azuread.ApplicationFederatedIdentityCredential
Explore with Pulumi AI
Import
Federated Identity Credentials can be imported using the object ID of the associated application and the ID of the federated identity credential, e.g.
$ pulumi import azuread:index/applicationFederatedIdentityCredential:ApplicationFederatedIdentityCredential test 00000000-0000-0000-0000-000000000000/federatedIdentityCredential/11111111-1111-1111-1111-111111111111
-> This ID format is unique to Terraform and is composed of the application’s object ID, the string “federatedIdentityCredential” and the credential ID in the format {ObjectId}/federatedIdentityCredential/{CredentialId}
.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var exampleApplication = new AzureAD.Application("exampleApplication", new()
{
DisplayName = "example",
});
var exampleApplicationFederatedIdentityCredential = new AzureAD.ApplicationFederatedIdentityCredential("exampleApplicationFederatedIdentityCredential", new()
{
ApplicationObjectId = exampleApplication.ObjectId,
DisplayName = "my-repo-deploy",
Description = "Deployments for my-repo",
Audiences = new[]
{
"api://AzureADTokenExchange",
},
Issuer = "https://token.actions.githubusercontent.com",
Subject = "repo:my-organization/my-repo:environment:prod",
});
});
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleApplication, err := azuread.NewApplication(ctx, "exampleApplication", &azuread.ApplicationArgs{
DisplayName: pulumi.String("example"),
})
if err != nil {
return err
}
_, err = azuread.NewApplicationFederatedIdentityCredential(ctx, "exampleApplicationFederatedIdentityCredential", &azuread.ApplicationFederatedIdentityCredentialArgs{
ApplicationObjectId: exampleApplication.ObjectId,
DisplayName: pulumi.String("my-repo-deploy"),
Description: pulumi.String("Deployments for my-repo"),
Audiences: pulumi.StringArray{
pulumi.String("api://AzureADTokenExchange"),
},
Issuer: pulumi.String("https://token.actions.githubusercontent.com"),
Subject: pulumi.String("repo:my-organization/my-repo:environment:prod"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.Application;
import com.pulumi.azuread.ApplicationArgs;
import com.pulumi.azuread.ApplicationFederatedIdentityCredential;
import com.pulumi.azuread.ApplicationFederatedIdentityCredentialArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleApplication = new Application("exampleApplication", ApplicationArgs.builder()
.displayName("example")
.build());
var exampleApplicationFederatedIdentityCredential = new ApplicationFederatedIdentityCredential("exampleApplicationFederatedIdentityCredential", ApplicationFederatedIdentityCredentialArgs.builder()
.applicationObjectId(exampleApplication.objectId())
.displayName("my-repo-deploy")
.description("Deployments for my-repo")
.audiences("api://AzureADTokenExchange")
.issuer("https://token.actions.githubusercontent.com")
.subject("repo:my-organization/my-repo:environment:prod")
.build());
}
}
import pulumi
import pulumi_azuread as azuread
example_application = azuread.Application("exampleApplication", display_name="example")
example_application_federated_identity_credential = azuread.ApplicationFederatedIdentityCredential("exampleApplicationFederatedIdentityCredential",
application_object_id=example_application.object_id,
display_name="my-repo-deploy",
description="Deployments for my-repo",
audiences=["api://AzureADTokenExchange"],
issuer="https://token.actions.githubusercontent.com",
subject="repo:my-organization/my-repo:environment:prod")
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const exampleApplication = new azuread.Application("exampleApplication", {displayName: "example"});
const exampleApplicationFederatedIdentityCredential = new azuread.ApplicationFederatedIdentityCredential("exampleApplicationFederatedIdentityCredential", {
applicationObjectId: exampleApplication.objectId,
displayName: "my-repo-deploy",
description: "Deployments for my-repo",
audiences: ["api://AzureADTokenExchange"],
issuer: "https://token.actions.githubusercontent.com",
subject: "repo:my-organization/my-repo:environment:prod",
});
resources:
exampleApplication:
type: azuread:Application
properties:
displayName: example
exampleApplicationFederatedIdentityCredential:
type: azuread:ApplicationFederatedIdentityCredential
properties:
applicationObjectId: ${exampleApplication.objectId}
displayName: my-repo-deploy
description: Deployments for my-repo
audiences:
- api://AzureADTokenExchange
issuer: https://token.actions.githubusercontent.com
subject: repo:my-organization/my-repo:environment:prod
Create ApplicationFederatedIdentityCredential Resource
new ApplicationFederatedIdentityCredential(name: string, args: ApplicationFederatedIdentityCredentialArgs, opts?: CustomResourceOptions);
@overload
def ApplicationFederatedIdentityCredential(resource_name: str,
opts: Optional[ResourceOptions] = None,
application_object_id: Optional[str] = None,
audiences: Optional[Sequence[str]] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
issuer: Optional[str] = None,
subject: Optional[str] = None)
@overload
def ApplicationFederatedIdentityCredential(resource_name: str,
args: ApplicationFederatedIdentityCredentialArgs,
opts: Optional[ResourceOptions] = None)
func NewApplicationFederatedIdentityCredential(ctx *Context, name string, args ApplicationFederatedIdentityCredentialArgs, opts ...ResourceOption) (*ApplicationFederatedIdentityCredential, error)
public ApplicationFederatedIdentityCredential(string name, ApplicationFederatedIdentityCredentialArgs args, CustomResourceOptions? opts = null)
public ApplicationFederatedIdentityCredential(String name, ApplicationFederatedIdentityCredentialArgs args)
public ApplicationFederatedIdentityCredential(String name, ApplicationFederatedIdentityCredentialArgs args, CustomResourceOptions options)
type: azuread:ApplicationFederatedIdentityCredential
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ApplicationFederatedIdentityCredentialArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ApplicationFederatedIdentityCredentialArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ApplicationFederatedIdentityCredentialArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ApplicationFederatedIdentityCredentialArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ApplicationFederatedIdentityCredentialArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
ApplicationFederatedIdentityCredential Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ApplicationFederatedIdentityCredential resource accepts the following input properties:
- Application
Object stringId The object ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
- Audiences List<string>
List of audiences that can appear in the external token. This specifies what should be accepted in the
aud
claim of incoming tokens.- Display
Name string A unique display name for the federated identity credential. Changing this forces a new resource to be created.
- Issuer string
The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
- Subject string
The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
- Description string
A description for the federated identity credential.
- Application
Object stringId The object ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
- Audiences []string
List of audiences that can appear in the external token. This specifies what should be accepted in the
aud
claim of incoming tokens.- Display
Name string A unique display name for the federated identity credential. Changing this forces a new resource to be created.
- Issuer string
The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
- Subject string
The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
- Description string
A description for the federated identity credential.
- application
Object StringId The object ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
- audiences List<String>
List of audiences that can appear in the external token. This specifies what should be accepted in the
aud
claim of incoming tokens.- display
Name String A unique display name for the federated identity credential. Changing this forces a new resource to be created.
- issuer String
The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
- subject String
The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
- description String
A description for the federated identity credential.
- application
Object stringId The object ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
- audiences string[]
List of audiences that can appear in the external token. This specifies what should be accepted in the
aud
claim of incoming tokens.- display
Name string A unique display name for the federated identity credential. Changing this forces a new resource to be created.
- issuer string
The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
- subject string
The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
- description string
A description for the federated identity credential.
- application_
object_ strid The object ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
- audiences Sequence[str]
List of audiences that can appear in the external token. This specifies what should be accepted in the
aud
claim of incoming tokens.- display_
name str A unique display name for the federated identity credential. Changing this forces a new resource to be created.
- issuer str
The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
- subject str
The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
- description str
A description for the federated identity credential.
- application
Object StringId The object ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
- audiences List<String>
List of audiences that can appear in the external token. This specifies what should be accepted in the
aud
claim of incoming tokens.- display
Name String A unique display name for the federated identity credential. Changing this forces a new resource to be created.
- issuer String
The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
- subject String
The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
- description String
A description for the federated identity credential.
Outputs
All input properties are implicitly available as output properties. Additionally, the ApplicationFederatedIdentityCredential resource produces the following output properties:
- Credential
Id string A UUID used to uniquely identify this federated identity credential.
- Id string
The provider-assigned unique ID for this managed resource.
- Credential
Id string A UUID used to uniquely identify this federated identity credential.
- Id string
The provider-assigned unique ID for this managed resource.
- credential
Id String A UUID used to uniquely identify this federated identity credential.
- id String
The provider-assigned unique ID for this managed resource.
- credential
Id string A UUID used to uniquely identify this federated identity credential.
- id string
The provider-assigned unique ID for this managed resource.
- credential_
id str A UUID used to uniquely identify this federated identity credential.
- id str
The provider-assigned unique ID for this managed resource.
- credential
Id String A UUID used to uniquely identify this federated identity credential.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing ApplicationFederatedIdentityCredential Resource
Get an existing ApplicationFederatedIdentityCredential resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ApplicationFederatedIdentityCredentialState, opts?: CustomResourceOptions): ApplicationFederatedIdentityCredential
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
application_object_id: Optional[str] = None,
audiences: Optional[Sequence[str]] = None,
credential_id: Optional[str] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
issuer: Optional[str] = None,
subject: Optional[str] = None) -> ApplicationFederatedIdentityCredential
func GetApplicationFederatedIdentityCredential(ctx *Context, name string, id IDInput, state *ApplicationFederatedIdentityCredentialState, opts ...ResourceOption) (*ApplicationFederatedIdentityCredential, error)
public static ApplicationFederatedIdentityCredential Get(string name, Input<string> id, ApplicationFederatedIdentityCredentialState? state, CustomResourceOptions? opts = null)
public static ApplicationFederatedIdentityCredential get(String name, Output<String> id, ApplicationFederatedIdentityCredentialState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Application
Object stringId The object ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
- Audiences List<string>
List of audiences that can appear in the external token. This specifies what should be accepted in the
aud
claim of incoming tokens.- Credential
Id string A UUID used to uniquely identify this federated identity credential.
- Description string
A description for the federated identity credential.
- Display
Name string A unique display name for the federated identity credential. Changing this forces a new resource to be created.
- Issuer string
The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
- Subject string
The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
- Application
Object stringId The object ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
- Audiences []string
List of audiences that can appear in the external token. This specifies what should be accepted in the
aud
claim of incoming tokens.- Credential
Id string A UUID used to uniquely identify this federated identity credential.
- Description string
A description for the federated identity credential.
- Display
Name string A unique display name for the federated identity credential. Changing this forces a new resource to be created.
- Issuer string
The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
- Subject string
The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
- application
Object StringId The object ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
- audiences List<String>
List of audiences that can appear in the external token. This specifies what should be accepted in the
aud
claim of incoming tokens.- credential
Id String A UUID used to uniquely identify this federated identity credential.
- description String
A description for the federated identity credential.
- display
Name String A unique display name for the federated identity credential. Changing this forces a new resource to be created.
- issuer String
The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
- subject String
The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
- application
Object stringId The object ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
- audiences string[]
List of audiences that can appear in the external token. This specifies what should be accepted in the
aud
claim of incoming tokens.- credential
Id string A UUID used to uniquely identify this federated identity credential.
- description string
A description for the federated identity credential.
- display
Name string A unique display name for the federated identity credential. Changing this forces a new resource to be created.
- issuer string
The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
- subject string
The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
- application_
object_ strid The object ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
- audiences Sequence[str]
List of audiences that can appear in the external token. This specifies what should be accepted in the
aud
claim of incoming tokens.- credential_
id str A UUID used to uniquely identify this federated identity credential.
- description str
A description for the federated identity credential.
- display_
name str A unique display name for the federated identity credential. Changing this forces a new resource to be created.
- issuer str
The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
- subject str
The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
- application
Object StringId The object ID of the application for which this federated identity credential should be created. Changing this field forces a new resource to be created.
- audiences List<String>
List of audiences that can appear in the external token. This specifies what should be accepted in the
aud
claim of incoming tokens.- credential
Id String A UUID used to uniquely identify this federated identity credential.
- description String
A description for the federated identity credential.
- display
Name String A unique display name for the federated identity credential. Changing this forces a new resource to be created.
- issuer String
The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app.
- subject String
The identifier of the external software workload within the external identity provider. The combination of issuer and subject must be unique on the app.
Package Details
- Repository
- Azure Active Directory (Azure AD) pulumi/pulumi-azuread
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azuread
Terraform Provider.