleResourceGroup = new azure.core.ResourceGroup("example", {
name: "exampleRG-bp",
location: "West Europe",
tags: {
Environment: "example",
},
});
const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", {
resourceGroupName: exampleResourceGroup.name,
location: exampleResourceGroup.location,
name: "bp-user-example",
});
const operator = new azure.authorization.Assignment("operator", {
scope: example.then(example => example.id),
roleDefinitionName: "Blueprint Operator",
principalId: exampleUserAssignedIdentity.principalId,
});
const owner = new azure.authorization.Assignment("owner", {
scope: example.then(example => example.id),
roleDefinitionName: "Owner",
principalId: exampleUserAssignedIdentity.principalId,
});
const exampleAssignment = new azure.blueprint.Assignment("example", {
name: "testAccBPAssignment",
targetSubscriptionId: example.then(example => example.id),
versionId: exampleGetPublishedVersion.then(exampleGetPublishedVersion => exampleGetPublishedVersion.id),
location: exampleResourceGroup.location,
lockMode: "AllResourcesDoNotDelete",
lockExcludePrincipals: [current.then(current => current.objectId)],
identity: {
type: "UserAssigned",
identityIds: [exampleUserAssignedIdentity.id],
},
resourceGroups: ` {
"ResourceGroup": {
"name": "exampleRG-bp"
}
}
`,
parameterValues: ` {
"allowedlocationsforresourcegroups_listOfAllowedLocations": {
"value": ["westus", "westus2", "eastus", "centralus", "centraluseuap", "southcentralus", "northcentralus", "westcentralus", "eastus2", "eastus2euap", "brazilsouth", "brazilus", "northeurope", "westeurope", "eastasia", "southeastasia", "japanwest", "japaneast", "koreacentral", "koreasouth", "indiasouth", "indiawest", "indiacentral", "australiaeast", "australiasoutheast", "canadacentral", "canadaeast", "uknorth", "uksouth2", "uksouth", "ukwest", "francecentral", "francesouth", "australiacentral", "australiacentral2", "uaecentral", "uaenorth", "southafricanorth", "southafricawest", "switzerlandnorth", "switzerlandwest", "germanynorth", "germanywestcentral", "norwayeast", "norwaywest"]
}
}
`,
}, {
dependsOn: [
operator,
owner,
],
});
import pulumi
import pulumi_azure as azure
current = azure.core.get_client_config()
example = azure.core.get_subscription()
example_get_definition = azure.blueprint.get_definition(name="exampleBlueprint",
scope_id=example.id)
example_get_published_version = azure.blueprint.get_published_version(scope_id=example_get_definition.scope_id,
blueprint_name=example_get_definition.name,
version="v1.0.0")
example_resource_group = azure.core.ResourceGroup("example",
name="exampleRG-bp",
location="West Europe",
tags={
"Environment": "example",
})
example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example",
resource_group_name=example_resource_group.name,
location=example_resource_group.location,
name="bp-user-example")
operator = azure.authorization.Assignment("operator",
scope=example.id,
role_definition_name="Blueprint Operator",
principal_id=example_user_assigned_identity.principal_id)
owner = azure.authorization.Assignment("owner",
scope=example.id,
role_definition_name="Owner",
principal_id=example_user_assigned_identity.principal_id)
example_assignment = azure.blueprint.Assignment("example",
name="testAccBPAssignment",
target_subscription_id=example.id,
version_id=example_get_published_version.id,
location=example_resource_group.location,
lock_mode="AllResourcesDoNotDelete",
lock_exclude_principals=[current.object_id],
identity={
"type": "UserAssigned",
"identity_ids": [example_user_assigned_identity.id],
},
resource_groups=""" {
"ResourceGroup": {
"name": "exampleRG-bp"
}
}
""",
parameter_values=""" {
"allowedlocationsforresourcegroups_listOfAllowedLocations": {
"value": ["westus", "westus2", "eastus", "centralus", "centraluseuap", "southcentralus", "northcentralus", "westcentralus", "eastus2", "eastus2euap", "brazilsouth", "brazilus", "northeurope", "westeurope", "eastasia", "southeastasia", "japanwest", "japaneast", "koreacentral", "koreasouth", "indiasouth", "indiawest", "indiacentral", "australiaeast", "australiasoutheast", "canadacentral", "canadaeast", "uknorth", "uksouth2", "uksouth", "ukwest", "francecentral", "francesouth", "australiacentral", "australiacentral2", "uaecentral", "uaenorth", "southafricanorth", "southafricawest", "switzerlandnorth", "switzerlandwest", "germanynorth", "germanywestcentral", "norwayeast", "norwaywest"]
}
}
""",
opts = pulumi.ResourceOptions(depends_on=[
operator,
owner,
]))
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/blueprint"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
example, err := core.LookupSubscription(ctx, &core.LookupSubscriptionArgs{}, nil)
if err != nil {
return err
}
exampleGetDefinition, err := blueprint.GetDefinition(ctx, &blueprint.GetDefinitionArgs{
Name: "exampleBlueprint",
ScopeId: example.Id,
}, nil)
if err != nil {
return err
}
exampleGetPublishedVersion, err := blueprint.GetPublishedVersion(ctx, &blueprint.GetPublishedVersionArgs{
ScopeId: exampleGetDefinition.ScopeId,
BlueprintName: exampleGetDefinition.Name,
Version: "v1.0.0",
}, nil)
if err != nil {
return err
}
exampleResourceGroup, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("exampleRG-bp"),
Location: pulumi.String("West Europe"),
Tags: pulumi.StringMap{
"Environment": pulumi.String("example"),
},
})
if err != nil {
return err
}
exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{
ResourceGroupName: exampleResourceGroup.Name,
Location: exampleResourceGroup.Location,
Name: pulumi.String("bp-user-example"),
})
if err != nil {
return err
}
operator, err := authorization.NewAssignment(ctx, "operator", &authorization.AssignmentArgs{
Scope: pulumi.String(example.Id),
RoleDefinitionName: pulumi.String("Blueprint Operator"),
PrincipalId: exampleUserAssignedIdentity.PrincipalId,
})
if err != nil {
return err
}
owner, err := authorization.NewAssignment(ctx, "owner", &authorization.AssignmentArgs{
Scope: pulumi.String(example.Id),
RoleDefinitionName: pulumi.String("Owner"),
PrincipalId: exampleUserAssignedIdentity.PrincipalId,
})
if err != nil {
return err
}
_, err = blueprint.NewAssignment(ctx, "example", &blueprint.AssignmentArgs{
Name: pulumi.String("testAccBPAssignment"),
TargetSubscriptionId: pulumi.String(example.Id),
VersionId: pulumi.String(exampleGetPublishedVersion.Id),
Location: exampleResourceGroup.Location,
LockMode: pulumi.String("AllResourcesDoNotDelete"),
LockExcludePrincipals: pulumi.StringArray{
pulumi.String(current.ObjectId),
},
Identity: &blueprint.AssignmentIdentityArgs{
Type: pulumi.String("UserAssigned"),
IdentityIds: pulumi.StringArray{
exampleUserAssignedIdentity.ID(),
},
},
ResourceGroups: pulumi.String(` {
"ResourceGroup": {
"name": "exampleRG-bp"
}
}
`),
ParameterValues: pulumi.String(` {
"allowedlocationsforresourcegroups_listOfAllowedLocations": {
"value": ["westus", "westus2", "eastus", "centralus", "centraluseuap", "southcentralus", "northcentralus", "westcentralus", "eastus2", "eastus2euap", "brazilsouth", "brazilus", "northeurope", "westeurope", "eastasia", "southeastasia", "japanwest", "japaneast", "koreacentral", "koreasouth", "indiasouth", "indiawest", "indiacentral", "australiaeast", "australiasoutheast", "canadacentral", "canadaeast", "uknorth", "uksouth2", "uksouth", "ukwest", "francecentral", "francesouth", "australiacentral", "australiacentral2", "uaecentral", "uaenorth", "southafricanorth", "southafricawest", "switzerlandnorth", "switzerlandwest", "germanynorth", "germanywestcentral", "norwayeast", "norwaywest"]
}
}
`),
}, pulumi.DependsOn([]pulumi.Resource{
operator,
owner,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var example = Azure.Core.GetSubscription.Invoke();
var exampleGetDefinition = Azure.Blueprint.GetDefinition.Invoke(new()
{
Name = "exampleBlueprint",
ScopeId = example.Apply(getSubscriptionResult => getSubscriptionResult.Id),
});
var exampleGetPublishedVersion = Azure.Blueprint.GetPublishedVersion.Invoke(new()
{
ScopeId = exampleGetDefinition.Apply(getDefinitionResult => getDefinitionResult.ScopeId),
BlueprintName = exampleGetDefinition.Apply(getDefinitionResult => getDefinitionResult.Name),
Version = "v1.0.0",
});
var exampleResourceGroup = new Azure.Core.ResourceGroup("example", new()
{
Name = "exampleRG-bp",
Location = "West Europe",
Tags =
{
{ "Environment", "example" },
},
});
var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new()
{
ResourceGroupName = exampleResourceGroup.Name,
Location = exampleResourceGroup.Location,
Name = "bp-user-example",
});
var @operator = new Azure.Authorization.Assignment("operator", new()
{
Scope = example.Apply(getSubscriptionResult => getSubscriptionResult.Id),
RoleDefinitionName = "Blueprint Operator",
PrincipalId = exampleUserAssignedIdentity.PrincipalId,
});
var owner = new Azure.Authorization.Assignment("owner", new()
{
Scope = example.Apply(getSubscriptionResult => getSubscriptionResult.Id),
RoleDefinitionName = "Owner",
PrincipalId = exampleUserAssignedIdentity.PrincipalId,
});
var exampleAssignment = new Azure.Blueprint.Assignment("example", new()
{
Name = "testAccBPAssignment",
TargetSubscriptionId = example.Apply(getSubscriptionResult => getSubscriptionResult.Id),
VersionId = exampleGetPublishedVersion.Apply(getPublishedVersionResult => getPublishedVersionResult.Id),
Location = exampleResourceGroup.Location,
LockMode = "AllResourcesDoNotDelete",
LockExcludePrincipals = new[]
{
current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
},
Identity = new Azure.Blueprint.Inputs.AssignmentIdentityArgs
{
Type = "UserAssigned",
IdentityIds = new[]
{
exampleUserAssignedIdentity.Id,
},
},
ResourceGroups = @" {
""ResourceGroup"": {
""name"": ""exampleRG-bp""
}
}
",
ParameterValues = @" {
""allowedlocationsforresourcegroups_listOfAllowedLocations"": {
""value"": [""westus"", ""westus2"", ""eastus"", ""centralus"", ""centraluseuap"", ""southcentralus"", ""northcentralus"", ""westcentralus"", ""eastus2"", ""eastus2euap"", ""brazilsouth"", ""brazilus"", ""northeurope"", ""westeurope"", ""eastasia"", ""southeastasia"", ""japanwest"", ""japaneast"", ""koreacentral"", ""koreasouth"", ""indiasouth"", ""indiawest"", ""indiacentral"", ""australiaeast"", ""australiasoutheast"", ""canadacentral"", ""canadaeast"", ""uknorth"", ""uksouth2"", ""uksouth"", ""ukwest"", ""francecentral"", ""francesouth"", ""australiacentral"", ""australiacentral2"", ""uaecentral"", ""uaenorth"", ""southafricanorth"", ""southafricawest"", ""switzerlandnorth"", ""switzerlandwest"", ""germanynorth"", ""germanywestcentral"", ""norwayeast"", ""norwaywest""]
}
}
",
}, new CustomResourceOptions
{
DependsOn =
{
@operator,
owner,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
import com.pulumi.azure.blueprint.BlueprintFunctions;
import com.pulumi.azure.blueprint.inputs.GetDefinitionArgs;
import com.pulumi.azure.blueprint.inputs.GetPublishedVersionArgs;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.authorization.UserAssignedIdentity;
import com.pulumi.azure.authorization.UserAssignedIdentityArgs;
import com.pulumi.azure.blueprint.inputs.AssignmentIdentityArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
final var example = CoreFunctions.getSubscription(GetSubscriptionArgs.builder()
.build());
final var exampleGetDefinition = BlueprintFunctions.getDefinition(GetDefinitionArgs.builder()
.name("exampleBlueprint")
.scopeId(example.id())
.build());
final var exampleGetPublishedVersion = BlueprintFunctions.getPublishedVersion(GetPublishedVersionArgs.builder()
.scopeId(exampleGetDefinition.scopeId())
.blueprintName(exampleGetDefinition.name())
.version("v1.0.0")
.build());
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.name("exampleRG-bp")
.location("West Europe")
.tags(Map.of("Environment", "example"))
.build());
var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder()
.resourceGroupName(exampleResourceGroup.name())
.location(exampleResourceGroup.location())
.name("bp-user-example")
.build());
var operator = new com.pulumi.azure.authorization.Assignment("operator", com.pulumi.azure.authorization.AssignmentArgs.builder()
.scope(example.id())
.roleDefinitionName("Blueprint Operator")
.principalId(exampleUserAssignedIdentity.principalId())
.build());
var owner = new com.pulumi.azure.authorization.Assignment("owner", com.pulumi.azure.authorization.AssignmentArgs.builder()
.scope(example.id())
.roleDefinitionName("Owner")
.principalId(exampleUserAssignedIdentity.principalId())
.build());
var exampleAssignment = new com.pulumi.azure.blueprint.Assignment("exampleAssignment", com.pulumi.azure.blueprint.AssignmentArgs.builder()
.name("testAccBPAssignment")
.targetSubscriptionId(example.id())
.versionId(exampleGetPublishedVersion.id())
.location(exampleResourceGroup.location())
.lockMode("AllResourcesDoNotDelete")
.lockExcludePrincipals(current.objectId())
.identity(AssignmentIdentityArgs.builder()
.type("UserAssigned")
.identityIds(exampleUserAssignedIdentity.id())
.build())
.resourceGroups("""
{
"ResourceGroup": {
"name": "exampleRG-bp"
}
}
""")
.parameterValues("""
{
"allowedlocationsforresourcegroups_listOfAllowedLocations": {
"value": ["westus", "westus2", "eastus", "centralus", "centraluseuap", "southcentralus", "northcentralus", "westcentralus", "eastus2", "eastus2euap", "brazilsouth", "brazilus", "northeurope", "westeurope", "eastasia", "southeastasia", "japanwest", "japaneast", "koreacentral", "koreasouth", "indiasouth", "indiawest", "indiacentral", "australiaeast", "australiasoutheast", "canadacentral", "canadaeast", "uknorth", "uksouth2", "uksouth", "ukwest", "francecentral", "francesouth", "australiacentral", "australiacentral2", "uaecentral", "uaenorth", "southafricanorth", "southafricawest", "switzerlandnorth", "switzerlandwest", "germanynorth", "germanywestcentral", "norwayeast", "norwaywest"]
}
}
""")
.build(), CustomResourceOptions.builder()
.dependsOn(
operator,
owner)
.build());
}
}
resources:
exampleResourceGroup:
type: azure:core:ResourceGroup
name: example
properties:
name: exampleRG-bp
location: West Europe
tags:
Environment: example
exampleUserAssignedIdentity:
type: azure:authorization:UserAssignedIdentity
name: example
properties:
resourceGroupName: ${exampleResourceGroup.name}
location: ${exampleResourceGroup.location}
name: bp-user-example
operator:
type: azure:authorization:Assignment
properties:
scope: ${example.id}
roleDefinitionName: Blueprint Operator
principalId: ${exampleUserAssignedIdentity.principalId}
owner:
type: azure:authorization:Assignment
properties:
scope: ${example.id}
roleDefinitionName: Owner
principalId: ${exampleUserAssignedIdentity.principalId}
exampleAssignment:
type: azure:blueprint:Assignment
name: example
properties:
name: testAccBPAssignment
targetSubscriptionId: ${example.id}
versionId: ${exampleGetPublishedVersion.id}
location: ${exampleResourceGroup.location}
lockMode: AllResourcesDoNotDelete
lockExcludePrincipals:
- ${current.objectId}
identity:
type: UserAssigned
identityIds:
- ${exampleUserAssignedIdentity.id}
resourceGroups: |2
{
"ResourceGroup": {
"name": "exampleRG-bp"
}
}
parameterValues: |2
{
"allowedlocationsforresourcegroups_listOfAllowedLocations": {
"value": ["westus", "westus2", "eastus", "centralus", "centraluseuap", "southcentralus", "northcentralus", "westcentralus", "eastus2", "eastus2euap", "brazilsouth", "brazilus", "northeurope", "westeurope", "eastasia", "southeastasia", "japanwest", "japaneast", "koreacentral", "koreasouth", "indiasouth", "indiawest", "indiacentral", "australiaeast", "australiasoutheast", "canadacentral", "canadaeast", "uknorth", "uksouth2", "uksouth", "ukwest", "francecentral", "francesouth", "australiacentral", "australiacentral2", "uaecentral", "uaenorth", "southafricanorth", "southafricawest", "switzerlandnorth", "switzerlandwest", "germanynorth", "germanywestcentral", "norwayeast", "norwaywest"]
}
}
options:
dependsOn:
- ${operator}
- ${owner}
variables:
current:
fn::invoke:
function: azure:core:getClientConfig
arguments: {}
example:
fn::invoke:
function: azure:core:getSubscription
arguments: {}
exampleGetDefinition:
fn::invoke:
function: azure:blueprint:getDefinition
arguments:
name: exampleBlueprint
scopeId: ${example.id}
exampleGetPublishedVersion:
fn::invoke:
function: azure:blueprint:getPublishedVersion
arguments:
scopeId: ${exampleGetDefinition.scopeId}
blueprintName: ${exampleGetDefinition.name}
version: v1.0.0
Create Assignment Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Assignment(name: string, args: AssignmentArgs, opts?: CustomResourceOptions);@overload
def Assignment(resource_name: str,
args: AssignmentArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Assignment(resource_name: str,
opts: Optional[ResourceOptions] = None,
identity: Optional[AssignmentIdentityArgs] = None,
target_subscription_id: Optional[str] = None,
version_id: Optional[str] = None,
location: Optional[str] = None,
lock_exclude_actions: Optional[Sequence[str]] = None,
lock_exclude_principals: Optional[Sequence[str]] = None,
lock_mode: Optional[str] = None,
name: Optional[str] = None,
parameter_values: Optional[str] = None,
resource_groups: Optional[str] = None)func NewAssignment(ctx *Context, name string, args AssignmentArgs, opts ...ResourceOption) (*Assignment, error)public Assignment(string name, AssignmentArgs args, CustomResourceOptions? opts = null)
public Assignment(String name, AssignmentArgs args)
public Assignment(String name, AssignmentArgs args, CustomResourceOptions options)
type: azure:blueprint:Assignment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AssignmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AssignmentArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AssignmentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AssignmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AssignmentArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var azureAssignmentResource = new Azure.Blueprint.Assignment("azureAssignmentResource", new()
{
Identity = new Azure.Blueprint.Inputs.AssignmentIdentityArgs
{
Type = "string",
IdentityIds = new[]
{
"string",
},
PrincipalId = "string",
TenantId = "string",
},
TargetSubscriptionId = "string",
VersionId = "string",
Location = "string",
LockExcludeActions = new[]
{
"string",
},
LockExcludePrincipals = new[]
{
"string",
},
LockMode = "string",
Name = "string",
ParameterValues = "string",
ResourceGroups = "string",
});
example, err := blueprint.NewAssignment(ctx, "azureAssignmentResource", &blueprint.AssignmentArgs{
Identity: &blueprint.AssignmentIdentityArgs{
Type: pulumi.String("string"),
IdentityIds: pulumi.StringArray{
pulumi.String("string"),
},
PrincipalId: pulumi.String("string"),
TenantId: pulumi.String("string"),
},
TargetSubscriptionId: pulumi.String("string"),
VersionId: pulumi.String("string"),
Location: pulumi.String("string"),
LockExcludeActions: pulumi.StringArray{
pulumi.String("string"),
},
LockExcludePrincipals: pulumi.StringArray{
pulumi.String("string"),
},
LockMode: pulumi.String("string"),
Name: pulumi.String("string"),
ParameterValues: pulumi.String("string"),
ResourceGroups: pulumi.String("string"),
})
var azureAssignmentResource = new com.pulumi.azure.blueprint.Assignment("azureAssignmentResource", com.pulumi.azure.blueprint.AssignmentArgs.builder()
.identity(AssignmentIdentityArgs.builder()
.type("string")
.identityIds("string")
.principalId("string")
.tenantId("string")
.build())
.targetSubscriptionId("string")
.versionId("string")
.location("string")
.lockExcludeActions("string")
.lockExcludePrincipals("string")
.lockMode("string")
.name("string")
.parameterValues("string")
.resourceGroups("string")
.build());
azure_assignment_resource = azure.blueprint.Assignment("azureAssignmentResource",
identity={
"type": "string",
"identity_ids": ["string"],
"principal_id": "string",
"tenant_id": "string",
},
target_subscription_id="string",
version_id="string",
location="string",
lock_exclude_actions=["string"],
lock_exclude_principals=["string"],
lock_mode="string",
name="string",
parameter_values="string",
resource_groups="string")
const azureAssignmentResource = new azure.blueprint.Assignment("azureAssignmentResource", {
identity: {
type: "string",
identityIds: ["string"],
principalId: "string",
tenantId: "string",
},
targetSubscriptionId: "string",
versionId: "string",
location: "string",
lockExcludeActions: ["string"],
lockExcludePrincipals: ["string"],
lockMode: "string",
name: "string",
parameterValues: "string",
resourceGroups: "string",
});
type: azure:blueprint:Assignment
properties:
identity:
identityIds:
- string
principalId: string
tenantId: string
type: string
location: string
lockExcludeActions:
- string
lockExcludePrincipals:
- string
lockMode: string
name: string
parameterValues: string
resourceGroups: string
targetSubscriptionId: string
versionId: string
Assignment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Assignment resource accepts the following input properties:
- Identity
Assignment
Identity - An
identityblock as defined below. - Target
Subscription stringId - The Subscription ID the Blueprint Published Version is to be applied to. Changing this forces a new resource to be created.
- Version
Id string - The ID of the Published Version of the blueprint to be assigned.
- Location string
- The Azure location of the Assignment. Changing this forces a new resource to be created.
- Lock
Exclude List<string>Actions - a list of up to 200 actions that are permitted to bypass the locks applied by the Blueprint.
- Lock
Exclude List<string>Principals - a list of up to 5 Principal IDs that are permitted to bypass the locks applied by the Blueprint.
- Lock
Mode string - The locking mode of the Blueprint Assignment. One of
None(Default),AllResourcesReadOnly, orAllResourcesDoNotDelete. Defaults toNone. - Name string
- The name of the Blueprint Assignment. Changing this forces a new resource to be created.
- Parameter
Values string a JSON string to supply Blueprint Assignment parameter values.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- Resource
Groups string a JSON string to supply the Blueprint Resource Group information.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- Identity
Assignment
Identity Args - An
identityblock as defined below. - Target
Subscription stringId - The Subscription ID the Blueprint Published Version is to be applied to. Changing this forces a new resource to be created.
- Version
Id string - The ID of the Published Version of the blueprint to be assigned.
- Location string
- The Azure location of the Assignment. Changing this forces a new resource to be created.
- Lock
Exclude []stringActions - a list of up to 200 actions that are permitted to bypass the locks applied by the Blueprint.
- Lock
Exclude []stringPrincipals - a list of up to 5 Principal IDs that are permitted to bypass the locks applied by the Blueprint.
- Lock
Mode string - The locking mode of the Blueprint Assignment. One of
None(Default),AllResourcesReadOnly, orAllResourcesDoNotDelete. Defaults toNone. - Name string
- The name of the Blueprint Assignment. Changing this forces a new resource to be created.
- Parameter
Values string a JSON string to supply Blueprint Assignment parameter values.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- Resource
Groups string a JSON string to supply the Blueprint Resource Group information.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- identity
Assignment
Identity - An
identityblock as defined below. - target
Subscription StringId - The Subscription ID the Blueprint Published Version is to be applied to. Changing this forces a new resource to be created.
- version
Id String - The ID of the Published Version of the blueprint to be assigned.
- location String
- The Azure location of the Assignment. Changing this forces a new resource to be created.
- lock
Exclude List<String>Actions - a list of up to 200 actions that are permitted to bypass the locks applied by the Blueprint.
- lock
Exclude List<String>Principals - a list of up to 5 Principal IDs that are permitted to bypass the locks applied by the Blueprint.
- lock
Mode String - The locking mode of the Blueprint Assignment. One of
None(Default),AllResourcesReadOnly, orAllResourcesDoNotDelete. Defaults toNone. - name String
- The name of the Blueprint Assignment. Changing this forces a new resource to be created.
- parameter
Values String a JSON string to supply Blueprint Assignment parameter values.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- resource
Groups String a JSON string to supply the Blueprint Resource Group information.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- identity
Assignment
Identity - An
identityblock as defined below. - target
Subscription stringId - The Subscription ID the Blueprint Published Version is to be applied to. Changing this forces a new resource to be created.
- version
Id string - The ID of the Published Version of the blueprint to be assigned.
- location string
- The Azure location of the Assignment. Changing this forces a new resource to be created.
- lock
Exclude string[]Actions - a list of up to 200 actions that are permitted to bypass the locks applied by the Blueprint.
- lock
Exclude string[]Principals - a list of up to 5 Principal IDs that are permitted to bypass the locks applied by the Blueprint.
- lock
Mode string - The locking mode of the Blueprint Assignment. One of
None(Default),AllResourcesReadOnly, orAllResourcesDoNotDelete. Defaults toNone. - name string
- The name of the Blueprint Assignment. Changing this forces a new resource to be created.
- parameter
Values string a JSON string to supply Blueprint Assignment parameter values.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- resource
Groups string a JSON string to supply the Blueprint Resource Group information.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- identity
Assignment
Identity Args - An
identityblock as defined below. - target_
subscription_ strid - The Subscription ID the Blueprint Published Version is to be applied to. Changing this forces a new resource to be created.
- version_
id str - The ID of the Published Version of the blueprint to be assigned.
- location str
- The Azure location of the Assignment. Changing this forces a new resource to be created.
- lock_
exclude_ Sequence[str]actions - a list of up to 200 actions that are permitted to bypass the locks applied by the Blueprint.
- lock_
exclude_ Sequence[str]principals - a list of up to 5 Principal IDs that are permitted to bypass the locks applied by the Blueprint.
- lock_
mode str - The locking mode of the Blueprint Assignment. One of
None(Default),AllResourcesReadOnly, orAllResourcesDoNotDelete. Defaults toNone. - name str
- The name of the Blueprint Assignment. Changing this forces a new resource to be created.
- parameter_
values str a JSON string to supply Blueprint Assignment parameter values.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- resource_
groups str a JSON string to supply the Blueprint Resource Group information.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- identity Property Map
- An
identityblock as defined below. - target
Subscription StringId - The Subscription ID the Blueprint Published Version is to be applied to. Changing this forces a new resource to be created.
- version
Id String - The ID of the Published Version of the blueprint to be assigned.
- location String
- The Azure location of the Assignment. Changing this forces a new resource to be created.
- lock
Exclude List<String>Actions - a list of up to 200 actions that are permitted to bypass the locks applied by the Blueprint.
- lock
Exclude List<String>Principals - a list of up to 5 Principal IDs that are permitted to bypass the locks applied by the Blueprint.
- lock
Mode String - The locking mode of the Blueprint Assignment. One of
None(Default),AllResourcesReadOnly, orAllResourcesDoNotDelete. Defaults toNone. - name String
- The name of the Blueprint Assignment. Changing this forces a new resource to be created.
- parameter
Values String a JSON string to supply Blueprint Assignment parameter values.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- resource
Groups String a JSON string to supply the Blueprint Resource Group information.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
Outputs
All input properties are implicitly available as output properties. Additionally, the Assignment resource produces the following output properties:
- Blueprint
Name string - The name of the blueprint assigned
- Description string
- The Description on the Blueprint
- Display
Name string - The display name of the blueprint
- Id string
- The provider-assigned unique ID for this managed resource.
- Type string
- Blueprint
Name string - The name of the blueprint assigned
- Description string
- The Description on the Blueprint
- Display
Name string - The display name of the blueprint
- Id string
- The provider-assigned unique ID for this managed resource.
- Type string
- blueprint
Name String - The name of the blueprint assigned
- description String
- The Description on the Blueprint
- display
Name String - The display name of the blueprint
- id String
- The provider-assigned unique ID for this managed resource.
- type String
- blueprint
Name string - The name of the blueprint assigned
- description string
- The Description on the Blueprint
- display
Name string - The display name of the blueprint
- id string
- The provider-assigned unique ID for this managed resource.
- type string
- blueprint_
name str - The name of the blueprint assigned
- description str
- The Description on the Blueprint
- display_
name str - The display name of the blueprint
- id str
- The provider-assigned unique ID for this managed resource.
- type str
- blueprint
Name String - The name of the blueprint assigned
- description String
- The Description on the Blueprint
- display
Name String - The display name of the blueprint
- id String
- The provider-assigned unique ID for this managed resource.
- type String
Look up Existing Assignment Resource
Get an existing Assignment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AssignmentState, opts?: CustomResourceOptions): Assignment@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
blueprint_name: Optional[str] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
identity: Optional[AssignmentIdentityArgs] = None,
location: Optional[str] = None,
lock_exclude_actions: Optional[Sequence[str]] = None,
lock_exclude_principals: Optional[Sequence[str]] = None,
lock_mode: Optional[str] = None,
name: Optional[str] = None,
parameter_values: Optional[str] = None,
resource_groups: Optional[str] = None,
target_subscription_id: Optional[str] = None,
type: Optional[str] = None,
version_id: Optional[str] = None) -> Assignmentfunc GetAssignment(ctx *Context, name string, id IDInput, state *AssignmentState, opts ...ResourceOption) (*Assignment, error)public static Assignment Get(string name, Input<string> id, AssignmentState? state, CustomResourceOptions? opts = null)public static Assignment get(String name, Output<String> id, AssignmentState state, CustomResourceOptions options)resources: _: type: azure:blueprint:Assignment get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Blueprint
Name string - The name of the blueprint assigned
- Description string
- The Description on the Blueprint
- Display
Name string - The display name of the blueprint
- Identity
Assignment
Identity - An
identityblock as defined below. - Location string
- The Azure location of the Assignment. Changing this forces a new resource to be created.
- Lock
Exclude List<string>Actions - a list of up to 200 actions that are permitted to bypass the locks applied by the Blueprint.
- Lock
Exclude List<string>Principals - a list of up to 5 Principal IDs that are permitted to bypass the locks applied by the Blueprint.
- Lock
Mode string - The locking mode of the Blueprint Assignment. One of
None(Default),AllResourcesReadOnly, orAllResourcesDoNotDelete. Defaults toNone. - Name string
- The name of the Blueprint Assignment. Changing this forces a new resource to be created.
- Parameter
Values string a JSON string to supply Blueprint Assignment parameter values.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- Resource
Groups string a JSON string to supply the Blueprint Resource Group information.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- Target
Subscription stringId - The Subscription ID the Blueprint Published Version is to be applied to. Changing this forces a new resource to be created.
- Type string
- Version
Id string - The ID of the Published Version of the blueprint to be assigned.
- Blueprint
Name string - The name of the blueprint assigned
- Description string
- The Description on the Blueprint
- Display
Name string - The display name of the blueprint
- Identity
Assignment
Identity Args - An
identityblock as defined below. - Location string
- The Azure location of the Assignment. Changing this forces a new resource to be created.
- Lock
Exclude []stringActions - a list of up to 200 actions that are permitted to bypass the locks applied by the Blueprint.
- Lock
Exclude []stringPrincipals - a list of up to 5 Principal IDs that are permitted to bypass the locks applied by the Blueprint.
- Lock
Mode string - The locking mode of the Blueprint Assignment. One of
None(Default),AllResourcesReadOnly, orAllResourcesDoNotDelete. Defaults toNone. - Name string
- The name of the Blueprint Assignment. Changing this forces a new resource to be created.
- Parameter
Values string a JSON string to supply Blueprint Assignment parameter values.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- Resource
Groups string a JSON string to supply the Blueprint Resource Group information.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- Target
Subscription stringId - The Subscription ID the Blueprint Published Version is to be applied to. Changing this forces a new resource to be created.
- Type string
- Version
Id string - The ID of the Published Version of the blueprint to be assigned.
- blueprint
Name String - The name of the blueprint assigned
- description String
- The Description on the Blueprint
- display
Name String - The display name of the blueprint
- identity
Assignment
Identity - An
identityblock as defined below. - location String
- The Azure location of the Assignment. Changing this forces a new resource to be created.
- lock
Exclude List<String>Actions - a list of up to 200 actions that are permitted to bypass the locks applied by the Blueprint.
- lock
Exclude List<String>Principals - a list of up to 5 Principal IDs that are permitted to bypass the locks applied by the Blueprint.
- lock
Mode String - The locking mode of the Blueprint Assignment. One of
None(Default),AllResourcesReadOnly, orAllResourcesDoNotDelete. Defaults toNone. - name String
- The name of the Blueprint Assignment. Changing this forces a new resource to be created.
- parameter
Values String a JSON string to supply Blueprint Assignment parameter values.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- resource
Groups String a JSON string to supply the Blueprint Resource Group information.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- target
Subscription StringId - The Subscription ID the Blueprint Published Version is to be applied to. Changing this forces a new resource to be created.
- type String
- version
Id String - The ID of the Published Version of the blueprint to be assigned.
- blueprint
Name string - The name of the blueprint assigned
- description string
- The Description on the Blueprint
- display
Name string - The display name of the blueprint
- identity
Assignment
Identity - An
identityblock as defined below. - location string
- The Azure location of the Assignment. Changing this forces a new resource to be created.
- lock
Exclude string[]Actions - a list of up to 200 actions that are permitted to bypass the locks applied by the Blueprint.
- lock
Exclude string[]Principals - a list of up to 5 Principal IDs that are permitted to bypass the locks applied by the Blueprint.
- lock
Mode string - The locking mode of the Blueprint Assignment. One of
None(Default),AllResourcesReadOnly, orAllResourcesDoNotDelete. Defaults toNone. - name string
- The name of the Blueprint Assignment. Changing this forces a new resource to be created.
- parameter
Values string a JSON string to supply Blueprint Assignment parameter values.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- resource
Groups string a JSON string to supply the Blueprint Resource Group information.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- target
Subscription stringId - The Subscription ID the Blueprint Published Version is to be applied to. Changing this forces a new resource to be created.
- type string
- version
Id string - The ID of the Published Version of the blueprint to be assigned.
- blueprint_
name str - The name of the blueprint assigned
- description str
- The Description on the Blueprint
- display_
name str - The display name of the blueprint
- identity
Assignment
Identity Args - An
identityblock as defined below. - location str
- The Azure location of the Assignment. Changing this forces a new resource to be created.
- lock_
exclude_ Sequence[str]actions - a list of up to 200 actions that are permitted to bypass the locks applied by the Blueprint.
- lock_
exclude_ Sequence[str]principals - a list of up to 5 Principal IDs that are permitted to bypass the locks applied by the Blueprint.
- lock_
mode str - The locking mode of the Blueprint Assignment. One of
None(Default),AllResourcesReadOnly, orAllResourcesDoNotDelete. Defaults toNone. - name str
- The name of the Blueprint Assignment. Changing this forces a new resource to be created.
- parameter_
values str a JSON string to supply Blueprint Assignment parameter values.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- resource_
groups str a JSON string to supply the Blueprint Resource Group information.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- target_
subscription_ strid - The Subscription ID the Blueprint Published Version is to be applied to. Changing this forces a new resource to be created.
- type str
- version_
id str - The ID of the Published Version of the blueprint to be assigned.
- blueprint
Name String - The name of the blueprint assigned
- description String
- The Description on the Blueprint
- display
Name String - The display name of the blueprint
- identity Property Map
- An
identityblock as defined below. - location String
- The Azure location of the Assignment. Changing this forces a new resource to be created.
- lock
Exclude List<String>Actions - a list of up to 200 actions that are permitted to bypass the locks applied by the Blueprint.
- lock
Exclude List<String>Principals - a list of up to 5 Principal IDs that are permitted to bypass the locks applied by the Blueprint.
- lock
Mode String - The locking mode of the Blueprint Assignment. One of
None(Default),AllResourcesReadOnly, orAllResourcesDoNotDelete. Defaults toNone. - name String
- The name of the Blueprint Assignment. Changing this forces a new resource to be created.
- parameter
Values String a JSON string to supply Blueprint Assignment parameter values.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- resource
Groups String a JSON string to supply the Blueprint Resource Group information.
NOTE: Improperly formatted JSON, or missing values required by a Blueprint will cause the assignment to fail.
- target
Subscription StringId - The Subscription ID the Blueprint Published Version is to be applied to. Changing this forces a new resource to be created.
- type String
- version
Id String - The ID of the Published Version of the blueprint to be assigned.
Supporting Types
AssignmentIdentity, AssignmentIdentityArgs
- Type string
- Specifies the type of Managed Service Identity that should be configured on this Blueprint. Possible values are
SystemAssignedandUserAssigned. - Identity
Ids List<string> - Specifies a list of User Assigned Managed Identity IDs to be assigned to this Blueprint.
- Principal
Id string - Tenant
Id string
- Type string
- Specifies the type of Managed Service Identity that should be configured on this Blueprint. Possible values are
SystemAssignedandUserAssigned. - Identity
Ids []string - Specifies a list of User Assigned Managed Identity IDs to be assigned to this Blueprint.
- Principal
Id string - Tenant
Id string
- type String
- Specifies the type of Managed Service Identity that should be configured on this Blueprint. Possible values are
SystemAssignedandUserAssigned. - identity
Ids List<String> - Specifies a list of User Assigned Managed Identity IDs to be assigned to this Blueprint.
- principal
Id String - tenant
Id String
- type string
- Specifies the type of Managed Service Identity that should be configured on this Blueprint. Possible values are
SystemAssignedandUserAssigned. - identity
Ids string[] - Specifies a list of User Assigned Managed Identity IDs to be assigned to this Blueprint.
- principal
Id string - tenant
Id string
- type str
- Specifies the type of Managed Service Identity that should be configured on this Blueprint. Possible values are
SystemAssignedandUserAssigned. - identity_
ids Sequence[str] - Specifies a list of User Assigned Managed Identity IDs to be assigned to this Blueprint.
- principal_
id str - tenant_
id str
- type String
- Specifies the type of Managed Service Identity that should be configured on this Blueprint. Possible values are
SystemAssignedandUserAssigned. - identity
Ids List<String> - Specifies a list of User Assigned Managed Identity IDs to be assigned to this Blueprint.
- principal
Id String - tenant
Id String
Import
Azure Blueprint Assignments can be imported using the resource id, e.g.
$ pulumi import azure:blueprint/assignment:Assignment example "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Blueprint/blueprintAssignments/assignSimpleBlueprint"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.