1. Packages
  2. Azure Active Directory (Azure AD)
  3. API Docs
  4. ApplicationAppRole
Azure Active Directory (Azure AD) v5.52.0 published on Friday, Jun 14, 2024 by Pulumi

azuread.ApplicationAppRole

Explore with Pulumi AI

azuread logo
Azure Active Directory (Azure AD) v5.52.0 published on Friday, Jun 14, 2024 by Pulumi

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azuread from "@pulumi/azuread";
    import * as random from "@pulumi/random";
    
    const example = new azuread.ApplicationRegistration("example", {displayName: "example"});
    const exampleAdministrator = new random.RandomUuid("example_administrator", {});
    const exampleAdminister = new azuread.ApplicationAppRole("example_administer", {
        applicationId: example.id,
        roleId: exampleAdministrator.id,
        allowedMemberTypes: ["User"],
        description: "My role description",
        displayName: "Administer",
        value: "admin",
    });
    
    import pulumi
    import pulumi_azuread as azuread
    import pulumi_random as random
    
    example = azuread.ApplicationRegistration("example", display_name="example")
    example_administrator = random.RandomUuid("example_administrator")
    example_administer = azuread.ApplicationAppRole("example_administer",
        application_id=example.id,
        role_id=example_administrator.id,
        allowed_member_types=["User"],
        description="My role description",
        display_name="Administer",
        value="admin")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
    	"github.com/pulumi/pulumi-random/sdk/v4/go/random"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := azuread.NewApplicationRegistration(ctx, "example", &azuread.ApplicationRegistrationArgs{
    			DisplayName: pulumi.String("example"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleAdministrator, err := random.NewRandomUuid(ctx, "example_administrator", nil)
    		if err != nil {
    			return err
    		}
    		_, err = azuread.NewApplicationAppRole(ctx, "example_administer", &azuread.ApplicationAppRoleArgs{
    			ApplicationId: example.ID(),
    			RoleId:        exampleAdministrator.ID(),
    			AllowedMemberTypes: pulumi.StringArray{
    				pulumi.String("User"),
    			},
    			Description: pulumi.String("My role description"),
    			DisplayName: pulumi.String("Administer"),
    			Value:       pulumi.String("admin"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureAD = Pulumi.AzureAD;
    using Random = Pulumi.Random;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new AzureAD.ApplicationRegistration("example", new()
        {
            DisplayName = "example",
        });
    
        var exampleAdministrator = new Random.RandomUuid("example_administrator");
    
        var exampleAdminister = new AzureAD.ApplicationAppRole("example_administer", new()
        {
            ApplicationId = example.Id,
            RoleId = exampleAdministrator.Id,
            AllowedMemberTypes = new[]
            {
                "User",
            },
            Description = "My role description",
            DisplayName = "Administer",
            Value = "admin",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuread.ApplicationRegistration;
    import com.pulumi.azuread.ApplicationRegistrationArgs;
    import com.pulumi.random.RandomUuid;
    import com.pulumi.azuread.ApplicationAppRole;
    import com.pulumi.azuread.ApplicationAppRoleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ApplicationRegistration("example", ApplicationRegistrationArgs.builder()
                .displayName("example")
                .build());
    
            var exampleAdministrator = new RandomUuid("exampleAdministrator");
    
            var exampleAdminister = new ApplicationAppRole("exampleAdminister", ApplicationAppRoleArgs.builder()
                .applicationId(example.id())
                .roleId(exampleAdministrator.id())
                .allowedMemberTypes("User")
                .description("My role description")
                .displayName("Administer")
                .value("admin")
                .build());
    
        }
    }
    
    resources:
      example:
        type: azuread:ApplicationRegistration
        properties:
          displayName: example
      exampleAdministrator:
        type: random:RandomUuid
        name: example_administrator
      exampleAdminister:
        type: azuread:ApplicationAppRole
        name: example_administer
        properties:
          applicationId: ${example.id}
          roleId: ${exampleAdministrator.id}
          allowedMemberTypes:
            - User
          description: My role description
          displayName: Administer
          value: admin
    

    Tip For managing more app roles, create additional instances of this resource

    Usage with azuread.Application resource

    import * as pulumi from "@pulumi/pulumi";
    import * as azuread from "@pulumi/azuread";
    
    const example = new azuread.Application("example", {displayName: "example"});
    const exampleAdminister = new azuread.ApplicationAppRole("example_administer", {applicationId: example.id});
    
    import pulumi
    import pulumi_azuread as azuread
    
    example = azuread.Application("example", display_name="example")
    example_administer = azuread.ApplicationAppRole("example_administer", application_id=example.id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := azuread.NewApplication(ctx, "example", &azuread.ApplicationArgs{
    			DisplayName: pulumi.String("example"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = azuread.NewApplicationAppRole(ctx, "example_administer", &azuread.ApplicationAppRoleArgs{
    			ApplicationId: example.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureAD = Pulumi.AzureAD;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new AzureAD.Application("example", new()
        {
            DisplayName = "example",
        });
    
        var exampleAdminister = new AzureAD.ApplicationAppRole("example_administer", new()
        {
            ApplicationId = example.Id,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuread.Application;
    import com.pulumi.azuread.ApplicationArgs;
    import com.pulumi.azuread.ApplicationAppRole;
    import com.pulumi.azuread.ApplicationAppRoleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Application("example", ApplicationArgs.builder()
                .displayName("example")
                .build());
    
            var exampleAdminister = new ApplicationAppRole("exampleAdminister", ApplicationAppRoleArgs.builder()
                .applicationId(example.id())
                .build());
    
        }
    }
    
    resources:
      example:
        type: azuread:Application
        properties:
          displayName: example
      exampleAdminister:
        type: azuread:ApplicationAppRole
        name: example_administer
        properties:
          applicationId: ${example.id}
    

    Create ApplicationAppRole Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ApplicationAppRole(name: string, args: ApplicationAppRoleArgs, opts?: CustomResourceOptions);
    @overload
    def ApplicationAppRole(resource_name: str,
                           args: ApplicationAppRoleInitArgs,
                           opts: Optional[ResourceOptions] = None)
    
    @overload
    def ApplicationAppRole(resource_name: str,
                           opts: Optional[ResourceOptions] = None,
                           allowed_member_types: Optional[Sequence[str]] = None,
                           application_id: Optional[str] = None,
                           description: Optional[str] = None,
                           display_name: Optional[str] = None,
                           role_id: Optional[str] = None,
                           value: Optional[str] = None)
    func NewApplicationAppRole(ctx *Context, name string, args ApplicationAppRoleArgs, opts ...ResourceOption) (*ApplicationAppRole, error)
    public ApplicationAppRole(string name, ApplicationAppRoleArgs args, CustomResourceOptions? opts = null)
    public ApplicationAppRole(String name, ApplicationAppRoleArgs args)
    public ApplicationAppRole(String name, ApplicationAppRoleArgs args, CustomResourceOptions options)
    
    type: azuread:ApplicationAppRole
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ApplicationAppRoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ApplicationAppRoleInitArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ApplicationAppRoleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ApplicationAppRoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ApplicationAppRoleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var applicationAppRoleResource = new AzureAD.ApplicationAppRole("applicationAppRoleResource", new()
    {
        AllowedMemberTypes = new[]
        {
            "string",
        },
        ApplicationId = "string",
        Description = "string",
        DisplayName = "string",
        RoleId = "string",
        Value = "string",
    });
    
    example, err := azuread.NewApplicationAppRole(ctx, "applicationAppRoleResource", &azuread.ApplicationAppRoleArgs{
    	AllowedMemberTypes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ApplicationId: pulumi.String("string"),
    	Description:   pulumi.String("string"),
    	DisplayName:   pulumi.String("string"),
    	RoleId:        pulumi.String("string"),
    	Value:         pulumi.String("string"),
    })
    
    var applicationAppRoleResource = new ApplicationAppRole("applicationAppRoleResource", ApplicationAppRoleArgs.builder()
        .allowedMemberTypes("string")
        .applicationId("string")
        .description("string")
        .displayName("string")
        .roleId("string")
        .value("string")
        .build());
    
    application_app_role_resource = azuread.ApplicationAppRole("applicationAppRoleResource",
        allowed_member_types=["string"],
        application_id="string",
        description="string",
        display_name="string",
        role_id="string",
        value="string")
    
    const applicationAppRoleResource = new azuread.ApplicationAppRole("applicationAppRoleResource", {
        allowedMemberTypes: ["string"],
        applicationId: "string",
        description: "string",
        displayName: "string",
        roleId: "string",
        value: "string",
    });
    
    type: azuread:ApplicationAppRole
    properties:
        allowedMemberTypes:
            - string
        applicationId: string
        description: string
        displayName: string
        roleId: string
        value: string
    

    ApplicationAppRole Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ApplicationAppRole resource accepts the following input properties:

    AllowedMemberTypes List<string>
    A set of values to specify whether this app role definition can be assigned to users and groups by setting to User, or to other applications by setting to Application, or to both.
    ApplicationId string
    The resource ID of the application registration. Changing this forces a new resource to be created.
    Description string
    Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
    DisplayName string
    Display name for the app role that appears during app role assignment and in consent experiences.
    RoleId string
    The unique identifier of the app role
    Value string

    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    AllowedMemberTypes []string
    A set of values to specify whether this app role definition can be assigned to users and groups by setting to User, or to other applications by setting to Application, or to both.
    ApplicationId string
    The resource ID of the application registration. Changing this forces a new resource to be created.
    Description string
    Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
    DisplayName string
    Display name for the app role that appears during app role assignment and in consent experiences.
    RoleId string
    The unique identifier of the app role
    Value string

    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    allowedMemberTypes List<String>
    A set of values to specify whether this app role definition can be assigned to users and groups by setting to User, or to other applications by setting to Application, or to both.
    applicationId String
    The resource ID of the application registration. Changing this forces a new resource to be created.
    description String
    Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
    displayName String
    Display name for the app role that appears during app role assignment and in consent experiences.
    roleId String
    The unique identifier of the app role
    value String

    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    allowedMemberTypes string[]
    A set of values to specify whether this app role definition can be assigned to users and groups by setting to User, or to other applications by setting to Application, or to both.
    applicationId string
    The resource ID of the application registration. Changing this forces a new resource to be created.
    description string
    Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
    displayName string
    Display name for the app role that appears during app role assignment and in consent experiences.
    roleId string
    The unique identifier of the app role
    value string

    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    allowed_member_types Sequence[str]
    A set of values to specify whether this app role definition can be assigned to users and groups by setting to User, or to other applications by setting to Application, or to both.
    application_id str
    The resource ID of the application registration. Changing this forces a new resource to be created.
    description str
    Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
    display_name str
    Display name for the app role that appears during app role assignment and in consent experiences.
    role_id str
    The unique identifier of the app role
    value str

    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    allowedMemberTypes List<String>
    A set of values to specify whether this app role definition can be assigned to users and groups by setting to User, or to other applications by setting to Application, or to both.
    applicationId String
    The resource ID of the application registration. Changing this forces a new resource to be created.
    description String
    Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
    displayName String
    Display name for the app role that appears during app role assignment and in consent experiences.
    roleId String
    The unique identifier of the app role
    value String

    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ApplicationAppRole resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing ApplicationAppRole Resource

    Get an existing ApplicationAppRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ApplicationAppRoleState, opts?: CustomResourceOptions): ApplicationAppRole
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allowed_member_types: Optional[Sequence[str]] = None,
            application_id: Optional[str] = None,
            description: Optional[str] = None,
            display_name: Optional[str] = None,
            role_id: Optional[str] = None,
            value: Optional[str] = None) -> ApplicationAppRole
    func GetApplicationAppRole(ctx *Context, name string, id IDInput, state *ApplicationAppRoleState, opts ...ResourceOption) (*ApplicationAppRole, error)
    public static ApplicationAppRole Get(string name, Input<string> id, ApplicationAppRoleState? state, CustomResourceOptions? opts = null)
    public static ApplicationAppRole get(String name, Output<String> id, ApplicationAppRoleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowedMemberTypes List<string>
    A set of values to specify whether this app role definition can be assigned to users and groups by setting to User, or to other applications by setting to Application, or to both.
    ApplicationId string
    The resource ID of the application registration. Changing this forces a new resource to be created.
    Description string
    Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
    DisplayName string
    Display name for the app role that appears during app role assignment and in consent experiences.
    RoleId string
    The unique identifier of the app role
    Value string

    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    AllowedMemberTypes []string
    A set of values to specify whether this app role definition can be assigned to users and groups by setting to User, or to other applications by setting to Application, or to both.
    ApplicationId string
    The resource ID of the application registration. Changing this forces a new resource to be created.
    Description string
    Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
    DisplayName string
    Display name for the app role that appears during app role assignment and in consent experiences.
    RoleId string
    The unique identifier of the app role
    Value string

    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    allowedMemberTypes List<String>
    A set of values to specify whether this app role definition can be assigned to users and groups by setting to User, or to other applications by setting to Application, or to both.
    applicationId String
    The resource ID of the application registration. Changing this forces a new resource to be created.
    description String
    Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
    displayName String
    Display name for the app role that appears during app role assignment and in consent experiences.
    roleId String
    The unique identifier of the app role
    value String

    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    allowedMemberTypes string[]
    A set of values to specify whether this app role definition can be assigned to users and groups by setting to User, or to other applications by setting to Application, or to both.
    applicationId string
    The resource ID of the application registration. Changing this forces a new resource to be created.
    description string
    Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
    displayName string
    Display name for the app role that appears during app role assignment and in consent experiences.
    roleId string
    The unique identifier of the app role
    value string

    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    allowed_member_types Sequence[str]
    A set of values to specify whether this app role definition can be assigned to users and groups by setting to User, or to other applications by setting to Application, or to both.
    application_id str
    The resource ID of the application registration. Changing this forces a new resource to be created.
    description str
    Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
    display_name str
    Display name for the app role that appears during app role assignment and in consent experiences.
    role_id str
    The unique identifier of the app role
    value str

    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    allowedMemberTypes List<String>
    A set of values to specify whether this app role definition can be assigned to users and groups by setting to User, or to other applications by setting to Application, or to both.
    applicationId String
    The resource ID of the application registration. Changing this forces a new resource to be created.
    description String
    Description of the app role that appears when the role is being assigned, and if the role functions as an application permissions, during the consent experiences.
    displayName String
    Display name for the app role that appears during app role assignment and in consent experiences.
    roleId String
    The unique identifier of the app role
    value String

    The value that is used for the roles claim in ID tokens and OAuth 2.0 access tokens that are authenticating an assigned service or user principal.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    Import

    Application App Roles can be imported using the object ID of the application and the ID of the app role, in the following format.

    $ pulumi import azuread:index/applicationAppRole:ApplicationAppRole example /applications/00000000-0000-0000-0000-000000000000/appRoles/11111111-1111-1111-1111-111111111111
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Active Directory (Azure AD) pulumi/pulumi-azuread
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azuread Terraform Provider.
    azuread logo
    Azure Active Directory (Azure AD) v5.52.0 published on Friday, Jun 14, 2024 by Pulumi