diff --git a/provider/cmd/pulumi-resource-azure-native/schema.json b/provider/cmd/pulumi-resource-azure-native/schema.json index 16c7adb60058..592ecb06ec0d 100644 --- a/provider/cmd/pulumi-resource-azure-native/schema.json +++ b/provider/cmd/pulumi-resource-azure-native/schema.json @@ -22719,6 +22719,61 @@ "roleDefinitionId" ] }, + "azure-native:authorization:ApprovalMode": { + "description": "The type of rule", + "type": "string", + "enum": [ + { + "value": "SingleStage" + }, + { + "value": "Serial" + }, + { + "value": "Parallel" + }, + { + "value": "NoApproval" + } + ] + }, + "azure-native:authorization:ApprovalSettings": { + "description": "The approval settings.", + "properties": { + "approvalMode": { + "oneOf": [ + { + "type": "string" + }, + { + "$ref": "#/types/azure-native:authorization:ApprovalMode" + } + ], + "description": "The type of rule" + }, + "approvalStages": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/types/azure-native:authorization:ApprovalStage" + }, + "description": "The approval stages of the request." + }, + "isApprovalRequired": { + "type": "boolean", + "description": "Determines whether approval is required or not." + }, + "isApprovalRequiredForExtension": { + "type": "boolean", + "description": "Determines whether approval is required for assignment extension." + }, + "isRequestorJustificationRequired": { + "type": "boolean", + "description": "Determine whether requestor justification is required." + } + }, + "type": "object" + }, "azure-native:authorization:ApprovalSettingsResponse": { "description": "The approval settings.", "properties": { @@ -22749,6 +22804,44 @@ }, "type": "object" }, + "azure-native:authorization:ApprovalStage": { + "description": "The approval stage.", + "properties": { + "approvalStageTimeOutInDays": { + "type": "integer", + "description": "The time in days when approval request would be timed out" + }, + "escalationApprovers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/types/azure-native:authorization:UserSet" + }, + "description": "The escalation approver of the request." + }, + "escalationTimeInMinutes": { + "type": "integer", + "description": "The time in minutes when the approval request would be escalated if the primary approver does not approve" + }, + "isApproverJustificationRequired": { + "type": "boolean", + "description": "Determines whether approver need to provide justification for his decision." + }, + "isEscalationEnabled": { + "type": "boolean", + "description": "The value determine whether escalation feature is enabled." + }, + "primaryApprovers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/types/azure-native:authorization:UserSet" + }, + "description": "The primary approver of the request." + } + }, + "type": "object" + }, "azure-native:authorization:ApprovalStageResponse": { "description": "The approval stage.", "properties": { @@ -22816,6 +22909,21 @@ } ] }, + "azure-native:authorization:EnablementRules": { + "description": "The type of enablement rule", + "type": "string", + "enum": [ + { + "value": "MultiFactorAuthentication" + }, + { + "value": "Justification" + }, + { + "value": "Ticketing" + } + ] + }, "azure-native:authorization:EnforcementMode": { "description": "The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.", "type": "string", @@ -22830,6 +22938,17 @@ } ] }, + "azure-native:authorization:ExcludedPrincipalTypes": { + "type": "string", + "enum": [ + { + "value": "ServicePrincipalsAsTarget" + }, + { + "value": "ServicePrincipalsAsRequestor" + } + ] + }, "azure-native:authorization:ExemptionCategory": { "description": "The policy exemption category. Possible values are Waiver and Mitigated.", "type": "string", @@ -22977,6 +23096,30 @@ "message" ] }, + "azure-native:authorization:NotificationDeliveryMechanism": { + "description": "The type of notification.", + "type": "string", + "enum": [ + { + "value": "Email" + } + ] + }, + "azure-native:authorization:NotificationLevel": { + "description": "The notification level.", + "type": "string", + "enum": [ + { + "value": "None" + }, + { + "value": "Critical" + }, + { + "value": "All" + } + ] + }, "azure-native:authorization:Override": { "description": "The policy property value override.", "properties": { @@ -23038,6 +23181,85 @@ }, "type": "object" }, + "azure-native:authorization:PIMOnlyMode": { + "description": "Determines whether the setting is enabled, disabled or report only.", + "type": "string", + "enum": [ + { + "value": "Disabled" + }, + { + "value": "Enabled" + }, + { + "value": "ReportOnly" + } + ] + }, + "azure-native:authorization:PIMOnlyModeSettings": { + "description": "The PIM Only Mode settings.", + "properties": { + "excludedAssignmentTypes": { + "type": "array", + "items": { + "oneOf": [ + { + "type": "string" + }, + { + "$ref": "#/types/azure-native:authorization:ExcludedPrincipalTypes" + } + ] + }, + "description": "The list of excluded assignment types allowed." + }, + "excludes": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/types/azure-native:authorization:UsersOrServicePrincipalSet" + }, + "description": "The list of excluded entities that the rule does not apply to." + }, + "mode": { + "oneOf": [ + { + "type": "string" + }, + { + "$ref": "#/types/azure-native:authorization:PIMOnlyMode" + } + ], + "description": "Determines whether the setting is enabled, disabled or report only." + } + }, + "type": "object" + }, + "azure-native:authorization:PIMOnlyModeSettingsResponse": { + "description": "The PIM Only Mode settings.", + "properties": { + "excludedAssignmentTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of excluded assignment types allowed." + }, + "excludes": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/types/azure-native:authorization:UsersOrServicePrincipalSetResponse" + }, + "description": "The list of excluded entities that the rule does not apply to." + }, + "mode": { + "type": "string", + "description": "Determines whether the setting is enabled, disabled or report only." + } + }, + "type": "object" + }, "azure-native:authorization:ParameterDefinitionsValue": { "description": "The definition of a parameter that can be provided to the policy.", "properties": { @@ -23551,6 +23773,38 @@ "type" ] }, + "azure-native:authorization:PolicyPropertiesResponse": { + "description": "Expanded info of resource scope", + "properties": { + "scope": { + "type": "object", + "$ref": "#/types/azure-native:authorization:PolicyPropertiesResponseScope", + "description": "Details of the resource scope" + } + }, + "type": "object", + "required": [ + "scope" + ] + }, + "azure-native:authorization:PolicyPropertiesResponseScope": { + "description": "Details of the resource scope", + "properties": { + "displayName": { + "type": "string", + "description": "Display name of the resource" + }, + "id": { + "type": "string", + "description": "Scope id of the resource" + }, + "type": { + "type": "string", + "description": "Type of the resource" + } + }, + "type": "object" + }, "azure-native:authorization:PolicySetDefinitionVersionResponse": { "description": "The policy set definition version.", "properties": { @@ -23799,6 +24053,21 @@ } ] }, + "azure-native:authorization:RecipientType": { + "description": "The recipient type.", + "type": "string", + "enum": [ + { + "value": "Requestor" + }, + { + "value": "Approver" + }, + { + "value": "Admin" + } + ] + }, "azure-native:authorization:ResourceIdentityType": { "description": "The identity type. This is the only required field when adding a system or user assigned identity to a resource.", "type": "string", @@ -23865,6 +24134,34 @@ }, "type": "object" }, + "azure-native:authorization:RoleManagementPolicyApprovalRule": { + "description": "The role management policy approval rule.", + "properties": { + "id": { + "type": "string", + "description": "The id of the rule." + }, + "ruleType": { + "type": "string", + "description": "The type of rule\nExpected value is 'RoleManagementPolicyApprovalRule'.", + "const": "RoleManagementPolicyApprovalRule" + }, + "setting": { + "type": "object", + "$ref": "#/types/azure-native:authorization:ApprovalSettings", + "description": "The approval setting" + }, + "target": { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyRuleTarget", + "description": "The target of the current rule." + } + }, + "type": "object", + "required": [ + "ruleType" + ] + }, "azure-native:authorization:RoleManagementPolicyApprovalRuleResponse": { "description": "The role management policy approval rule.", "properties": { @@ -23893,6 +24190,37 @@ "ruleType" ] }, + "azure-native:authorization:RoleManagementPolicyAuthenticationContextRule": { + "description": "The role management policy authentication context rule.", + "properties": { + "claimValue": { + "type": "string", + "description": "The claim value." + }, + "id": { + "type": "string", + "description": "The id of the rule." + }, + "isEnabled": { + "type": "boolean", + "description": "The value indicating if rule is enabled." + }, + "ruleType": { + "type": "string", + "description": "The type of rule\nExpected value is 'RoleManagementPolicyAuthenticationContextRule'.", + "const": "RoleManagementPolicyAuthenticationContextRule" + }, + "target": { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyRuleTarget", + "description": "The target of the current rule." + } + }, + "type": "object", + "required": [ + "ruleType" + ] + }, "azure-native:authorization:RoleManagementPolicyAuthenticationContextRuleResponse": { "description": "The role management policy authentication context rule.", "properties": { @@ -23924,6 +24252,43 @@ "ruleType" ] }, + "azure-native:authorization:RoleManagementPolicyEnablementRule": { + "description": "The role management policy enablement rule.", + "properties": { + "enabledRules": { + "type": "array", + "items": { + "oneOf": [ + { + "type": "string" + }, + { + "$ref": "#/types/azure-native:authorization:EnablementRules" + } + ] + }, + "description": "The list of enabled rules." + }, + "id": { + "type": "string", + "description": "The id of the rule." + }, + "ruleType": { + "type": "string", + "description": "The type of rule\nExpected value is 'RoleManagementPolicyEnablementRule'.", + "const": "RoleManagementPolicyEnablementRule" + }, + "target": { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyRuleTarget", + "description": "The target of the current rule." + } + }, + "type": "object", + "required": [ + "ruleType" + ] + }, "azure-native:authorization:RoleManagementPolicyEnablementRuleResponse": { "description": "The role management policy enablement rule.", "properties": { @@ -23954,9 +24319,56 @@ "ruleType" ] }, + "azure-native:authorization:RoleManagementPolicyExpirationRule": { + "description": "The role management policy expiration rule.", + "properties": { + "exceptionMembers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/types/azure-native:authorization:UserSet" + }, + "description": "The members not restricted by expiration rule." + }, + "id": { + "type": "string", + "description": "The id of the rule." + }, + "isExpirationRequired": { + "type": "boolean", + "description": "The value indicating whether expiration is required." + }, + "maximumDuration": { + "type": "string", + "description": "The maximum duration of expiration in timespan." + }, + "ruleType": { + "type": "string", + "description": "The type of rule\nExpected value is 'RoleManagementPolicyExpirationRule'.", + "const": "RoleManagementPolicyExpirationRule" + }, + "target": { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyRuleTarget", + "description": "The target of the current rule." + } + }, + "type": "object", + "required": [ + "ruleType" + ] + }, "azure-native:authorization:RoleManagementPolicyExpirationRuleResponse": { "description": "The role management policy expiration rule.", "properties": { + "exceptionMembers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/types/azure-native:authorization:UserSetResponse" + }, + "description": "The members not restricted by expiration rule." + }, "id": { "type": "string", "description": "The id of the rule." @@ -23985,6 +24397,73 @@ "ruleType" ] }, + "azure-native:authorization:RoleManagementPolicyNotificationRule": { + "description": "The role management policy notification rule.", + "properties": { + "id": { + "type": "string", + "description": "The id of the rule." + }, + "isDefaultRecipientsEnabled": { + "type": "boolean", + "description": "Determines if the notification will be sent to the recipient type specified in the policy rule." + }, + "notificationLevel": { + "oneOf": [ + { + "type": "string" + }, + { + "$ref": "#/types/azure-native:authorization:NotificationLevel" + } + ], + "description": "The notification level." + }, + "notificationRecipients": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of notification recipients." + }, + "notificationType": { + "oneOf": [ + { + "type": "string" + }, + { + "$ref": "#/types/azure-native:authorization:NotificationDeliveryMechanism" + } + ], + "description": "The type of notification." + }, + "recipientType": { + "oneOf": [ + { + "type": "string" + }, + { + "$ref": "#/types/azure-native:authorization:RecipientType" + } + ], + "description": "The recipient type." + }, + "ruleType": { + "type": "string", + "description": "The type of rule\nExpected value is 'RoleManagementPolicyNotificationRule'.", + "const": "RoleManagementPolicyNotificationRule" + }, + "target": { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyRuleTarget", + "description": "The target of the current rule." + } + }, + "type": "object", + "required": [ + "ruleType" + ] + }, "azure-native:authorization:RoleManagementPolicyNotificationRuleResponse": { "description": "The role management policy notification rule.", "properties": { @@ -24031,6 +24510,104 @@ "ruleType" ] }, + "azure-native:authorization:RoleManagementPolicyPimOnlyModeRule": { + "description": "The role management policy PIM only mode rule.", + "properties": { + "id": { + "type": "string", + "description": "The id of the rule." + }, + "pimOnlyModeSettings": { + "type": "object", + "$ref": "#/types/azure-native:authorization:PIMOnlyModeSettings", + "description": "The PIM Only Mode settings" + }, + "ruleType": { + "type": "string", + "description": "The type of rule\nExpected value is 'RoleManagementPolicyPimOnlyModeRule'.", + "const": "RoleManagementPolicyPimOnlyModeRule" + }, + "target": { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyRuleTarget", + "description": "The target of the current rule." + } + }, + "type": "object", + "required": [ + "ruleType" + ] + }, + "azure-native:authorization:RoleManagementPolicyPimOnlyModeRuleResponse": { + "description": "The role management policy PIM only mode rule.", + "properties": { + "id": { + "type": "string", + "description": "The id of the rule." + }, + "pimOnlyModeSettings": { + "type": "object", + "$ref": "#/types/azure-native:authorization:PIMOnlyModeSettingsResponse", + "description": "The PIM Only Mode settings" + }, + "ruleType": { + "type": "string", + "description": "The type of rule\nExpected value is 'RoleManagementPolicyPimOnlyModeRule'.", + "const": "RoleManagementPolicyPimOnlyModeRule" + }, + "target": { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyRuleTargetResponse", + "description": "The target of the current rule." + } + }, + "type": "object", + "required": [ + "ruleType" + ] + }, + "azure-native:authorization:RoleManagementPolicyRuleTarget": { + "description": "The role management policy rule target.", + "properties": { + "caller": { + "type": "string", + "description": "The caller of the setting." + }, + "enforcedSettings": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of enforced settings." + }, + "inheritableSettings": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of inheritable settings." + }, + "level": { + "type": "string", + "description": "The assignment level to which rule is applied." + }, + "operations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The type of operation." + }, + "targetObjects": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of target objects." + } + }, + "type": "object" + }, "azure-native:authorization:RoleManagementPolicyRuleTargetResponse": { "description": "The role management policy rule target.", "properties": { @@ -24073,6 +24650,30 @@ }, "type": "object" }, + "azure-native:authorization:RoleManagementPolicyRuleType": { + "description": "The type of rule", + "type": "string", + "enum": [ + { + "value": "RoleManagementPolicyApprovalRule" + }, + { + "value": "RoleManagementPolicyAuthenticationContextRule" + }, + { + "value": "RoleManagementPolicyEnablementRule" + }, + { + "value": "RoleManagementPolicyExpirationRule" + }, + { + "value": "RoleManagementPolicyNotificationRule" + }, + { + "value": "RoleManagementPolicyPimOnlyModeRule" + } + ] + }, "azure-native:authorization:Selector": { "description": "The selector expression.", "properties": { @@ -24180,6 +24781,35 @@ }, "type": "object" }, + "azure-native:authorization:UserSet": { + "description": "The detail of a user.", + "properties": { + "description": { + "type": "string", + "description": "The description of the user." + }, + "id": { + "type": "string", + "description": "The object id of the user." + }, + "isBackup": { + "type": "boolean", + "description": "The value indicating whether the user is a backup fallback approver" + }, + "userType": { + "oneOf": [ + { + "type": "string" + }, + { + "$ref": "#/types/azure-native:authorization:UserType" + } + ], + "description": "The type of user." + } + }, + "type": "object" + }, "azure-native:authorization:UserSetResponse": { "description": "The detail of a user.", "properties": { @@ -24202,6 +24832,64 @@ }, "type": "object" }, + "azure-native:authorization:UserType": { + "description": "The type of user.", + "type": "string", + "enum": [ + { + "value": "User" + }, + { + "value": "Group" + }, + { + "value": "ServicePrincipal" + } + ] + }, + "azure-native:authorization:UsersOrServicePrincipalSet": { + "description": "The detail of a subject.", + "properties": { + "displayName": { + "type": "string", + "description": "The display Name of the entity." + }, + "id": { + "type": "string", + "description": "The object id of the entity." + }, + "type": { + "oneOf": [ + { + "type": "string" + }, + { + "$ref": "#/types/azure-native:authorization:UserType" + } + ], + "description": "The type of user." + } + }, + "type": "object" + }, + "azure-native:authorization:UsersOrServicePrincipalSetResponse": { + "description": "The detail of a subject.", + "properties": { + "displayName": { + "type": "string", + "description": "The display Name of the entity." + }, + "id": { + "type": "string", + "description": "The object id of the entity." + }, + "type": { + "type": "string", + "description": "The type of user." + } + }, + "type": "object" + }, "azure-native:automanage:AccountIdentity": { "description": "Identity for the Automanage account.", "properties": { @@ -557115,6 +557803,227 @@ } ] }, + "azure-native:authorization:RoleManagementPolicy": { + "description": "Role management policy\nAzure REST API version: 2024-09-01-preview.\n\nOther available API versions: 2020-10-01, 2020-10-01-preview, 2024-02-01-preview.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### PatchPartialRoleManagementPolicy\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureNative = Pulumi.AzureNative;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var roleManagementPolicy = new AzureNative.Authorization.RoleManagementPolicy(\"roleManagementPolicy\", new()\n {\n RoleManagementPolicyName = \"570c3619-7688-4b34-b290-2b8bb3ccab2a\",\n Rules = \n {\n new AzureNative.Authorization.Inputs.RoleManagementPolicyExpirationRuleArgs\n {\n Id = \"Expiration_Admin_Eligibility\",\n IsExpirationRequired = false,\n MaximumDuration = \"P180D\",\n RuleType = \"RoleManagementPolicyExpirationRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"Admin\",\n Level = \"Eligibility\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyNotificationRuleArgs\n {\n Id = \"Notification_Admin_Admin_Eligibility\",\n IsDefaultRecipientsEnabled = false,\n NotificationLevel = AzureNative.Authorization.NotificationLevel.Critical,\n NotificationRecipients = new[]\n {\n \"admin_admin_eligible@test.com\",\n },\n NotificationType = AzureNative.Authorization.NotificationDeliveryMechanism.Email,\n RecipientType = AzureNative.Authorization.RecipientType.Admin,\n RuleType = \"RoleManagementPolicyNotificationRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"Admin\",\n Level = \"Eligibility\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n },\n Scope = \"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\",\n });\n\n});\n\n\n```\n\n```go\npackage main\n\nimport (\n\tauthorization \"github.com/pulumi/pulumi-azure-native-sdk/authorization/v2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := authorization.NewRoleManagementPolicy(ctx, \"roleManagementPolicy\", \u0026authorization.RoleManagementPolicyArgs{\n\t\t\tRoleManagementPolicyName: pulumi.String(\"570c3619-7688-4b34-b290-2b8bb3ccab2a\"),\n\t\t\tRules: pulumi.Array{\n\t\t\t\tauthorization.RoleManagementPolicyExpirationRule{\n\t\t\t\t\tId: \"Expiration_Admin_Eligibility\",\n\t\t\t\t\tIsExpirationRequired: false,\n\t\t\t\t\tMaximumDuration: \"P180D\",\n\t\t\t\t\tRuleType: \"RoleManagementPolicyExpirationRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"Admin\",\n\t\t\t\t\t\tLevel: \"Eligibility\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyNotificationRule{\n\t\t\t\t\tId: \"Notification_Admin_Admin_Eligibility\",\n\t\t\t\t\tIsDefaultRecipientsEnabled: false,\n\t\t\t\t\tNotificationLevel: authorization.NotificationLevelCritical,\n\t\t\t\t\tNotificationRecipients: []string{\n\t\t\t\t\t\t\"admin_admin_eligible@test.com\",\n\t\t\t\t\t},\n\t\t\t\t\tNotificationType: authorization.NotificationDeliveryMechanismEmail,\n\t\t\t\t\tRecipientType: authorization.RecipientTypeAdmin,\n\t\t\t\t\tRuleType: \"RoleManagementPolicyNotificationRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"Admin\",\n\t\t\t\t\t\tLevel: \"Eligibility\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tScope: pulumi.String(\"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n\n```\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azurenative.authorization.RoleManagementPolicy;\nimport com.pulumi.azurenative.authorization.RoleManagementPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var roleManagementPolicy = new RoleManagementPolicy(\"roleManagementPolicy\", RoleManagementPolicyArgs.builder()\n .roleManagementPolicyName(\"570c3619-7688-4b34-b290-2b8bb3ccab2a\")\n .rules( \n RoleManagementPolicyExpirationRuleArgs.builder()\n .id(\"Expiration_Admin_Eligibility\")\n .isExpirationRequired(false)\n .maximumDuration(\"P180D\")\n .ruleType(\"RoleManagementPolicyExpirationRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"Admin\")\n .level(\"Eligibility\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyNotificationRuleArgs.builder()\n .id(\"Notification_Admin_Admin_Eligibility\")\n .isDefaultRecipientsEnabled(false)\n .notificationLevel(\"Critical\")\n .notificationRecipients(\"admin_admin_eligible@test.com\")\n .notificationType(\"Email\")\n .recipientType(\"Admin\")\n .ruleType(\"RoleManagementPolicyNotificationRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"Admin\")\n .level(\"Eligibility\")\n .operations(\"All\")\n .build())\n .build())\n .scope(\"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\")\n .build());\n\n }\n}\n\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azure_native from \"@pulumi/azure-native\";\n\nconst roleManagementPolicy = new azure_native.authorization.RoleManagementPolicy(\"roleManagementPolicy\", {\n roleManagementPolicyName: \"570c3619-7688-4b34-b290-2b8bb3ccab2a\",\n rules: [\n {\n id: \"Expiration_Admin_Eligibility\",\n isExpirationRequired: false,\n maximumDuration: \"P180D\",\n ruleType: \"RoleManagementPolicyExpirationRule\",\n target: {\n caller: \"Admin\",\n level: \"Eligibility\",\n operations: [\"All\"],\n },\n },\n {\n id: \"Notification_Admin_Admin_Eligibility\",\n isDefaultRecipientsEnabled: false,\n notificationLevel: azure_native.authorization.NotificationLevel.Critical,\n notificationRecipients: [\"admin_admin_eligible@test.com\"],\n notificationType: azure_native.authorization.NotificationDeliveryMechanism.Email,\n recipientType: azure_native.authorization.RecipientType.Admin,\n ruleType: \"RoleManagementPolicyNotificationRule\",\n target: {\n caller: \"Admin\",\n level: \"Eligibility\",\n operations: [\"All\"],\n },\n },\n ],\n scope: \"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\",\n});\n\n```\n\n```python\nimport pulumi\nimport pulumi_azure_native as azure_native\n\nrole_management_policy = azure_native.authorization.RoleManagementPolicy(\"roleManagementPolicy\",\n role_management_policy_name=\"570c3619-7688-4b34-b290-2b8bb3ccab2a\",\n rules=[\n {\n \"id\": \"Expiration_Admin_Eligibility\",\n \"is_expiration_required\": False,\n \"maximum_duration\": \"P180D\",\n \"rule_type\": \"RoleManagementPolicyExpirationRule\",\n \"target\": {\n \"caller\": \"Admin\",\n \"level\": \"Eligibility\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"id\": \"Notification_Admin_Admin_Eligibility\",\n \"is_default_recipients_enabled\": False,\n \"notification_level\": azure_native.authorization.NotificationLevel.CRITICAL,\n \"notification_recipients\": [\"admin_admin_eligible@test.com\"],\n \"notification_type\": azure_native.authorization.NotificationDeliveryMechanism.EMAIL,\n \"recipient_type\": azure_native.authorization.RecipientType.ADMIN,\n \"rule_type\": \"RoleManagementPolicyNotificationRule\",\n \"target\": {\n \"caller\": \"Admin\",\n \"level\": \"Eligibility\",\n \"operations\": [\"All\"],\n },\n },\n ],\n scope=\"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\")\n\n```\n\n```yaml\nresources:\n roleManagementPolicy:\n type: azure-native:authorization:RoleManagementPolicy\n properties:\n roleManagementPolicyName: 570c3619-7688-4b34-b290-2b8bb3ccab2a\n rules:\n - id: Expiration_Admin_Eligibility\n isExpirationRequired: false\n maximumDuration: P180D\n ruleType: RoleManagementPolicyExpirationRule\n target:\n caller: Admin\n level: Eligibility\n operations:\n - All\n - id: Notification_Admin_Admin_Eligibility\n isDefaultRecipientsEnabled: false\n notificationLevel: Critical\n notificationRecipients:\n - admin_admin_eligible@test.com\n notificationType: Email\n recipientType: Admin\n ruleType: RoleManagementPolicyNotificationRule\n target:\n caller: Admin\n level: Eligibility\n operations:\n - All\n scope: providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\n\n```\n\n{{% /example %}}\n{{% example %}}\n### PatchRoleManagementPolicy\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureNative = Pulumi.AzureNative;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var roleManagementPolicy = new AzureNative.Authorization.RoleManagementPolicy(\"roleManagementPolicy\", new()\n {\n RoleManagementPolicyName = \"570c3619-7688-4b34-b290-2b8bb3ccab2a\",\n Rules = \n {\n new AzureNative.Authorization.Inputs.RoleManagementPolicyExpirationRuleArgs\n {\n Id = \"Expiration_Admin_Eligibility\",\n IsExpirationRequired = false,\n MaximumDuration = \"P180D\",\n RuleType = \"RoleManagementPolicyExpirationRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"Admin\",\n Level = \"Eligibility\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyNotificationRuleArgs\n {\n Id = \"Notification_Admin_Admin_Eligibility\",\n IsDefaultRecipientsEnabled = false,\n NotificationLevel = AzureNative.Authorization.NotificationLevel.Critical,\n NotificationRecipients = new[]\n {\n \"admin_admin_eligible@test.com\",\n },\n NotificationType = AzureNative.Authorization.NotificationDeliveryMechanism.Email,\n RecipientType = AzureNative.Authorization.RecipientType.Admin,\n RuleType = \"RoleManagementPolicyNotificationRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"Admin\",\n Level = \"Eligibility\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyNotificationRuleArgs\n {\n Id = \"Notification_Requestor_Admin_Eligibility\",\n IsDefaultRecipientsEnabled = false,\n NotificationLevel = AzureNative.Authorization.NotificationLevel.Critical,\n NotificationRecipients = new[]\n {\n \"requestor_admin_eligible@test.com\",\n },\n NotificationType = AzureNative.Authorization.NotificationDeliveryMechanism.Email,\n RecipientType = AzureNative.Authorization.RecipientType.Requestor,\n RuleType = \"RoleManagementPolicyNotificationRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"Admin\",\n Level = \"Eligibility\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyNotificationRuleArgs\n {\n Id = \"Notification_Approver_Admin_Eligibility\",\n IsDefaultRecipientsEnabled = false,\n NotificationLevel = AzureNative.Authorization.NotificationLevel.Critical,\n NotificationRecipients = new[]\n {\n \"approver_admin_eligible@test.com\",\n },\n NotificationType = AzureNative.Authorization.NotificationDeliveryMechanism.Email,\n RecipientType = AzureNative.Authorization.RecipientType.Approver,\n RuleType = \"RoleManagementPolicyNotificationRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"Admin\",\n Level = \"Eligibility\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyEnablementRuleArgs\n {\n EnabledRules = new() { },\n Id = \"Enablement_Admin_Eligibility\",\n RuleType = \"RoleManagementPolicyEnablementRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"Admin\",\n Level = \"Eligibility\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyExpirationRuleArgs\n {\n Id = \"Expiration_Admin_Assignment\",\n IsExpirationRequired = false,\n MaximumDuration = \"P90D\",\n RuleType = \"RoleManagementPolicyExpirationRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"Admin\",\n Level = \"Assignment\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyEnablementRuleArgs\n {\n EnabledRules = new[]\n {\n AzureNative.Authorization.EnablementRules.Justification,\n AzureNative.Authorization.EnablementRules.MultiFactorAuthentication,\n },\n Id = \"Enablement_Admin_Assignment\",\n RuleType = \"RoleManagementPolicyEnablementRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"Admin\",\n Level = \"Assignment\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyNotificationRuleArgs\n {\n Id = \"Notification_Admin_Admin_Assignment\",\n IsDefaultRecipientsEnabled = false,\n NotificationLevel = AzureNative.Authorization.NotificationLevel.Critical,\n NotificationRecipients = new[]\n {\n \"admin_admin_member@test.com\",\n },\n NotificationType = AzureNative.Authorization.NotificationDeliveryMechanism.Email,\n RecipientType = AzureNative.Authorization.RecipientType.Admin,\n RuleType = \"RoleManagementPolicyNotificationRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"Admin\",\n Level = \"Assignment\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyNotificationRuleArgs\n {\n Id = \"Notification_Requestor_Admin_Assignment\",\n IsDefaultRecipientsEnabled = false,\n NotificationLevel = AzureNative.Authorization.NotificationLevel.Critical,\n NotificationRecipients = new[]\n {\n \"requestor_admin_member@test.com\",\n },\n NotificationType = AzureNative.Authorization.NotificationDeliveryMechanism.Email,\n RecipientType = AzureNative.Authorization.RecipientType.Requestor,\n RuleType = \"RoleManagementPolicyNotificationRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"Admin\",\n Level = \"Assignment\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyNotificationRuleArgs\n {\n Id = \"Notification_Approver_Admin_Assignment\",\n IsDefaultRecipientsEnabled = false,\n NotificationLevel = AzureNative.Authorization.NotificationLevel.Critical,\n NotificationRecipients = new[]\n {\n \"approver_admin_member@test.com\",\n },\n NotificationType = AzureNative.Authorization.NotificationDeliveryMechanism.Email,\n RecipientType = AzureNative.Authorization.RecipientType.Approver,\n RuleType = \"RoleManagementPolicyNotificationRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"Admin\",\n Level = \"Assignment\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyExpirationRuleArgs\n {\n Id = \"Expiration_EndUser_Assignment\",\n IsExpirationRequired = true,\n MaximumDuration = \"PT7H\",\n RuleType = \"RoleManagementPolicyExpirationRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"EndUser\",\n Level = \"Assignment\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyEnablementRuleArgs\n {\n EnabledRules = new[]\n {\n AzureNative.Authorization.EnablementRules.Justification,\n AzureNative.Authorization.EnablementRules.MultiFactorAuthentication,\n AzureNative.Authorization.EnablementRules.Ticketing,\n },\n Id = \"Enablement_EndUser_Assignment\",\n RuleType = \"RoleManagementPolicyEnablementRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"EndUser\",\n Level = \"Assignment\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyApprovalRuleArgs\n {\n Id = \"Approval_EndUser_Assignment\",\n RuleType = \"RoleManagementPolicyApprovalRule\",\n Setting = new AzureNative.Authorization.Inputs.ApprovalSettingsArgs\n {\n ApprovalMode = AzureNative.Authorization.ApprovalMode.SingleStage,\n ApprovalStages = new[]\n {\n new AzureNative.Authorization.Inputs.ApprovalStageArgs\n {\n ApprovalStageTimeOutInDays = 1,\n EscalationTimeInMinutes = 0,\n IsApproverJustificationRequired = true,\n IsEscalationEnabled = false,\n PrimaryApprovers = new[]\n {\n new AzureNative.Authorization.Inputs.UserSetArgs\n {\n Description = \"amansw_new_group\",\n Id = \"2385b0f3-5fa9-43cf-8ca4-b01dc97298cd\",\n IsBackup = false,\n UserType = AzureNative.Authorization.UserType.Group,\n },\n new AzureNative.Authorization.Inputs.UserSetArgs\n {\n Description = \"amansw_group\",\n Id = \"2f4913c9-d15b-406a-9946-1d66a28f2690\",\n IsBackup = false,\n UserType = AzureNative.Authorization.UserType.Group,\n },\n },\n },\n },\n IsApprovalRequired = true,\n IsApprovalRequiredForExtension = false,\n IsRequestorJustificationRequired = true,\n },\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"EndUser\",\n Level = \"Assignment\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyAuthenticationContextRuleArgs\n {\n ClaimValue = \"\",\n Id = \"AuthenticationContext_EndUser_Assignment\",\n IsEnabled = false,\n RuleType = \"RoleManagementPolicyAuthenticationContextRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"EndUser\",\n Level = \"Assignment\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyNotificationRuleArgs\n {\n Id = \"Notification_Admin_EndUser_Assignment\",\n IsDefaultRecipientsEnabled = false,\n NotificationLevel = AzureNative.Authorization.NotificationLevel.Critical,\n NotificationRecipients = new[]\n {\n \"admin_enduser_member@test.com\",\n },\n NotificationType = AzureNative.Authorization.NotificationDeliveryMechanism.Email,\n RecipientType = AzureNative.Authorization.RecipientType.Admin,\n RuleType = \"RoleManagementPolicyNotificationRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"EndUser\",\n Level = \"Assignment\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyNotificationRuleArgs\n {\n Id = \"Notification_Requestor_EndUser_Assignment\",\n IsDefaultRecipientsEnabled = false,\n NotificationLevel = AzureNative.Authorization.NotificationLevel.Critical,\n NotificationRecipients = new[]\n {\n \"requestor_enduser_member@test.com\",\n },\n NotificationType = AzureNative.Authorization.NotificationDeliveryMechanism.Email,\n RecipientType = AzureNative.Authorization.RecipientType.Requestor,\n RuleType = \"RoleManagementPolicyNotificationRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"EndUser\",\n Level = \"Assignment\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyNotificationRuleArgs\n {\n Id = \"Notification_Approver_EndUser_Assignment\",\n IsDefaultRecipientsEnabled = true,\n NotificationLevel = AzureNative.Authorization.NotificationLevel.Critical,\n NotificationType = AzureNative.Authorization.NotificationDeliveryMechanism.Email,\n RecipientType = AzureNative.Authorization.RecipientType.Approver,\n RuleType = \"RoleManagementPolicyNotificationRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"EndUser\",\n Level = \"Assignment\",\n Operations = new[]\n {\n \"All\",\n },\n },\n },\n new AzureNative.Authorization.Inputs.RoleManagementPolicyPimOnlyModeRuleArgs\n {\n Id = \"PIMOnlyMode_Admin_Assignment\",\n PimOnlyModeSettings = new AzureNative.Authorization.Inputs.PIMOnlyModeSettingsArgs\n {\n ExcludedAssignmentTypes = new[]\n {\n AzureNative.Authorization.ExcludedPrincipalTypes.ServicePrincipalsAsTarget,\n },\n Excludes = new[]\n {\n new AzureNative.Authorization.Inputs.UsersOrServicePrincipalSetArgs\n {\n Id = \"ec42a424-a0c0-4418-8788-d19bdeb03704\",\n Type = AzureNative.Authorization.UserType.User,\n },\n new AzureNative.Authorization.Inputs.UsersOrServicePrincipalSetArgs\n {\n Id = \"00029dfb-0218-4e7a-9a85-c15dc0c880bc\",\n Type = AzureNative.Authorization.UserType.Group,\n },\n new AzureNative.Authorization.Inputs.UsersOrServicePrincipalSetArgs\n {\n Id = \"0000103d-1fc2-4ac8-81de-71517765655c\",\n Type = AzureNative.Authorization.UserType.ServicePrincipal,\n },\n },\n Mode = AzureNative.Authorization.PIMOnlyMode.Enabled,\n },\n RuleType = \"RoleManagementPolicyPimOnlyModeRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"Admin\",\n EnforcedSettings = new[]\n {\n \"all\",\n },\n InheritableSettings = new[]\n {\n \"all\",\n },\n Level = \"Assignment\",\n Operations = new[]\n {\n \"all\",\n },\n TargetObjects = new() { },\n },\n },\n },\n Scope = \"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\",\n });\n\n});\n\n\n```\n\n```go\npackage main\n\nimport (\n\tauthorization \"github.com/pulumi/pulumi-azure-native-sdk/authorization/v2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := authorization.NewRoleManagementPolicy(ctx, \"roleManagementPolicy\", \u0026authorization.RoleManagementPolicyArgs{\n\t\t\tRoleManagementPolicyName: pulumi.String(\"570c3619-7688-4b34-b290-2b8bb3ccab2a\"),\n\t\t\tRules: pulumi.Array{\n\t\t\t\tauthorization.RoleManagementPolicyExpirationRule{\n\t\t\t\t\tId: \"Expiration_Admin_Eligibility\",\n\t\t\t\t\tIsExpirationRequired: false,\n\t\t\t\t\tMaximumDuration: \"P180D\",\n\t\t\t\t\tRuleType: \"RoleManagementPolicyExpirationRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"Admin\",\n\t\t\t\t\t\tLevel: \"Eligibility\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyNotificationRule{\n\t\t\t\t\tId: \"Notification_Admin_Admin_Eligibility\",\n\t\t\t\t\tIsDefaultRecipientsEnabled: false,\n\t\t\t\t\tNotificationLevel: authorization.NotificationLevelCritical,\n\t\t\t\t\tNotificationRecipients: []string{\n\t\t\t\t\t\t\"admin_admin_eligible@test.com\",\n\t\t\t\t\t},\n\t\t\t\t\tNotificationType: authorization.NotificationDeliveryMechanismEmail,\n\t\t\t\t\tRecipientType: authorization.RecipientTypeAdmin,\n\t\t\t\t\tRuleType: \"RoleManagementPolicyNotificationRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"Admin\",\n\t\t\t\t\t\tLevel: \"Eligibility\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyNotificationRule{\n\t\t\t\t\tId: \"Notification_Requestor_Admin_Eligibility\",\n\t\t\t\t\tIsDefaultRecipientsEnabled: false,\n\t\t\t\t\tNotificationLevel: authorization.NotificationLevelCritical,\n\t\t\t\t\tNotificationRecipients: []string{\n\t\t\t\t\t\t\"requestor_admin_eligible@test.com\",\n\t\t\t\t\t},\n\t\t\t\t\tNotificationType: authorization.NotificationDeliveryMechanismEmail,\n\t\t\t\t\tRecipientType: authorization.RecipientTypeRequestor,\n\t\t\t\t\tRuleType: \"RoleManagementPolicyNotificationRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"Admin\",\n\t\t\t\t\t\tLevel: \"Eligibility\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyNotificationRule{\n\t\t\t\t\tId: \"Notification_Approver_Admin_Eligibility\",\n\t\t\t\t\tIsDefaultRecipientsEnabled: false,\n\t\t\t\t\tNotificationLevel: authorization.NotificationLevelCritical,\n\t\t\t\t\tNotificationRecipients: []string{\n\t\t\t\t\t\t\"approver_admin_eligible@test.com\",\n\t\t\t\t\t},\n\t\t\t\t\tNotificationType: authorization.NotificationDeliveryMechanismEmail,\n\t\t\t\t\tRecipientType: authorization.RecipientTypeApprover,\n\t\t\t\t\tRuleType: \"RoleManagementPolicyNotificationRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"Admin\",\n\t\t\t\t\t\tLevel: \"Eligibility\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyEnablementRule{\n\t\t\t\t\tEnabledRules: []authorization.EnablementRules{},\n\t\t\t\t\tId: \"Enablement_Admin_Eligibility\",\n\t\t\t\t\tRuleType: \"RoleManagementPolicyEnablementRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"Admin\",\n\t\t\t\t\t\tLevel: \"Eligibility\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyExpirationRule{\n\t\t\t\t\tId: \"Expiration_Admin_Assignment\",\n\t\t\t\t\tIsExpirationRequired: false,\n\t\t\t\t\tMaximumDuration: \"P90D\",\n\t\t\t\t\tRuleType: \"RoleManagementPolicyExpirationRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"Admin\",\n\t\t\t\t\t\tLevel: \"Assignment\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyEnablementRule{\n\t\t\t\t\tEnabledRules: []authorization.EnablementRules{\n\t\t\t\t\t\tauthorization.EnablementRulesJustification,\n\t\t\t\t\t\tauthorization.EnablementRulesMultiFactorAuthentication,\n\t\t\t\t\t},\n\t\t\t\t\tId: \"Enablement_Admin_Assignment\",\n\t\t\t\t\tRuleType: \"RoleManagementPolicyEnablementRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"Admin\",\n\t\t\t\t\t\tLevel: \"Assignment\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyNotificationRule{\n\t\t\t\t\tId: \"Notification_Admin_Admin_Assignment\",\n\t\t\t\t\tIsDefaultRecipientsEnabled: false,\n\t\t\t\t\tNotificationLevel: authorization.NotificationLevelCritical,\n\t\t\t\t\tNotificationRecipients: []string{\n\t\t\t\t\t\t\"admin_admin_member@test.com\",\n\t\t\t\t\t},\n\t\t\t\t\tNotificationType: authorization.NotificationDeliveryMechanismEmail,\n\t\t\t\t\tRecipientType: authorization.RecipientTypeAdmin,\n\t\t\t\t\tRuleType: \"RoleManagementPolicyNotificationRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"Admin\",\n\t\t\t\t\t\tLevel: \"Assignment\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyNotificationRule{\n\t\t\t\t\tId: \"Notification_Requestor_Admin_Assignment\",\n\t\t\t\t\tIsDefaultRecipientsEnabled: false,\n\t\t\t\t\tNotificationLevel: authorization.NotificationLevelCritical,\n\t\t\t\t\tNotificationRecipients: []string{\n\t\t\t\t\t\t\"requestor_admin_member@test.com\",\n\t\t\t\t\t},\n\t\t\t\t\tNotificationType: authorization.NotificationDeliveryMechanismEmail,\n\t\t\t\t\tRecipientType: authorization.RecipientTypeRequestor,\n\t\t\t\t\tRuleType: \"RoleManagementPolicyNotificationRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"Admin\",\n\t\t\t\t\t\tLevel: \"Assignment\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyNotificationRule{\n\t\t\t\t\tId: \"Notification_Approver_Admin_Assignment\",\n\t\t\t\t\tIsDefaultRecipientsEnabled: false,\n\t\t\t\t\tNotificationLevel: authorization.NotificationLevelCritical,\n\t\t\t\t\tNotificationRecipients: []string{\n\t\t\t\t\t\t\"approver_admin_member@test.com\",\n\t\t\t\t\t},\n\t\t\t\t\tNotificationType: authorization.NotificationDeliveryMechanismEmail,\n\t\t\t\t\tRecipientType: authorization.RecipientTypeApprover,\n\t\t\t\t\tRuleType: \"RoleManagementPolicyNotificationRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"Admin\",\n\t\t\t\t\t\tLevel: \"Assignment\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyExpirationRule{\n\t\t\t\t\tId: \"Expiration_EndUser_Assignment\",\n\t\t\t\t\tIsExpirationRequired: true,\n\t\t\t\t\tMaximumDuration: \"PT7H\",\n\t\t\t\t\tRuleType: \"RoleManagementPolicyExpirationRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"EndUser\",\n\t\t\t\t\t\tLevel: \"Assignment\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyEnablementRule{\n\t\t\t\t\tEnabledRules: []authorization.EnablementRules{\n\t\t\t\t\t\tauthorization.EnablementRulesJustification,\n\t\t\t\t\t\tauthorization.EnablementRulesMultiFactorAuthentication,\n\t\t\t\t\t\tauthorization.EnablementRulesTicketing,\n\t\t\t\t\t},\n\t\t\t\t\tId: \"Enablement_EndUser_Assignment\",\n\t\t\t\t\tRuleType: \"RoleManagementPolicyEnablementRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"EndUser\",\n\t\t\t\t\t\tLevel: \"Assignment\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyApprovalRule{\n\t\t\t\t\tId: \"Approval_EndUser_Assignment\",\n\t\t\t\t\tRuleType: \"RoleManagementPolicyApprovalRule\",\n\t\t\t\t\tSetting: authorization.ApprovalSettings{\n\t\t\t\t\t\tApprovalMode: authorization.ApprovalModeSingleStage,\n\t\t\t\t\t\tApprovalStages: []authorization.ApprovalStage{\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tApprovalStageTimeOutInDays: 1,\n\t\t\t\t\t\t\t\tEscalationTimeInMinutes: 0,\n\t\t\t\t\t\t\t\tIsApproverJustificationRequired: true,\n\t\t\t\t\t\t\t\tIsEscalationEnabled: false,\n\t\t\t\t\t\t\t\tPrimaryApprovers: []authorization.UserSet{\n\t\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\t\tDescription: \"amansw_new_group\",\n\t\t\t\t\t\t\t\t\t\tId: \"2385b0f3-5fa9-43cf-8ca4-b01dc97298cd\",\n\t\t\t\t\t\t\t\t\t\tIsBackup: false,\n\t\t\t\t\t\t\t\t\t\tUserType: authorization.UserTypeGroup,\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\t\tDescription: \"amansw_group\",\n\t\t\t\t\t\t\t\t\t\tId: \"2f4913c9-d15b-406a-9946-1d66a28f2690\",\n\t\t\t\t\t\t\t\t\t\tIsBackup: false,\n\t\t\t\t\t\t\t\t\t\tUserType: authorization.UserTypeGroup,\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tIsApprovalRequired: true,\n\t\t\t\t\t\tIsApprovalRequiredForExtension: false,\n\t\t\t\t\t\tIsRequestorJustificationRequired: true,\n\t\t\t\t\t},\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"EndUser\",\n\t\t\t\t\t\tLevel: \"Assignment\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyAuthenticationContextRule{\n\t\t\t\t\tClaimValue: \"\",\n\t\t\t\t\tId: \"AuthenticationContext_EndUser_Assignment\",\n\t\t\t\t\tIsEnabled: false,\n\t\t\t\t\tRuleType: \"RoleManagementPolicyAuthenticationContextRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"EndUser\",\n\t\t\t\t\t\tLevel: \"Assignment\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyNotificationRule{\n\t\t\t\t\tId: \"Notification_Admin_EndUser_Assignment\",\n\t\t\t\t\tIsDefaultRecipientsEnabled: false,\n\t\t\t\t\tNotificationLevel: authorization.NotificationLevelCritical,\n\t\t\t\t\tNotificationRecipients: []string{\n\t\t\t\t\t\t\"admin_enduser_member@test.com\",\n\t\t\t\t\t},\n\t\t\t\t\tNotificationType: authorization.NotificationDeliveryMechanismEmail,\n\t\t\t\t\tRecipientType: authorization.RecipientTypeAdmin,\n\t\t\t\t\tRuleType: \"RoleManagementPolicyNotificationRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"EndUser\",\n\t\t\t\t\t\tLevel: \"Assignment\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyNotificationRule{\n\t\t\t\t\tId: \"Notification_Requestor_EndUser_Assignment\",\n\t\t\t\t\tIsDefaultRecipientsEnabled: false,\n\t\t\t\t\tNotificationLevel: authorization.NotificationLevelCritical,\n\t\t\t\t\tNotificationRecipients: []string{\n\t\t\t\t\t\t\"requestor_enduser_member@test.com\",\n\t\t\t\t\t},\n\t\t\t\t\tNotificationType: authorization.NotificationDeliveryMechanismEmail,\n\t\t\t\t\tRecipientType: authorization.RecipientTypeRequestor,\n\t\t\t\t\tRuleType: \"RoleManagementPolicyNotificationRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"EndUser\",\n\t\t\t\t\t\tLevel: \"Assignment\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyNotificationRule{\n\t\t\t\t\tId: \"Notification_Approver_EndUser_Assignment\",\n\t\t\t\t\tIsDefaultRecipientsEnabled: true,\n\t\t\t\t\tNotificationLevel: authorization.NotificationLevelCritical,\n\t\t\t\t\tNotificationType: authorization.NotificationDeliveryMechanismEmail,\n\t\t\t\t\tRecipientType: authorization.RecipientTypeApprover,\n\t\t\t\t\tRuleType: \"RoleManagementPolicyNotificationRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"EndUser\",\n\t\t\t\t\t\tLevel: \"Assignment\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"All\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tauthorization.RoleManagementPolicyPimOnlyModeRule{\n\t\t\t\t\tId: \"PIMOnlyMode_Admin_Assignment\",\n\t\t\t\t\tPimOnlyModeSettings: authorization.PIMOnlyModeSettings{\n\t\t\t\t\t\tExcludedAssignmentTypes: []authorization.ExcludedPrincipalTypes{\n\t\t\t\t\t\t\tauthorization.ExcludedPrincipalTypesServicePrincipalsAsTarget,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludes: []authorization.UsersOrServicePrincipalSet{\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tId: \"ec42a424-a0c0-4418-8788-d19bdeb03704\",\n\t\t\t\t\t\t\t\tType: authorization.UserTypeUser,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tId: \"00029dfb-0218-4e7a-9a85-c15dc0c880bc\",\n\t\t\t\t\t\t\t\tType: authorization.UserTypeGroup,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tId: \"0000103d-1fc2-4ac8-81de-71517765655c\",\n\t\t\t\t\t\t\t\tType: authorization.UserTypeServicePrincipal,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tMode: authorization.PIMOnlyModeEnabled,\n\t\t\t\t\t},\n\t\t\t\t\tRuleType: \"RoleManagementPolicyPimOnlyModeRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"Admin\",\n\t\t\t\t\t\tEnforcedSettings: []string{\n\t\t\t\t\t\t\t\"all\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tInheritableSettings: []string{\n\t\t\t\t\t\t\t\"all\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tLevel: \"Assignment\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"all\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTargetObjects: []interface{}{},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tScope: pulumi.String(\"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n\n```\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azurenative.authorization.RoleManagementPolicy;\nimport com.pulumi.azurenative.authorization.RoleManagementPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var roleManagementPolicy = new RoleManagementPolicy(\"roleManagementPolicy\", RoleManagementPolicyArgs.builder()\n .roleManagementPolicyName(\"570c3619-7688-4b34-b290-2b8bb3ccab2a\")\n .rules( \n RoleManagementPolicyExpirationRuleArgs.builder()\n .id(\"Expiration_Admin_Eligibility\")\n .isExpirationRequired(false)\n .maximumDuration(\"P180D\")\n .ruleType(\"RoleManagementPolicyExpirationRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"Admin\")\n .level(\"Eligibility\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyNotificationRuleArgs.builder()\n .id(\"Notification_Admin_Admin_Eligibility\")\n .isDefaultRecipientsEnabled(false)\n .notificationLevel(\"Critical\")\n .notificationRecipients(\"admin_admin_eligible@test.com\")\n .notificationType(\"Email\")\n .recipientType(\"Admin\")\n .ruleType(\"RoleManagementPolicyNotificationRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"Admin\")\n .level(\"Eligibility\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyNotificationRuleArgs.builder()\n .id(\"Notification_Requestor_Admin_Eligibility\")\n .isDefaultRecipientsEnabled(false)\n .notificationLevel(\"Critical\")\n .notificationRecipients(\"requestor_admin_eligible@test.com\")\n .notificationType(\"Email\")\n .recipientType(\"Requestor\")\n .ruleType(\"RoleManagementPolicyNotificationRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"Admin\")\n .level(\"Eligibility\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyNotificationRuleArgs.builder()\n .id(\"Notification_Approver_Admin_Eligibility\")\n .isDefaultRecipientsEnabled(false)\n .notificationLevel(\"Critical\")\n .notificationRecipients(\"approver_admin_eligible@test.com\")\n .notificationType(\"Email\")\n .recipientType(\"Approver\")\n .ruleType(\"RoleManagementPolicyNotificationRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"Admin\")\n .level(\"Eligibility\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyEnablementRuleArgs.builder()\n .enabledRules()\n .id(\"Enablement_Admin_Eligibility\")\n .ruleType(\"RoleManagementPolicyEnablementRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"Admin\")\n .level(\"Eligibility\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyExpirationRuleArgs.builder()\n .id(\"Expiration_Admin_Assignment\")\n .isExpirationRequired(false)\n .maximumDuration(\"P90D\")\n .ruleType(\"RoleManagementPolicyExpirationRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"Admin\")\n .level(\"Assignment\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyEnablementRuleArgs.builder()\n .enabledRules( \n \"Justification\",\n \"MultiFactorAuthentication\")\n .id(\"Enablement_Admin_Assignment\")\n .ruleType(\"RoleManagementPolicyEnablementRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"Admin\")\n .level(\"Assignment\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyNotificationRuleArgs.builder()\n .id(\"Notification_Admin_Admin_Assignment\")\n .isDefaultRecipientsEnabled(false)\n .notificationLevel(\"Critical\")\n .notificationRecipients(\"admin_admin_member@test.com\")\n .notificationType(\"Email\")\n .recipientType(\"Admin\")\n .ruleType(\"RoleManagementPolicyNotificationRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"Admin\")\n .level(\"Assignment\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyNotificationRuleArgs.builder()\n .id(\"Notification_Requestor_Admin_Assignment\")\n .isDefaultRecipientsEnabled(false)\n .notificationLevel(\"Critical\")\n .notificationRecipients(\"requestor_admin_member@test.com\")\n .notificationType(\"Email\")\n .recipientType(\"Requestor\")\n .ruleType(\"RoleManagementPolicyNotificationRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"Admin\")\n .level(\"Assignment\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyNotificationRuleArgs.builder()\n .id(\"Notification_Approver_Admin_Assignment\")\n .isDefaultRecipientsEnabled(false)\n .notificationLevel(\"Critical\")\n .notificationRecipients(\"approver_admin_member@test.com\")\n .notificationType(\"Email\")\n .recipientType(\"Approver\")\n .ruleType(\"RoleManagementPolicyNotificationRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"Admin\")\n .level(\"Assignment\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyExpirationRuleArgs.builder()\n .id(\"Expiration_EndUser_Assignment\")\n .isExpirationRequired(true)\n .maximumDuration(\"PT7H\")\n .ruleType(\"RoleManagementPolicyExpirationRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"EndUser\")\n .level(\"Assignment\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyEnablementRuleArgs.builder()\n .enabledRules( \n \"Justification\",\n \"MultiFactorAuthentication\",\n \"Ticketing\")\n .id(\"Enablement_EndUser_Assignment\")\n .ruleType(\"RoleManagementPolicyEnablementRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"EndUser\")\n .level(\"Assignment\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyApprovalRuleArgs.builder()\n .id(\"Approval_EndUser_Assignment\")\n .ruleType(\"RoleManagementPolicyApprovalRule\")\n .setting(ApprovalSettingsArgs.builder()\n .approvalMode(\"SingleStage\")\n .approvalStages(ApprovalStageArgs.builder()\n .approvalStageTimeOutInDays(1)\n .escalationTimeInMinutes(0)\n .isApproverJustificationRequired(true)\n .isEscalationEnabled(false)\n .primaryApprovers( \n UserSetArgs.builder()\n .description(\"amansw_new_group\")\n .id(\"2385b0f3-5fa9-43cf-8ca4-b01dc97298cd\")\n .isBackup(false)\n .userType(\"Group\")\n .build(),\n UserSetArgs.builder()\n .description(\"amansw_group\")\n .id(\"2f4913c9-d15b-406a-9946-1d66a28f2690\")\n .isBackup(false)\n .userType(\"Group\")\n .build())\n .build())\n .isApprovalRequired(true)\n .isApprovalRequiredForExtension(false)\n .isRequestorJustificationRequired(true)\n .build())\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"EndUser\")\n .level(\"Assignment\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyAuthenticationContextRuleArgs.builder()\n .claimValue(\"\")\n .id(\"AuthenticationContext_EndUser_Assignment\")\n .isEnabled(false)\n .ruleType(\"RoleManagementPolicyAuthenticationContextRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"EndUser\")\n .level(\"Assignment\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyNotificationRuleArgs.builder()\n .id(\"Notification_Admin_EndUser_Assignment\")\n .isDefaultRecipientsEnabled(false)\n .notificationLevel(\"Critical\")\n .notificationRecipients(\"admin_enduser_member@test.com\")\n .notificationType(\"Email\")\n .recipientType(\"Admin\")\n .ruleType(\"RoleManagementPolicyNotificationRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"EndUser\")\n .level(\"Assignment\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyNotificationRuleArgs.builder()\n .id(\"Notification_Requestor_EndUser_Assignment\")\n .isDefaultRecipientsEnabled(false)\n .notificationLevel(\"Critical\")\n .notificationRecipients(\"requestor_enduser_member@test.com\")\n .notificationType(\"Email\")\n .recipientType(\"Requestor\")\n .ruleType(\"RoleManagementPolicyNotificationRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"EndUser\")\n .level(\"Assignment\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyNotificationRuleArgs.builder()\n .id(\"Notification_Approver_EndUser_Assignment\")\n .isDefaultRecipientsEnabled(true)\n .notificationLevel(\"Critical\")\n .notificationType(\"Email\")\n .recipientType(\"Approver\")\n .ruleType(\"RoleManagementPolicyNotificationRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"EndUser\")\n .level(\"Assignment\")\n .operations(\"All\")\n .build())\n .build(),\n RoleManagementPolicyPimOnlyModeRuleArgs.builder()\n .id(\"PIMOnlyMode_Admin_Assignment\")\n .pimOnlyModeSettings(PIMOnlyModeSettingsArgs.builder()\n .excludedAssignmentTypes(\"ServicePrincipalsAsTarget\")\n .excludes( \n UsersOrServicePrincipalSetArgs.builder()\n .id(\"ec42a424-a0c0-4418-8788-d19bdeb03704\")\n .type(\"User\")\n .build(),\n UsersOrServicePrincipalSetArgs.builder()\n .id(\"00029dfb-0218-4e7a-9a85-c15dc0c880bc\")\n .type(\"Group\")\n .build(),\n UsersOrServicePrincipalSetArgs.builder()\n .id(\"0000103d-1fc2-4ac8-81de-71517765655c\")\n .type(\"ServicePrincipal\")\n .build())\n .mode(\"Enabled\")\n .build())\n .ruleType(\"RoleManagementPolicyPimOnlyModeRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"Admin\")\n .enforcedSettings(\"all\")\n .inheritableSettings(\"all\")\n .level(\"Assignment\")\n .operations(\"all\")\n .targetObjects()\n .build())\n .build())\n .scope(\"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\")\n .build());\n\n }\n}\n\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azure_native from \"@pulumi/azure-native\";\n\nconst roleManagementPolicy = new azure_native.authorization.RoleManagementPolicy(\"roleManagementPolicy\", {\n roleManagementPolicyName: \"570c3619-7688-4b34-b290-2b8bb3ccab2a\",\n rules: [\n {\n id: \"Expiration_Admin_Eligibility\",\n isExpirationRequired: false,\n maximumDuration: \"P180D\",\n ruleType: \"RoleManagementPolicyExpirationRule\",\n target: {\n caller: \"Admin\",\n level: \"Eligibility\",\n operations: [\"All\"],\n },\n },\n {\n id: \"Notification_Admin_Admin_Eligibility\",\n isDefaultRecipientsEnabled: false,\n notificationLevel: azure_native.authorization.NotificationLevel.Critical,\n notificationRecipients: [\"admin_admin_eligible@test.com\"],\n notificationType: azure_native.authorization.NotificationDeliveryMechanism.Email,\n recipientType: azure_native.authorization.RecipientType.Admin,\n ruleType: \"RoleManagementPolicyNotificationRule\",\n target: {\n caller: \"Admin\",\n level: \"Eligibility\",\n operations: [\"All\"],\n },\n },\n {\n id: \"Notification_Requestor_Admin_Eligibility\",\n isDefaultRecipientsEnabled: false,\n notificationLevel: azure_native.authorization.NotificationLevel.Critical,\n notificationRecipients: [\"requestor_admin_eligible@test.com\"],\n notificationType: azure_native.authorization.NotificationDeliveryMechanism.Email,\n recipientType: azure_native.authorization.RecipientType.Requestor,\n ruleType: \"RoleManagementPolicyNotificationRule\",\n target: {\n caller: \"Admin\",\n level: \"Eligibility\",\n operations: [\"All\"],\n },\n },\n {\n id: \"Notification_Approver_Admin_Eligibility\",\n isDefaultRecipientsEnabled: false,\n notificationLevel: azure_native.authorization.NotificationLevel.Critical,\n notificationRecipients: [\"approver_admin_eligible@test.com\"],\n notificationType: azure_native.authorization.NotificationDeliveryMechanism.Email,\n recipientType: azure_native.authorization.RecipientType.Approver,\n ruleType: \"RoleManagementPolicyNotificationRule\",\n target: {\n caller: \"Admin\",\n level: \"Eligibility\",\n operations: [\"All\"],\n },\n },\n {\n enabledRules: [],\n id: \"Enablement_Admin_Eligibility\",\n ruleType: \"RoleManagementPolicyEnablementRule\",\n target: {\n caller: \"Admin\",\n level: \"Eligibility\",\n operations: [\"All\"],\n },\n },\n {\n id: \"Expiration_Admin_Assignment\",\n isExpirationRequired: false,\n maximumDuration: \"P90D\",\n ruleType: \"RoleManagementPolicyExpirationRule\",\n target: {\n caller: \"Admin\",\n level: \"Assignment\",\n operations: [\"All\"],\n },\n },\n {\n enabledRules: [\n azure_native.authorization.EnablementRules.Justification,\n azure_native.authorization.EnablementRules.MultiFactorAuthentication,\n ],\n id: \"Enablement_Admin_Assignment\",\n ruleType: \"RoleManagementPolicyEnablementRule\",\n target: {\n caller: \"Admin\",\n level: \"Assignment\",\n operations: [\"All\"],\n },\n },\n {\n id: \"Notification_Admin_Admin_Assignment\",\n isDefaultRecipientsEnabled: false,\n notificationLevel: azure_native.authorization.NotificationLevel.Critical,\n notificationRecipients: [\"admin_admin_member@test.com\"],\n notificationType: azure_native.authorization.NotificationDeliveryMechanism.Email,\n recipientType: azure_native.authorization.RecipientType.Admin,\n ruleType: \"RoleManagementPolicyNotificationRule\",\n target: {\n caller: \"Admin\",\n level: \"Assignment\",\n operations: [\"All\"],\n },\n },\n {\n id: \"Notification_Requestor_Admin_Assignment\",\n isDefaultRecipientsEnabled: false,\n notificationLevel: azure_native.authorization.NotificationLevel.Critical,\n notificationRecipients: [\"requestor_admin_member@test.com\"],\n notificationType: azure_native.authorization.NotificationDeliveryMechanism.Email,\n recipientType: azure_native.authorization.RecipientType.Requestor,\n ruleType: \"RoleManagementPolicyNotificationRule\",\n target: {\n caller: \"Admin\",\n level: \"Assignment\",\n operations: [\"All\"],\n },\n },\n {\n id: \"Notification_Approver_Admin_Assignment\",\n isDefaultRecipientsEnabled: false,\n notificationLevel: azure_native.authorization.NotificationLevel.Critical,\n notificationRecipients: [\"approver_admin_member@test.com\"],\n notificationType: azure_native.authorization.NotificationDeliveryMechanism.Email,\n recipientType: azure_native.authorization.RecipientType.Approver,\n ruleType: \"RoleManagementPolicyNotificationRule\",\n target: {\n caller: \"Admin\",\n level: \"Assignment\",\n operations: [\"All\"],\n },\n },\n {\n id: \"Expiration_EndUser_Assignment\",\n isExpirationRequired: true,\n maximumDuration: \"PT7H\",\n ruleType: \"RoleManagementPolicyExpirationRule\",\n target: {\n caller: \"EndUser\",\n level: \"Assignment\",\n operations: [\"All\"],\n },\n },\n {\n enabledRules: [\n azure_native.authorization.EnablementRules.Justification,\n azure_native.authorization.EnablementRules.MultiFactorAuthentication,\n azure_native.authorization.EnablementRules.Ticketing,\n ],\n id: \"Enablement_EndUser_Assignment\",\n ruleType: \"RoleManagementPolicyEnablementRule\",\n target: {\n caller: \"EndUser\",\n level: \"Assignment\",\n operations: [\"All\"],\n },\n },\n {\n id: \"Approval_EndUser_Assignment\",\n ruleType: \"RoleManagementPolicyApprovalRule\",\n setting: {\n approvalMode: azure_native.authorization.ApprovalMode.SingleStage,\n approvalStages: [{\n approvalStageTimeOutInDays: 1,\n escalationTimeInMinutes: 0,\n isApproverJustificationRequired: true,\n isEscalationEnabled: false,\n primaryApprovers: [\n {\n description: \"amansw_new_group\",\n id: \"2385b0f3-5fa9-43cf-8ca4-b01dc97298cd\",\n isBackup: false,\n userType: azure_native.authorization.UserType.Group,\n },\n {\n description: \"amansw_group\",\n id: \"2f4913c9-d15b-406a-9946-1d66a28f2690\",\n isBackup: false,\n userType: azure_native.authorization.UserType.Group,\n },\n ],\n }],\n isApprovalRequired: true,\n isApprovalRequiredForExtension: false,\n isRequestorJustificationRequired: true,\n },\n target: {\n caller: \"EndUser\",\n level: \"Assignment\",\n operations: [\"All\"],\n },\n },\n {\n claimValue: \"\",\n id: \"AuthenticationContext_EndUser_Assignment\",\n isEnabled: false,\n ruleType: \"RoleManagementPolicyAuthenticationContextRule\",\n target: {\n caller: \"EndUser\",\n level: \"Assignment\",\n operations: [\"All\"],\n },\n },\n {\n id: \"Notification_Admin_EndUser_Assignment\",\n isDefaultRecipientsEnabled: false,\n notificationLevel: azure_native.authorization.NotificationLevel.Critical,\n notificationRecipients: [\"admin_enduser_member@test.com\"],\n notificationType: azure_native.authorization.NotificationDeliveryMechanism.Email,\n recipientType: azure_native.authorization.RecipientType.Admin,\n ruleType: \"RoleManagementPolicyNotificationRule\",\n target: {\n caller: \"EndUser\",\n level: \"Assignment\",\n operations: [\"All\"],\n },\n },\n {\n id: \"Notification_Requestor_EndUser_Assignment\",\n isDefaultRecipientsEnabled: false,\n notificationLevel: azure_native.authorization.NotificationLevel.Critical,\n notificationRecipients: [\"requestor_enduser_member@test.com\"],\n notificationType: azure_native.authorization.NotificationDeliveryMechanism.Email,\n recipientType: azure_native.authorization.RecipientType.Requestor,\n ruleType: \"RoleManagementPolicyNotificationRule\",\n target: {\n caller: \"EndUser\",\n level: \"Assignment\",\n operations: [\"All\"],\n },\n },\n {\n id: \"Notification_Approver_EndUser_Assignment\",\n isDefaultRecipientsEnabled: true,\n notificationLevel: azure_native.authorization.NotificationLevel.Critical,\n notificationType: azure_native.authorization.NotificationDeliveryMechanism.Email,\n recipientType: azure_native.authorization.RecipientType.Approver,\n ruleType: \"RoleManagementPolicyNotificationRule\",\n target: {\n caller: \"EndUser\",\n level: \"Assignment\",\n operations: [\"All\"],\n },\n },\n {\n id: \"PIMOnlyMode_Admin_Assignment\",\n pimOnlyModeSettings: {\n excludedAssignmentTypes: [azure_native.authorization.ExcludedPrincipalTypes.ServicePrincipalsAsTarget],\n excludes: [\n {\n id: \"ec42a424-a0c0-4418-8788-d19bdeb03704\",\n type: azure_native.authorization.UserType.User,\n },\n {\n id: \"00029dfb-0218-4e7a-9a85-c15dc0c880bc\",\n type: azure_native.authorization.UserType.Group,\n },\n {\n id: \"0000103d-1fc2-4ac8-81de-71517765655c\",\n type: azure_native.authorization.UserType.ServicePrincipal,\n },\n ],\n mode: azure_native.authorization.PIMOnlyMode.Enabled,\n },\n ruleType: \"RoleManagementPolicyPimOnlyModeRule\",\n target: {\n caller: \"Admin\",\n enforcedSettings: [\"all\"],\n inheritableSettings: [\"all\"],\n level: \"Assignment\",\n operations: [\"all\"],\n targetObjects: [],\n },\n },\n ],\n scope: \"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\",\n});\n\n```\n\n```python\nimport pulumi\nimport pulumi_azure_native as azure_native\n\nrole_management_policy = azure_native.authorization.RoleManagementPolicy(\"roleManagementPolicy\",\n role_management_policy_name=\"570c3619-7688-4b34-b290-2b8bb3ccab2a\",\n rules=[\n {\n \"id\": \"Expiration_Admin_Eligibility\",\n \"is_expiration_required\": False,\n \"maximum_duration\": \"P180D\",\n \"rule_type\": \"RoleManagementPolicyExpirationRule\",\n \"target\": {\n \"caller\": \"Admin\",\n \"level\": \"Eligibility\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"id\": \"Notification_Admin_Admin_Eligibility\",\n \"is_default_recipients_enabled\": False,\n \"notification_level\": azure_native.authorization.NotificationLevel.CRITICAL,\n \"notification_recipients\": [\"admin_admin_eligible@test.com\"],\n \"notification_type\": azure_native.authorization.NotificationDeliveryMechanism.EMAIL,\n \"recipient_type\": azure_native.authorization.RecipientType.ADMIN,\n \"rule_type\": \"RoleManagementPolicyNotificationRule\",\n \"target\": {\n \"caller\": \"Admin\",\n \"level\": \"Eligibility\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"id\": \"Notification_Requestor_Admin_Eligibility\",\n \"is_default_recipients_enabled\": False,\n \"notification_level\": azure_native.authorization.NotificationLevel.CRITICAL,\n \"notification_recipients\": [\"requestor_admin_eligible@test.com\"],\n \"notification_type\": azure_native.authorization.NotificationDeliveryMechanism.EMAIL,\n \"recipient_type\": azure_native.authorization.RecipientType.REQUESTOR,\n \"rule_type\": \"RoleManagementPolicyNotificationRule\",\n \"target\": {\n \"caller\": \"Admin\",\n \"level\": \"Eligibility\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"id\": \"Notification_Approver_Admin_Eligibility\",\n \"is_default_recipients_enabled\": False,\n \"notification_level\": azure_native.authorization.NotificationLevel.CRITICAL,\n \"notification_recipients\": [\"approver_admin_eligible@test.com\"],\n \"notification_type\": azure_native.authorization.NotificationDeliveryMechanism.EMAIL,\n \"recipient_type\": azure_native.authorization.RecipientType.APPROVER,\n \"rule_type\": \"RoleManagementPolicyNotificationRule\",\n \"target\": {\n \"caller\": \"Admin\",\n \"level\": \"Eligibility\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"enabled_rules\": [],\n \"id\": \"Enablement_Admin_Eligibility\",\n \"rule_type\": \"RoleManagementPolicyEnablementRule\",\n \"target\": {\n \"caller\": \"Admin\",\n \"level\": \"Eligibility\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"id\": \"Expiration_Admin_Assignment\",\n \"is_expiration_required\": False,\n \"maximum_duration\": \"P90D\",\n \"rule_type\": \"RoleManagementPolicyExpirationRule\",\n \"target\": {\n \"caller\": \"Admin\",\n \"level\": \"Assignment\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"enabled_rules\": [\n azure_native.authorization.EnablementRules.JUSTIFICATION,\n azure_native.authorization.EnablementRules.MULTI_FACTOR_AUTHENTICATION,\n ],\n \"id\": \"Enablement_Admin_Assignment\",\n \"rule_type\": \"RoleManagementPolicyEnablementRule\",\n \"target\": {\n \"caller\": \"Admin\",\n \"level\": \"Assignment\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"id\": \"Notification_Admin_Admin_Assignment\",\n \"is_default_recipients_enabled\": False,\n \"notification_level\": azure_native.authorization.NotificationLevel.CRITICAL,\n \"notification_recipients\": [\"admin_admin_member@test.com\"],\n \"notification_type\": azure_native.authorization.NotificationDeliveryMechanism.EMAIL,\n \"recipient_type\": azure_native.authorization.RecipientType.ADMIN,\n \"rule_type\": \"RoleManagementPolicyNotificationRule\",\n \"target\": {\n \"caller\": \"Admin\",\n \"level\": \"Assignment\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"id\": \"Notification_Requestor_Admin_Assignment\",\n \"is_default_recipients_enabled\": False,\n \"notification_level\": azure_native.authorization.NotificationLevel.CRITICAL,\n \"notification_recipients\": [\"requestor_admin_member@test.com\"],\n \"notification_type\": azure_native.authorization.NotificationDeliveryMechanism.EMAIL,\n \"recipient_type\": azure_native.authorization.RecipientType.REQUESTOR,\n \"rule_type\": \"RoleManagementPolicyNotificationRule\",\n \"target\": {\n \"caller\": \"Admin\",\n \"level\": \"Assignment\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"id\": \"Notification_Approver_Admin_Assignment\",\n \"is_default_recipients_enabled\": False,\n \"notification_level\": azure_native.authorization.NotificationLevel.CRITICAL,\n \"notification_recipients\": [\"approver_admin_member@test.com\"],\n \"notification_type\": azure_native.authorization.NotificationDeliveryMechanism.EMAIL,\n \"recipient_type\": azure_native.authorization.RecipientType.APPROVER,\n \"rule_type\": \"RoleManagementPolicyNotificationRule\",\n \"target\": {\n \"caller\": \"Admin\",\n \"level\": \"Assignment\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"id\": \"Expiration_EndUser_Assignment\",\n \"is_expiration_required\": True,\n \"maximum_duration\": \"PT7H\",\n \"rule_type\": \"RoleManagementPolicyExpirationRule\",\n \"target\": {\n \"caller\": \"EndUser\",\n \"level\": \"Assignment\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"enabled_rules\": [\n azure_native.authorization.EnablementRules.JUSTIFICATION,\n azure_native.authorization.EnablementRules.MULTI_FACTOR_AUTHENTICATION,\n azure_native.authorization.EnablementRules.TICKETING,\n ],\n \"id\": \"Enablement_EndUser_Assignment\",\n \"rule_type\": \"RoleManagementPolicyEnablementRule\",\n \"target\": {\n \"caller\": \"EndUser\",\n \"level\": \"Assignment\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"id\": \"Approval_EndUser_Assignment\",\n \"rule_type\": \"RoleManagementPolicyApprovalRule\",\n \"setting\": {\n \"approval_mode\": azure_native.authorization.ApprovalMode.SINGLE_STAGE,\n \"approval_stages\": [{\n \"approval_stage_time_out_in_days\": 1,\n \"escalation_time_in_minutes\": 0,\n \"is_approver_justification_required\": True,\n \"is_escalation_enabled\": False,\n \"primary_approvers\": [\n {\n \"description\": \"amansw_new_group\",\n \"id\": \"2385b0f3-5fa9-43cf-8ca4-b01dc97298cd\",\n \"is_backup\": False,\n \"user_type\": azure_native.authorization.UserType.GROUP,\n },\n {\n \"description\": \"amansw_group\",\n \"id\": \"2f4913c9-d15b-406a-9946-1d66a28f2690\",\n \"is_backup\": False,\n \"user_type\": azure_native.authorization.UserType.GROUP,\n },\n ],\n }],\n \"is_approval_required\": True,\n \"is_approval_required_for_extension\": False,\n \"is_requestor_justification_required\": True,\n },\n \"target\": {\n \"caller\": \"EndUser\",\n \"level\": \"Assignment\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"claim_value\": \"\",\n \"id\": \"AuthenticationContext_EndUser_Assignment\",\n \"is_enabled\": False,\n \"rule_type\": \"RoleManagementPolicyAuthenticationContextRule\",\n \"target\": {\n \"caller\": \"EndUser\",\n \"level\": \"Assignment\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"id\": \"Notification_Admin_EndUser_Assignment\",\n \"is_default_recipients_enabled\": False,\n \"notification_level\": azure_native.authorization.NotificationLevel.CRITICAL,\n \"notification_recipients\": [\"admin_enduser_member@test.com\"],\n \"notification_type\": azure_native.authorization.NotificationDeliveryMechanism.EMAIL,\n \"recipient_type\": azure_native.authorization.RecipientType.ADMIN,\n \"rule_type\": \"RoleManagementPolicyNotificationRule\",\n \"target\": {\n \"caller\": \"EndUser\",\n \"level\": \"Assignment\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"id\": \"Notification_Requestor_EndUser_Assignment\",\n \"is_default_recipients_enabled\": False,\n \"notification_level\": azure_native.authorization.NotificationLevel.CRITICAL,\n \"notification_recipients\": [\"requestor_enduser_member@test.com\"],\n \"notification_type\": azure_native.authorization.NotificationDeliveryMechanism.EMAIL,\n \"recipient_type\": azure_native.authorization.RecipientType.REQUESTOR,\n \"rule_type\": \"RoleManagementPolicyNotificationRule\",\n \"target\": {\n \"caller\": \"EndUser\",\n \"level\": \"Assignment\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"id\": \"Notification_Approver_EndUser_Assignment\",\n \"is_default_recipients_enabled\": True,\n \"notification_level\": azure_native.authorization.NotificationLevel.CRITICAL,\n \"notification_type\": azure_native.authorization.NotificationDeliveryMechanism.EMAIL,\n \"recipient_type\": azure_native.authorization.RecipientType.APPROVER,\n \"rule_type\": \"RoleManagementPolicyNotificationRule\",\n \"target\": {\n \"caller\": \"EndUser\",\n \"level\": \"Assignment\",\n \"operations\": [\"All\"],\n },\n },\n {\n \"id\": \"PIMOnlyMode_Admin_Assignment\",\n \"pim_only_mode_settings\": {\n \"excluded_assignment_types\": [azure_native.authorization.ExcludedPrincipalTypes.SERVICE_PRINCIPALS_AS_TARGET],\n \"excludes\": [\n {\n \"id\": \"ec42a424-a0c0-4418-8788-d19bdeb03704\",\n \"type\": azure_native.authorization.UserType.USER,\n },\n {\n \"id\": \"00029dfb-0218-4e7a-9a85-c15dc0c880bc\",\n \"type\": azure_native.authorization.UserType.GROUP,\n },\n {\n \"id\": \"0000103d-1fc2-4ac8-81de-71517765655c\",\n \"type\": azure_native.authorization.UserType.SERVICE_PRINCIPAL,\n },\n ],\n \"mode\": azure_native.authorization.PIMOnlyMode.ENABLED,\n },\n \"rule_type\": \"RoleManagementPolicyPimOnlyModeRule\",\n \"target\": {\n \"caller\": \"Admin\",\n \"enforced_settings\": [\"all\"],\n \"inheritable_settings\": [\"all\"],\n \"level\": \"Assignment\",\n \"operations\": [\"all\"],\n \"target_objects\": [],\n },\n },\n ],\n scope=\"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\")\n\n```\n\n```yaml\nresources:\n roleManagementPolicy:\n type: azure-native:authorization:RoleManagementPolicy\n properties:\n roleManagementPolicyName: 570c3619-7688-4b34-b290-2b8bb3ccab2a\n rules:\n - id: Expiration_Admin_Eligibility\n isExpirationRequired: false\n maximumDuration: P180D\n ruleType: RoleManagementPolicyExpirationRule\n target:\n caller: Admin\n level: Eligibility\n operations:\n - All\n - id: Notification_Admin_Admin_Eligibility\n isDefaultRecipientsEnabled: false\n notificationLevel: Critical\n notificationRecipients:\n - admin_admin_eligible@test.com\n notificationType: Email\n recipientType: Admin\n ruleType: RoleManagementPolicyNotificationRule\n target:\n caller: Admin\n level: Eligibility\n operations:\n - All\n - id: Notification_Requestor_Admin_Eligibility\n isDefaultRecipientsEnabled: false\n notificationLevel: Critical\n notificationRecipients:\n - requestor_admin_eligible@test.com\n notificationType: Email\n recipientType: Requestor\n ruleType: RoleManagementPolicyNotificationRule\n target:\n caller: Admin\n level: Eligibility\n operations:\n - All\n - id: Notification_Approver_Admin_Eligibility\n isDefaultRecipientsEnabled: false\n notificationLevel: Critical\n notificationRecipients:\n - approver_admin_eligible@test.com\n notificationType: Email\n recipientType: Approver\n ruleType: RoleManagementPolicyNotificationRule\n target:\n caller: Admin\n level: Eligibility\n operations:\n - All\n - enabledRules: []\n id: Enablement_Admin_Eligibility\n ruleType: RoleManagementPolicyEnablementRule\n target:\n caller: Admin\n level: Eligibility\n operations:\n - All\n - id: Expiration_Admin_Assignment\n isExpirationRequired: false\n maximumDuration: P90D\n ruleType: RoleManagementPolicyExpirationRule\n target:\n caller: Admin\n level: Assignment\n operations:\n - All\n - enabledRules:\n - Justification\n - MultiFactorAuthentication\n id: Enablement_Admin_Assignment\n ruleType: RoleManagementPolicyEnablementRule\n target:\n caller: Admin\n level: Assignment\n operations:\n - All\n - id: Notification_Admin_Admin_Assignment\n isDefaultRecipientsEnabled: false\n notificationLevel: Critical\n notificationRecipients:\n - admin_admin_member@test.com\n notificationType: Email\n recipientType: Admin\n ruleType: RoleManagementPolicyNotificationRule\n target:\n caller: Admin\n level: Assignment\n operations:\n - All\n - id: Notification_Requestor_Admin_Assignment\n isDefaultRecipientsEnabled: false\n notificationLevel: Critical\n notificationRecipients:\n - requestor_admin_member@test.com\n notificationType: Email\n recipientType: Requestor\n ruleType: RoleManagementPolicyNotificationRule\n target:\n caller: Admin\n level: Assignment\n operations:\n - All\n - id: Notification_Approver_Admin_Assignment\n isDefaultRecipientsEnabled: false\n notificationLevel: Critical\n notificationRecipients:\n - approver_admin_member@test.com\n notificationType: Email\n recipientType: Approver\n ruleType: RoleManagementPolicyNotificationRule\n target:\n caller: Admin\n level: Assignment\n operations:\n - All\n - id: Expiration_EndUser_Assignment\n isExpirationRequired: true\n maximumDuration: PT7H\n ruleType: RoleManagementPolicyExpirationRule\n target:\n caller: EndUser\n level: Assignment\n operations:\n - All\n - enabledRules:\n - Justification\n - MultiFactorAuthentication\n - Ticketing\n id: Enablement_EndUser_Assignment\n ruleType: RoleManagementPolicyEnablementRule\n target:\n caller: EndUser\n level: Assignment\n operations:\n - All\n - id: Approval_EndUser_Assignment\n ruleType: RoleManagementPolicyApprovalRule\n setting:\n approvalMode: SingleStage\n approvalStages:\n - approvalStageTimeOutInDays: 1\n escalationTimeInMinutes: 0\n isApproverJustificationRequired: true\n isEscalationEnabled: false\n primaryApprovers:\n - description: amansw_new_group\n id: 2385b0f3-5fa9-43cf-8ca4-b01dc97298cd\n isBackup: false\n userType: Group\n - description: amansw_group\n id: 2f4913c9-d15b-406a-9946-1d66a28f2690\n isBackup: false\n userType: Group\n isApprovalRequired: true\n isApprovalRequiredForExtension: false\n isRequestorJustificationRequired: true\n target:\n caller: EndUser\n level: Assignment\n operations:\n - All\n - claimValue:\n id: AuthenticationContext_EndUser_Assignment\n isEnabled: false\n ruleType: RoleManagementPolicyAuthenticationContextRule\n target:\n caller: EndUser\n level: Assignment\n operations:\n - All\n - id: Notification_Admin_EndUser_Assignment\n isDefaultRecipientsEnabled: false\n notificationLevel: Critical\n notificationRecipients:\n - admin_enduser_member@test.com\n notificationType: Email\n recipientType: Admin\n ruleType: RoleManagementPolicyNotificationRule\n target:\n caller: EndUser\n level: Assignment\n operations:\n - All\n - id: Notification_Requestor_EndUser_Assignment\n isDefaultRecipientsEnabled: false\n notificationLevel: Critical\n notificationRecipients:\n - requestor_enduser_member@test.com\n notificationType: Email\n recipientType: Requestor\n ruleType: RoleManagementPolicyNotificationRule\n target:\n caller: EndUser\n level: Assignment\n operations:\n - All\n - id: Notification_Approver_EndUser_Assignment\n isDefaultRecipientsEnabled: true\n notificationLevel: Critical\n notificationType: Email\n recipientType: Approver\n ruleType: RoleManagementPolicyNotificationRule\n target:\n caller: EndUser\n level: Assignment\n operations:\n - All\n - id: PIMOnlyMode_Admin_Assignment\n pimOnlyModeSettings:\n excludedAssignmentTypes:\n - ServicePrincipalsAsTarget\n excludes:\n - id: ec42a424-a0c0-4418-8788-d19bdeb03704\n type: User\n - id: 00029dfb-0218-4e7a-9a85-c15dc0c880bc\n type: Group\n - id: 0000103d-1fc2-4ac8-81de-71517765655c\n type: ServicePrincipal\n mode: Enabled\n ruleType: RoleManagementPolicyPimOnlyModeRule\n target:\n caller: Admin\n enforcedSettings:\n - all\n inheritableSettings:\n - all\n level: Assignment\n operations:\n - all\n targetObjects: []\n scope: providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\n\n```\n\n{{% /example %}}\n{{% example %}}\n### PatchRoleManagementPolicyToEnablePIMOnlyMode\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureNative = Pulumi.AzureNative;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var roleManagementPolicy = new AzureNative.Authorization.RoleManagementPolicy(\"roleManagementPolicy\", new()\n {\n RoleManagementPolicyName = \"570c3619-7688-4b34-b290-2b8bb3ccab2a\",\n Rules = new[]\n {\n new AzureNative.Authorization.Inputs.RoleManagementPolicyPimOnlyModeRuleArgs\n {\n Id = \"PIMOnlyMode_Admin_Assignment\",\n PimOnlyModeSettings = new AzureNative.Authorization.Inputs.PIMOnlyModeSettingsArgs\n {\n ExcludedAssignmentTypes = new[]\n {\n AzureNative.Authorization.ExcludedPrincipalTypes.ServicePrincipalsAsTarget,\n },\n Excludes = new[]\n {\n new AzureNative.Authorization.Inputs.UsersOrServicePrincipalSetArgs\n {\n Id = \"ec42a424-a0c0-4418-8788-d19bdeb03704\",\n Type = AzureNative.Authorization.UserType.User,\n },\n new AzureNative.Authorization.Inputs.UsersOrServicePrincipalSetArgs\n {\n Id = \"00029dfb-0218-4e7a-9a85-c15dc0c880bc\",\n Type = AzureNative.Authorization.UserType.Group,\n },\n new AzureNative.Authorization.Inputs.UsersOrServicePrincipalSetArgs\n {\n Id = \"0000103d-1fc2-4ac8-81de-71517765655c\",\n Type = AzureNative.Authorization.UserType.ServicePrincipal,\n },\n },\n Mode = AzureNative.Authorization.PIMOnlyMode.Enabled,\n },\n RuleType = \"RoleManagementPolicyPimOnlyModeRule\",\n Target = new AzureNative.Authorization.Inputs.RoleManagementPolicyRuleTargetArgs\n {\n Caller = \"Admin\",\n EnforcedSettings = new[]\n {\n \"all\",\n },\n InheritableSettings = new[]\n {\n \"all\",\n },\n Level = \"Assignment\",\n Operations = new[]\n {\n \"all\",\n },\n TargetObjects = new() { },\n },\n },\n },\n Scope = \"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\",\n });\n\n});\n\n\n```\n\n```go\npackage main\n\nimport (\n\tauthorization \"github.com/pulumi/pulumi-azure-native-sdk/authorization/v2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := authorization.NewRoleManagementPolicy(ctx, \"roleManagementPolicy\", \u0026authorization.RoleManagementPolicyArgs{\n\t\t\tRoleManagementPolicyName: pulumi.String(\"570c3619-7688-4b34-b290-2b8bb3ccab2a\"),\n\t\t\tRules: pulumi.Array{\n\t\t\t\tauthorization.RoleManagementPolicyPimOnlyModeRule{\n\t\t\t\t\tId: \"PIMOnlyMode_Admin_Assignment\",\n\t\t\t\t\tPimOnlyModeSettings: authorization.PIMOnlyModeSettings{\n\t\t\t\t\t\tExcludedAssignmentTypes: []authorization.ExcludedPrincipalTypes{\n\t\t\t\t\t\t\tauthorization.ExcludedPrincipalTypesServicePrincipalsAsTarget,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tExcludes: []authorization.UsersOrServicePrincipalSet{\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tId: \"ec42a424-a0c0-4418-8788-d19bdeb03704\",\n\t\t\t\t\t\t\t\tType: authorization.UserTypeUser,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tId: \"00029dfb-0218-4e7a-9a85-c15dc0c880bc\",\n\t\t\t\t\t\t\t\tType: authorization.UserTypeGroup,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tId: \"0000103d-1fc2-4ac8-81de-71517765655c\",\n\t\t\t\t\t\t\t\tType: authorization.UserTypeServicePrincipal,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tMode: authorization.PIMOnlyModeEnabled,\n\t\t\t\t\t},\n\t\t\t\t\tRuleType: \"RoleManagementPolicyPimOnlyModeRule\",\n\t\t\t\t\tTarget: authorization.RoleManagementPolicyRuleTarget{\n\t\t\t\t\t\tCaller: \"Admin\",\n\t\t\t\t\t\tEnforcedSettings: []string{\n\t\t\t\t\t\t\t\"all\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tInheritableSettings: []string{\n\t\t\t\t\t\t\t\"all\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tLevel: \"Assignment\",\n\t\t\t\t\t\tOperations: []string{\n\t\t\t\t\t\t\t\"all\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTargetObjects: []interface{}{},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tScope: pulumi.String(\"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n\n```\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azurenative.authorization.RoleManagementPolicy;\nimport com.pulumi.azurenative.authorization.RoleManagementPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var roleManagementPolicy = new RoleManagementPolicy(\"roleManagementPolicy\", RoleManagementPolicyArgs.builder()\n .roleManagementPolicyName(\"570c3619-7688-4b34-b290-2b8bb3ccab2a\")\n .rules(RoleManagementPolicyPimOnlyModeRuleArgs.builder()\n .id(\"PIMOnlyMode_Admin_Assignment\")\n .pimOnlyModeSettings(PIMOnlyModeSettingsArgs.builder()\n .excludedAssignmentTypes(\"ServicePrincipalsAsTarget\")\n .excludes( \n UsersOrServicePrincipalSetArgs.builder()\n .id(\"ec42a424-a0c0-4418-8788-d19bdeb03704\")\n .type(\"User\")\n .build(),\n UsersOrServicePrincipalSetArgs.builder()\n .id(\"00029dfb-0218-4e7a-9a85-c15dc0c880bc\")\n .type(\"Group\")\n .build(),\n UsersOrServicePrincipalSetArgs.builder()\n .id(\"0000103d-1fc2-4ac8-81de-71517765655c\")\n .type(\"ServicePrincipal\")\n .build())\n .mode(\"Enabled\")\n .build())\n .ruleType(\"RoleManagementPolicyPimOnlyModeRule\")\n .target(RoleManagementPolicyRuleTargetArgs.builder()\n .caller(\"Admin\")\n .enforcedSettings(\"all\")\n .inheritableSettings(\"all\")\n .level(\"Assignment\")\n .operations(\"all\")\n .targetObjects()\n .build())\n .build())\n .scope(\"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\")\n .build());\n\n }\n}\n\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azure_native from \"@pulumi/azure-native\";\n\nconst roleManagementPolicy = new azure_native.authorization.RoleManagementPolicy(\"roleManagementPolicy\", {\n roleManagementPolicyName: \"570c3619-7688-4b34-b290-2b8bb3ccab2a\",\n rules: [{\n id: \"PIMOnlyMode_Admin_Assignment\",\n pimOnlyModeSettings: {\n excludedAssignmentTypes: [azure_native.authorization.ExcludedPrincipalTypes.ServicePrincipalsAsTarget],\n excludes: [\n {\n id: \"ec42a424-a0c0-4418-8788-d19bdeb03704\",\n type: azure_native.authorization.UserType.User,\n },\n {\n id: \"00029dfb-0218-4e7a-9a85-c15dc0c880bc\",\n type: azure_native.authorization.UserType.Group,\n },\n {\n id: \"0000103d-1fc2-4ac8-81de-71517765655c\",\n type: azure_native.authorization.UserType.ServicePrincipal,\n },\n ],\n mode: azure_native.authorization.PIMOnlyMode.Enabled,\n },\n ruleType: \"RoleManagementPolicyPimOnlyModeRule\",\n target: {\n caller: \"Admin\",\n enforcedSettings: [\"all\"],\n inheritableSettings: [\"all\"],\n level: \"Assignment\",\n operations: [\"all\"],\n targetObjects: [],\n },\n }],\n scope: \"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\",\n});\n\n```\n\n```python\nimport pulumi\nimport pulumi_azure_native as azure_native\n\nrole_management_policy = azure_native.authorization.RoleManagementPolicy(\"roleManagementPolicy\",\n role_management_policy_name=\"570c3619-7688-4b34-b290-2b8bb3ccab2a\",\n rules=[{\n \"id\": \"PIMOnlyMode_Admin_Assignment\",\n \"pim_only_mode_settings\": {\n \"excluded_assignment_types\": [azure_native.authorization.ExcludedPrincipalTypes.SERVICE_PRINCIPALS_AS_TARGET],\n \"excludes\": [\n {\n \"id\": \"ec42a424-a0c0-4418-8788-d19bdeb03704\",\n \"type\": azure_native.authorization.UserType.USER,\n },\n {\n \"id\": \"00029dfb-0218-4e7a-9a85-c15dc0c880bc\",\n \"type\": azure_native.authorization.UserType.GROUP,\n },\n {\n \"id\": \"0000103d-1fc2-4ac8-81de-71517765655c\",\n \"type\": azure_native.authorization.UserType.SERVICE_PRINCIPAL,\n },\n ],\n \"mode\": azure_native.authorization.PIMOnlyMode.ENABLED,\n },\n \"rule_type\": \"RoleManagementPolicyPimOnlyModeRule\",\n \"target\": {\n \"caller\": \"Admin\",\n \"enforced_settings\": [\"all\"],\n \"inheritable_settings\": [\"all\"],\n \"level\": \"Assignment\",\n \"operations\": [\"all\"],\n \"target_objects\": [],\n },\n }],\n scope=\"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\")\n\n```\n\n```yaml\nresources:\n roleManagementPolicy:\n type: azure-native:authorization:RoleManagementPolicy\n properties:\n roleManagementPolicyName: 570c3619-7688-4b34-b290-2b8bb3ccab2a\n rules:\n - id: PIMOnlyMode_Admin_Assignment\n pimOnlyModeSettings:\n excludedAssignmentTypes:\n - ServicePrincipalsAsTarget\n excludes:\n - id: ec42a424-a0c0-4418-8788-d19bdeb03704\n type: User\n - id: 00029dfb-0218-4e7a-9a85-c15dc0c880bc\n type: Group\n - id: 0000103d-1fc2-4ac8-81de-71517765655c\n type: ServicePrincipal\n mode: Enabled\n ruleType: RoleManagementPolicyPimOnlyModeRule\n target:\n caller: Admin\n enforcedSettings:\n - all\n inheritableSettings:\n - all\n level: Assignment\n operations:\n - all\n targetObjects: []\n scope: providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\n\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing resource can be imported using its type token, name, and identifier, e.g.\n\n```sh\n$ pulumi import azure-native:authorization:RoleManagementPolicy 570c3619-7688-4b34-b290-2b8bb3ccab2a /{scope}/providers/Microsoft.Authorization/roleManagementPolicies/{roleManagementPolicyName} \n```\n", + "properties": { + "description": { + "type": "string", + "description": "The role management policy description." + }, + "displayName": { + "type": "string", + "description": "The role management policy display name." + }, + "effectiveRules": { + "type": "array", + "items": { + "oneOf": [ + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyApprovalRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyAuthenticationContextRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyEnablementRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyExpirationRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyNotificationRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyPimOnlyModeRuleResponse" + } + ], + "discriminator": { + "propertyName": "ruleType", + "mapping": { + "RoleManagementPolicyApprovalRule": "#/types/azure-native:authorization:RoleManagementPolicyApprovalRuleResponse", + "RoleManagementPolicyAuthenticationContextRule": "#/types/azure-native:authorization:RoleManagementPolicyAuthenticationContextRuleResponse", + "RoleManagementPolicyEnablementRule": "#/types/azure-native:authorization:RoleManagementPolicyEnablementRuleResponse", + "RoleManagementPolicyExpirationRule": "#/types/azure-native:authorization:RoleManagementPolicyExpirationRuleResponse", + "RoleManagementPolicyNotificationRule": "#/types/azure-native:authorization:RoleManagementPolicyNotificationRuleResponse", + "RoleManagementPolicyPimOnlyModeRule": "#/types/azure-native:authorization:RoleManagementPolicyPimOnlyModeRuleResponse" + } + } + }, + "description": "The readonly computed rule applied to the policy." + }, + "isOrganizationDefault": { + "type": "boolean", + "description": "The role management policy is default policy." + }, + "lastModifiedBy": { + "type": "object", + "$ref": "#/types/azure-native:authorization:PrincipalResponse", + "description": "The name of the entity last modified it" + }, + "lastModifiedDateTime": { + "type": "string", + "description": "The last modified date time." + }, + "name": { + "type": "string", + "description": "The role management policy name." + }, + "policyProperties": { + "type": "object", + "$ref": "#/types/azure-native:authorization:PolicyPropertiesResponse", + "description": "Additional properties of scope" + }, + "rules": { + "type": "array", + "items": { + "oneOf": [ + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyApprovalRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyAuthenticationContextRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyEnablementRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyExpirationRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyNotificationRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyPimOnlyModeRuleResponse" + } + ], + "discriminator": { + "propertyName": "ruleType", + "mapping": { + "RoleManagementPolicyApprovalRule": "#/types/azure-native:authorization:RoleManagementPolicyApprovalRuleResponse", + "RoleManagementPolicyAuthenticationContextRule": "#/types/azure-native:authorization:RoleManagementPolicyAuthenticationContextRuleResponse", + "RoleManagementPolicyEnablementRule": "#/types/azure-native:authorization:RoleManagementPolicyEnablementRuleResponse", + "RoleManagementPolicyExpirationRule": "#/types/azure-native:authorization:RoleManagementPolicyExpirationRuleResponse", + "RoleManagementPolicyNotificationRule": "#/types/azure-native:authorization:RoleManagementPolicyNotificationRuleResponse", + "RoleManagementPolicyPimOnlyModeRule": "#/types/azure-native:authorization:RoleManagementPolicyPimOnlyModeRuleResponse" + } + } + }, + "description": "The rule applied to the policy." + }, + "scope": { + "type": "string", + "description": "The role management policy scope." + }, + "type": { + "type": "string", + "description": "The role management policy type." + } + }, + "type": "object", + "required": [ + "effectiveRules", + "lastModifiedBy", + "lastModifiedDateTime", + "name", + "policyProperties", + "type" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The role management policy description." + }, + "displayName": { + "type": "string", + "description": "The role management policy display name." + }, + "isOrganizationDefault": { + "type": "boolean", + "description": "The role management policy is default policy." + }, + "roleManagementPolicyName": { + "type": "string", + "description": "The name (guid) of the role management policy to upsert.", + "willReplaceOnChanges": true + }, + "rules": { + "type": "array", + "items": { + "oneOf": [ + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyApprovalRule" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyAuthenticationContextRule" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyEnablementRule" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyExpirationRule" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyNotificationRule" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyPimOnlyModeRule" + } + ], + "discriminator": { + "propertyName": "ruleType", + "mapping": { + "RoleManagementPolicyApprovalRule": "#/types/azure-native:authorization:RoleManagementPolicyApprovalRule", + "RoleManagementPolicyAuthenticationContextRule": "#/types/azure-native:authorization:RoleManagementPolicyAuthenticationContextRule", + "RoleManagementPolicyEnablementRule": "#/types/azure-native:authorization:RoleManagementPolicyEnablementRule", + "RoleManagementPolicyExpirationRule": "#/types/azure-native:authorization:RoleManagementPolicyExpirationRule", + "RoleManagementPolicyNotificationRule": "#/types/azure-native:authorization:RoleManagementPolicyNotificationRule", + "RoleManagementPolicyPimOnlyModeRule": "#/types/azure-native:authorization:RoleManagementPolicyPimOnlyModeRule" + } + } + }, + "description": "The rule applied to the policy." + }, + "scope": { + "type": "string", + "description": "The role management policy scope." + } + }, + "requiredInputs": [ + "scope" + ], + "aliases": [ + { + "type": "azure-native:authorization/v20201001:RoleManagementPolicy" + }, + { + "type": "azure-native:authorization/v20201001preview:RoleManagementPolicy" + }, + { + "type": "azure-native:authorization/v20240201preview:RoleManagementPolicy" + }, + { + "type": "azure-native:authorization/v20240901preview:RoleManagementPolicy" + } + ] + }, "azure-native:authorization:RoleManagementPolicyAssignment": { "description": "Role management policy\nAzure REST API version: 2020-10-01. Prior API version in Azure Native 1.x: 2020-10-01.\n\nOther available API versions: 2020-10-01-preview, 2024-02-01-preview, 2024-09-01-preview.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### PutRoleManagementPolicyAssignment\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing AzureNative = Pulumi.AzureNative;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var roleManagementPolicyAssignment = new AzureNative.Authorization.RoleManagementPolicyAssignment(\"roleManagementPolicyAssignment\", new()\n {\n PolicyId = \"/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9\",\n RoleDefinitionId = \"/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24\",\n RoleManagementPolicyAssignmentName = \"b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24\",\n Scope = \"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\",\n });\n\n});\n\n\n```\n\n```go\npackage main\n\nimport (\n\tauthorization \"github.com/pulumi/pulumi-azure-native-sdk/authorization/v2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := authorization.NewRoleManagementPolicyAssignment(ctx, \"roleManagementPolicyAssignment\", \u0026authorization.RoleManagementPolicyAssignmentArgs{\n\t\t\tPolicyId: pulumi.String(\"/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9\"),\n\t\t\tRoleDefinitionId: pulumi.String(\"/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24\"),\n\t\t\tRoleManagementPolicyAssignmentName: pulumi.String(\"b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24\"),\n\t\t\tScope: pulumi.String(\"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n\n```\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.azurenative.authorization.RoleManagementPolicyAssignment;\nimport com.pulumi.azurenative.authorization.RoleManagementPolicyAssignmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var roleManagementPolicyAssignment = new RoleManagementPolicyAssignment(\"roleManagementPolicyAssignment\", RoleManagementPolicyAssignmentArgs.builder()\n .policyId(\"/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9\")\n .roleDefinitionId(\"/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24\")\n .roleManagementPolicyAssignmentName(\"b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24\")\n .scope(\"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\")\n .build());\n\n }\n}\n\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as azure_native from \"@pulumi/azure-native\";\n\nconst roleManagementPolicyAssignment = new azure_native.authorization.RoleManagementPolicyAssignment(\"roleManagementPolicyAssignment\", {\n policyId: \"/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9\",\n roleDefinitionId: \"/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24\",\n roleManagementPolicyAssignmentName: \"b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24\",\n scope: \"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\",\n});\n\n```\n\n```python\nimport pulumi\nimport pulumi_azure_native as azure_native\n\nrole_management_policy_assignment = azure_native.authorization.RoleManagementPolicyAssignment(\"roleManagementPolicyAssignment\",\n policy_id=\"/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9\",\n role_definition_id=\"/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24\",\n role_management_policy_assignment_name=\"b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24\",\n scope=\"providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\")\n\n```\n\n```yaml\nresources:\n roleManagementPolicyAssignment:\n type: azure-native:authorization:RoleManagementPolicyAssignment\n properties:\n policyId: /subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9\n roleDefinitionId: /subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24\n roleManagementPolicyAssignmentName: b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24\n scope: providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368\n\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing resource can be imported using its type token, name, and identifier, e.g.\n\n```sh\n$ pulumi import azure-native:authorization:RoleManagementPolicyAssignment b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24 /{scope}/providers/Microsoft.Authorization/roleManagementPolicyAssignments/{roleManagementPolicyAssignmentName} \n```\n", "properties": { @@ -840408,6 +841317,171 @@ ] } }, + "azure-native:authorization:getRoleManagementPolicy": { + "description": "Get the specified role management policy for a resource scope\nAzure REST API version: 2024-09-01-preview.\n\nOther available API versions: 2020-10-01, 2020-10-01-preview, 2024-02-01-preview.", + "inputs": { + "properties": { + "roleManagementPolicyName": { + "type": "string", + "description": "The name (guid) of the role management policy to get.", + "willReplaceOnChanges": true + }, + "scope": { + "type": "string", + "description": "The scope of the role management policy.", + "willReplaceOnChanges": true + } + }, + "type": "object", + "required": [ + "roleManagementPolicyName", + "scope" + ] + }, + "outputs": { + "description": "Role management policy", + "properties": { + "description": { + "type": "string", + "description": "The role management policy description." + }, + "displayName": { + "type": "string", + "description": "The role management policy display name." + }, + "effectiveRules": { + "type": "array", + "items": { + "oneOf": [ + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyApprovalRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyAuthenticationContextRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyEnablementRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyExpirationRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyNotificationRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyPimOnlyModeRuleResponse" + } + ], + "discriminator": { + "propertyName": "ruleType", + "mapping": { + "RoleManagementPolicyApprovalRule": "#/types/azure-native:authorization:RoleManagementPolicyApprovalRuleResponse", + "RoleManagementPolicyAuthenticationContextRule": "#/types/azure-native:authorization:RoleManagementPolicyAuthenticationContextRuleResponse", + "RoleManagementPolicyEnablementRule": "#/types/azure-native:authorization:RoleManagementPolicyEnablementRuleResponse", + "RoleManagementPolicyExpirationRule": "#/types/azure-native:authorization:RoleManagementPolicyExpirationRuleResponse", + "RoleManagementPolicyNotificationRule": "#/types/azure-native:authorization:RoleManagementPolicyNotificationRuleResponse", + "RoleManagementPolicyPimOnlyModeRule": "#/types/azure-native:authorization:RoleManagementPolicyPimOnlyModeRuleResponse" + } + } + }, + "description": "The readonly computed rule applied to the policy." + }, + "id": { + "type": "string", + "description": "The role management policy Id." + }, + "isOrganizationDefault": { + "type": "boolean", + "description": "The role management policy is default policy." + }, + "lastModifiedBy": { + "type": "object", + "$ref": "#/types/azure-native:authorization:PrincipalResponse", + "description": "The name of the entity last modified it" + }, + "lastModifiedDateTime": { + "type": "string", + "description": "The last modified date time." + }, + "name": { + "type": "string", + "description": "The role management policy name." + }, + "policyProperties": { + "type": "object", + "$ref": "#/types/azure-native:authorization:PolicyPropertiesResponse", + "description": "Additional properties of scope" + }, + "rules": { + "type": "array", + "items": { + "oneOf": [ + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyApprovalRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyAuthenticationContextRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyEnablementRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyExpirationRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyNotificationRuleResponse" + }, + { + "type": "object", + "$ref": "#/types/azure-native:authorization:RoleManagementPolicyPimOnlyModeRuleResponse" + } + ], + "discriminator": { + "propertyName": "ruleType", + "mapping": { + "RoleManagementPolicyApprovalRule": "#/types/azure-native:authorization:RoleManagementPolicyApprovalRuleResponse", + "RoleManagementPolicyAuthenticationContextRule": "#/types/azure-native:authorization:RoleManagementPolicyAuthenticationContextRuleResponse", + "RoleManagementPolicyEnablementRule": "#/types/azure-native:authorization:RoleManagementPolicyEnablementRuleResponse", + "RoleManagementPolicyExpirationRule": "#/types/azure-native:authorization:RoleManagementPolicyExpirationRuleResponse", + "RoleManagementPolicyNotificationRule": "#/types/azure-native:authorization:RoleManagementPolicyNotificationRuleResponse", + "RoleManagementPolicyPimOnlyModeRule": "#/types/azure-native:authorization:RoleManagementPolicyPimOnlyModeRuleResponse" + } + } + }, + "description": "The rule applied to the policy." + }, + "scope": { + "type": "string", + "description": "The role management policy scope." + }, + "type": { + "type": "string", + "description": "The role management policy type." + } + }, + "type": "object", + "required": [ + "effectiveRules", + "id", + "lastModifiedBy", + "lastModifiedDateTime", + "name", + "policyProperties", + "type" + ] + } + }, "azure-native:authorization:getRoleManagementPolicyAssignment": { "description": "Get the specified role management policy assignment for a resource scope\nAzure REST API version: 2020-10-01.\n\nOther available API versions: 2020-10-01-preview, 2024-02-01-preview, 2024-09-01-preview.", "inputs": { diff --git a/reports/allEndpoints.json b/reports/allEndpoints.json index b7821f13af1f..860ebc851fd7 100644 --- a/reports/allEndpoints.json +++ b/reports/allEndpoints.json @@ -9044,7 +9044,8 @@ "DELETE", "GET", "PATCH" - ] + ], + "Added": true } }, "RoleManagementPolicyAssignments": { diff --git a/reports/allResourceVersionsByResource.json b/reports/allResourceVersionsByResource.json index f022f28e155a..8bed7d19eb1a 100644 --- a/reports/allResourceVersionsByResource.json +++ b/reports/allResourceVersionsByResource.json @@ -3080,6 +3080,12 @@ "2022-04-01", "2022-05-01-preview" ], + "RoleManagementPolicy": [ + "2020-10-01", + "2020-10-01-preview", + "2024-02-01-preview", + "2024-09-01-preview" + ], "RoleManagementPolicyAssignment": [ "2020-10-01", "2020-10-01-preview", diff --git a/reports/allResourcesByVersion.json b/reports/allResourcesByVersion.json index 92a0a918c56f..bb51a8d5dc40 100644 --- a/reports/allResourcesByVersion.json +++ b/reports/allResourcesByVersion.json @@ -2788,10 +2788,12 @@ "PolicySetDefinitionAtManagementGroup" ], "2020-10-01": [ + "RoleManagementPolicy", "RoleManagementPolicyAssignment" ], "2020-10-01-preview": [ "RoleAssignment", + "RoleManagementPolicy", "RoleManagementPolicyAssignment" ], "2021-03-01-preview": [ @@ -2854,6 +2856,7 @@ "listPolicySetDefinitionVersionAllBuiltins" ], "2024-02-01-preview": [ + "RoleManagementPolicy", "RoleManagementPolicyAssignment" ], "2024-04-01": [ @@ -2877,6 +2880,7 @@ "listPolicySetDefinitionVersionAllBuiltins" ], "2024-09-01-preview": [ + "RoleManagementPolicy", "RoleManagementPolicyAssignment" ] }, diff --git a/sdk/dotnet/Authorization/Enums.cs b/sdk/dotnet/Authorization/Enums.cs index 022b9075a77d..2d67e1929e37 100644 --- a/sdk/dotnet/Authorization/Enums.cs +++ b/sdk/dotnet/Authorization/Enums.cs @@ -104,6 +104,39 @@ private AccessReviewResult(string value) public override string ToString() => _value; } + /// + /// The type of rule + /// + [EnumType] + public readonly struct ApprovalMode : IEquatable + { + private readonly string _value; + + private ApprovalMode(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static ApprovalMode SingleStage { get; } = new ApprovalMode("SingleStage"); + public static ApprovalMode Serial { get; } = new ApprovalMode("Serial"); + public static ApprovalMode Parallel { get; } = new ApprovalMode("Parallel"); + public static ApprovalMode NoApproval { get; } = new ApprovalMode("NoApproval"); + + public static bool operator ==(ApprovalMode left, ApprovalMode right) => left.Equals(right); + public static bool operator !=(ApprovalMode left, ApprovalMode right) => !left.Equals(right); + + public static explicit operator string(ApprovalMode value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is ApprovalMode other && Equals(other); + public bool Equals(ApprovalMode other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + /// /// The option whether validate the exemption is at or under the assignment scope. /// @@ -173,6 +206,38 @@ private DefaultDecisionType(string value) public override string ToString() => _value; } + /// + /// The type of enablement rule + /// + [EnumType] + public readonly struct EnablementRules : IEquatable + { + private readonly string _value; + + private EnablementRules(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static EnablementRules MultiFactorAuthentication { get; } = new EnablementRules("MultiFactorAuthentication"); + public static EnablementRules Justification { get; } = new EnablementRules("Justification"); + public static EnablementRules Ticketing { get; } = new EnablementRules("Ticketing"); + + public static bool operator ==(EnablementRules left, EnablementRules right) => left.Equals(right); + public static bool operator !=(EnablementRules left, EnablementRules right) => !left.Equals(right); + + public static explicit operator string(EnablementRules value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is EnablementRules other && Equals(other); + public bool Equals(EnablementRules other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + /// /// The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. /// @@ -210,6 +275,34 @@ private EnforcementMode(string value) public override string ToString() => _value; } + [EnumType] + public readonly struct ExcludedPrincipalTypes : IEquatable + { + private readonly string _value; + + private ExcludedPrincipalTypes(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static ExcludedPrincipalTypes ServicePrincipalsAsTarget { get; } = new ExcludedPrincipalTypes("ServicePrincipalsAsTarget"); + public static ExcludedPrincipalTypes ServicePrincipalsAsRequestor { get; } = new ExcludedPrincipalTypes("ServicePrincipalsAsRequestor"); + + public static bool operator ==(ExcludedPrincipalTypes left, ExcludedPrincipalTypes right) => left.Equals(right); + public static bool operator !=(ExcludedPrincipalTypes left, ExcludedPrincipalTypes right) => !left.Equals(right); + + public static explicit operator string(ExcludedPrincipalTypes value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is ExcludedPrincipalTypes other && Equals(other); + public bool Equals(ExcludedPrincipalTypes other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + /// /// The policy exemption category. Possible values are Waiver and Mitigated. /// @@ -279,6 +372,68 @@ private LockLevel(string value) public override string ToString() => _value; } + /// + /// The type of notification. + /// + [EnumType] + public readonly struct NotificationDeliveryMechanism : IEquatable + { + private readonly string _value; + + private NotificationDeliveryMechanism(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static NotificationDeliveryMechanism Email { get; } = new NotificationDeliveryMechanism("Email"); + + public static bool operator ==(NotificationDeliveryMechanism left, NotificationDeliveryMechanism right) => left.Equals(right); + public static bool operator !=(NotificationDeliveryMechanism left, NotificationDeliveryMechanism right) => !left.Equals(right); + + public static explicit operator string(NotificationDeliveryMechanism value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is NotificationDeliveryMechanism other && Equals(other); + public bool Equals(NotificationDeliveryMechanism other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The notification level. + /// + [EnumType] + public readonly struct NotificationLevel : IEquatable + { + private readonly string _value; + + private NotificationLevel(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static NotificationLevel None { get; } = new NotificationLevel("None"); + public static NotificationLevel Critical { get; } = new NotificationLevel("Critical"); + public static NotificationLevel All { get; } = new NotificationLevel("All"); + + public static bool operator ==(NotificationLevel left, NotificationLevel right) => left.Equals(right); + public static bool operator !=(NotificationLevel left, NotificationLevel right) => !left.Equals(right); + + public static explicit operator string(NotificationLevel value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is NotificationLevel other && Equals(other); + public bool Equals(NotificationLevel other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + /// /// The override kind. /// @@ -312,6 +467,38 @@ private OverrideKind(string value) public override string ToString() => _value; } + /// + /// Determines whether the setting is enabled, disabled or report only. + /// + [EnumType] + public readonly struct PIMOnlyMode : IEquatable + { + private readonly string _value; + + private PIMOnlyMode(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static PIMOnlyMode Disabled { get; } = new PIMOnlyMode("Disabled"); + public static PIMOnlyMode Enabled { get; } = new PIMOnlyMode("Enabled"); + public static PIMOnlyMode ReportOnly { get; } = new PIMOnlyMode("ReportOnly"); + + public static bool operator ==(PIMOnlyMode left, PIMOnlyMode right) => left.Equals(right); + public static bool operator !=(PIMOnlyMode left, PIMOnlyMode right) => !left.Equals(right); + + public static explicit operator string(PIMOnlyMode value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is PIMOnlyMode other && Equals(other); + public bool Equals(PIMOnlyMode other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + /// /// The data type of the parameter. /// @@ -443,6 +630,38 @@ private PublicNetworkAccessOptions(string value) public override string ToString() => _value; } + /// + /// The recipient type. + /// + [EnumType] + public readonly struct RecipientType : IEquatable + { + private readonly string _value; + + private RecipientType(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static RecipientType Requestor { get; } = new RecipientType("Requestor"); + public static RecipientType Approver { get; } = new RecipientType("Approver"); + public static RecipientType Admin { get; } = new RecipientType("Admin"); + + public static bool operator ==(RecipientType left, RecipientType right) => left.Equals(right); + public static bool operator !=(RecipientType left, RecipientType right) => !left.Equals(right); + + public static explicit operator string(RecipientType value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is RecipientType other && Equals(other); + public bool Equals(RecipientType other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + /// /// The identity type. This is the only required field when adding a system or user assigned identity to a resource. /// @@ -484,6 +703,41 @@ private ResourceIdentityType(string value) public override string ToString() => _value; } + /// + /// The type of rule + /// + [EnumType] + public readonly struct RoleManagementPolicyRuleType : IEquatable + { + private readonly string _value; + + private RoleManagementPolicyRuleType(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static RoleManagementPolicyRuleType RoleManagementPolicyApprovalRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyApprovalRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyAuthenticationContextRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyAuthenticationContextRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyEnablementRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyEnablementRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyExpirationRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyExpirationRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyNotificationRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyNotificationRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyPimOnlyModeRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyPimOnlyModeRule"); + + public static bool operator ==(RoleManagementPolicyRuleType left, RoleManagementPolicyRuleType right) => left.Equals(right); + public static bool operator !=(RoleManagementPolicyRuleType left, RoleManagementPolicyRuleType right) => !left.Equals(right); + + public static explicit operator string(RoleManagementPolicyRuleType value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is RoleManagementPolicyRuleType other && Equals(other); + public bool Equals(RoleManagementPolicyRuleType other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + /// /// The selector kind. /// @@ -528,4 +782,36 @@ private SelectorKind(string value) public override string ToString() => _value; } + + /// + /// The type of user. + /// + [EnumType] + public readonly struct UserType : IEquatable + { + private readonly string _value; + + private UserType(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static UserType User { get; } = new UserType("User"); + public static UserType Group { get; } = new UserType("Group"); + public static UserType ServicePrincipal { get; } = new UserType("ServicePrincipal"); + + public static bool operator ==(UserType left, UserType right) => left.Equals(right); + public static bool operator !=(UserType left, UserType right) => !left.Equals(right); + + public static explicit operator string(UserType value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is UserType other && Equals(other); + public bool Equals(UserType other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } } diff --git a/sdk/dotnet/Authorization/GetRoleManagementPolicy.cs b/sdk/dotnet/Authorization/GetRoleManagementPolicy.cs new file mode 100644 index 000000000000..3ef1a81d3535 --- /dev/null +++ b/sdk/dotnet/Authorization/GetRoleManagementPolicy.cs @@ -0,0 +1,167 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization +{ + public static class GetRoleManagementPolicy + { + /// + /// Get the specified role management policy for a resource scope + /// Azure REST API version: 2024-09-01-preview. + /// + /// Other available API versions: 2020-10-01, 2020-10-01-preview, 2024-02-01-preview. + /// + public static Task InvokeAsync(GetRoleManagementPolicyArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.InvokeAsync("azure-native:authorization:getRoleManagementPolicy", args ?? new GetRoleManagementPolicyArgs(), options.WithDefaults()); + + /// + /// Get the specified role management policy for a resource scope + /// Azure REST API version: 2024-09-01-preview. + /// + /// Other available API versions: 2020-10-01, 2020-10-01-preview, 2024-02-01-preview. + /// + public static Output Invoke(GetRoleManagementPolicyInvokeArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.Invoke("azure-native:authorization:getRoleManagementPolicy", args ?? new GetRoleManagementPolicyInvokeArgs(), options.WithDefaults()); + } + + + public sealed class GetRoleManagementPolicyArgs : global::Pulumi.InvokeArgs + { + /// + /// The name (guid) of the role management policy to get. + /// + [Input("roleManagementPolicyName", required: true)] + public string RoleManagementPolicyName { get; set; } = null!; + + /// + /// The scope of the role management policy. + /// + [Input("scope", required: true)] + public string Scope { get; set; } = null!; + + public GetRoleManagementPolicyArgs() + { + } + public static new GetRoleManagementPolicyArgs Empty => new GetRoleManagementPolicyArgs(); + } + + public sealed class GetRoleManagementPolicyInvokeArgs : global::Pulumi.InvokeArgs + { + /// + /// The name (guid) of the role management policy to get. + /// + [Input("roleManagementPolicyName", required: true)] + public Input RoleManagementPolicyName { get; set; } = null!; + + /// + /// The scope of the role management policy. + /// + [Input("scope", required: true)] + public Input Scope { get; set; } = null!; + + public GetRoleManagementPolicyInvokeArgs() + { + } + public static new GetRoleManagementPolicyInvokeArgs Empty => new GetRoleManagementPolicyInvokeArgs(); + } + + + [OutputType] + public sealed class GetRoleManagementPolicyResult + { + /// + /// The role management policy description. + /// + public readonly string? Description; + /// + /// The role management policy display name. + /// + public readonly string? DisplayName; + /// + /// The readonly computed rule applied to the policy. + /// + public readonly ImmutableArray EffectiveRules; + /// + /// The role management policy Id. + /// + public readonly string Id; + /// + /// The role management policy is default policy. + /// + public readonly bool? IsOrganizationDefault; + /// + /// The name of the entity last modified it + /// + public readonly Outputs.PrincipalResponse LastModifiedBy; + /// + /// The last modified date time. + /// + public readonly string LastModifiedDateTime; + /// + /// The role management policy name. + /// + public readonly string Name; + /// + /// Additional properties of scope + /// + public readonly Outputs.PolicyPropertiesResponse PolicyProperties; + /// + /// The rule applied to the policy. + /// + public readonly ImmutableArray Rules; + /// + /// The role management policy scope. + /// + public readonly string? Scope; + /// + /// The role management policy type. + /// + public readonly string Type; + + [OutputConstructor] + private GetRoleManagementPolicyResult( + string? description, + + string? displayName, + + ImmutableArray effectiveRules, + + string id, + + bool? isOrganizationDefault, + + Outputs.PrincipalResponse lastModifiedBy, + + string lastModifiedDateTime, + + string name, + + Outputs.PolicyPropertiesResponse policyProperties, + + ImmutableArray rules, + + string? scope, + + string type) + { + Description = description; + DisplayName = displayName; + EffectiveRules = effectiveRules; + Id = id; + IsOrganizationDefault = isOrganizationDefault; + LastModifiedBy = lastModifiedBy; + LastModifiedDateTime = lastModifiedDateTime; + Name = name; + PolicyProperties = policyProperties; + Rules = rules; + Scope = scope; + Type = type; + } + } +} diff --git a/sdk/dotnet/Authorization/Inputs/ApprovalSettingsArgs.cs b/sdk/dotnet/Authorization/Inputs/ApprovalSettingsArgs.cs new file mode 100644 index 000000000000..d9122bf6f5e1 --- /dev/null +++ b/sdk/dotnet/Authorization/Inputs/ApprovalSettingsArgs.cs @@ -0,0 +1,59 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Inputs +{ + + /// + /// The approval settings. + /// + public sealed class ApprovalSettingsArgs : global::Pulumi.ResourceArgs + { + /// + /// The type of rule + /// + [Input("approvalMode")] + public InputUnion? ApprovalMode { get; set; } + + [Input("approvalStages")] + private InputList? _approvalStages; + + /// + /// The approval stages of the request. + /// + public InputList ApprovalStages + { + get => _approvalStages ?? (_approvalStages = new InputList()); + set => _approvalStages = value; + } + + /// + /// Determines whether approval is required or not. + /// + [Input("isApprovalRequired")] + public Input? IsApprovalRequired { get; set; } + + /// + /// Determines whether approval is required for assignment extension. + /// + [Input("isApprovalRequiredForExtension")] + public Input? IsApprovalRequiredForExtension { get; set; } + + /// + /// Determine whether requestor justification is required. + /// + [Input("isRequestorJustificationRequired")] + public Input? IsRequestorJustificationRequired { get; set; } + + public ApprovalSettingsArgs() + { + } + public static new ApprovalSettingsArgs Empty => new ApprovalSettingsArgs(); + } +} diff --git a/sdk/dotnet/Authorization/Inputs/ApprovalStageArgs.cs b/sdk/dotnet/Authorization/Inputs/ApprovalStageArgs.cs new file mode 100644 index 000000000000..e6711f18026c --- /dev/null +++ b/sdk/dotnet/Authorization/Inputs/ApprovalStageArgs.cs @@ -0,0 +1,71 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Inputs +{ + + /// + /// The approval stage. + /// + public sealed class ApprovalStageArgs : global::Pulumi.ResourceArgs + { + /// + /// The time in days when approval request would be timed out + /// + [Input("approvalStageTimeOutInDays")] + public Input? ApprovalStageTimeOutInDays { get; set; } + + [Input("escalationApprovers")] + private InputList? _escalationApprovers; + + /// + /// The escalation approver of the request. + /// + public InputList EscalationApprovers + { + get => _escalationApprovers ?? (_escalationApprovers = new InputList()); + set => _escalationApprovers = value; + } + + /// + /// The time in minutes when the approval request would be escalated if the primary approver does not approve + /// + [Input("escalationTimeInMinutes")] + public Input? EscalationTimeInMinutes { get; set; } + + /// + /// Determines whether approver need to provide justification for his decision. + /// + [Input("isApproverJustificationRequired")] + public Input? IsApproverJustificationRequired { get; set; } + + /// + /// The value determine whether escalation feature is enabled. + /// + [Input("isEscalationEnabled")] + public Input? IsEscalationEnabled { get; set; } + + [Input("primaryApprovers")] + private InputList? _primaryApprovers; + + /// + /// The primary approver of the request. + /// + public InputList PrimaryApprovers + { + get => _primaryApprovers ?? (_primaryApprovers = new InputList()); + set => _primaryApprovers = value; + } + + public ApprovalStageArgs() + { + } + public static new ApprovalStageArgs Empty => new ApprovalStageArgs(); + } +} diff --git a/sdk/dotnet/Authorization/Inputs/PIMOnlyModeSettingsArgs.cs b/sdk/dotnet/Authorization/Inputs/PIMOnlyModeSettingsArgs.cs new file mode 100644 index 000000000000..904f7e8179ec --- /dev/null +++ b/sdk/dotnet/Authorization/Inputs/PIMOnlyModeSettingsArgs.cs @@ -0,0 +1,53 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Inputs +{ + + /// + /// The PIM Only Mode settings. + /// + public sealed class PIMOnlyModeSettingsArgs : global::Pulumi.ResourceArgs + { + [Input("excludedAssignmentTypes")] + private InputList>? _excludedAssignmentTypes; + + /// + /// The list of excluded assignment types allowed. + /// + public InputList> ExcludedAssignmentTypes + { + get => _excludedAssignmentTypes ?? (_excludedAssignmentTypes = new InputList>()); + set => _excludedAssignmentTypes = value; + } + + [Input("excludes")] + private InputList? _excludes; + + /// + /// The list of excluded entities that the rule does not apply to. + /// + public InputList Excludes + { + get => _excludes ?? (_excludes = new InputList()); + set => _excludes = value; + } + + /// + /// Determines whether the setting is enabled, disabled or report only. + /// + [Input("mode")] + public InputUnion? Mode { get; set; } + + public PIMOnlyModeSettingsArgs() + { + } + public static new PIMOnlyModeSettingsArgs Empty => new PIMOnlyModeSettingsArgs(); + } +} diff --git a/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyApprovalRuleArgs.cs b/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyApprovalRuleArgs.cs new file mode 100644 index 000000000000..8ce48abab677 --- /dev/null +++ b/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyApprovalRuleArgs.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Inputs +{ + + /// + /// The role management policy approval rule. + /// + public sealed class RoleManagementPolicyApprovalRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyApprovalRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The approval setting + /// + [Input("setting")] + public Input? Setting { get; set; } + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyApprovalRuleArgs() + { + } + public static new RoleManagementPolicyApprovalRuleArgs Empty => new RoleManagementPolicyApprovalRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyAuthenticationContextRuleArgs.cs b/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyAuthenticationContextRuleArgs.cs new file mode 100644 index 000000000000..7f1859bcfd7f --- /dev/null +++ b/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyAuthenticationContextRuleArgs.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Inputs +{ + + /// + /// The role management policy authentication context rule. + /// + public sealed class RoleManagementPolicyAuthenticationContextRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The claim value. + /// + [Input("claimValue")] + public Input? ClaimValue { get; set; } + + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The value indicating if rule is enabled. + /// + [Input("isEnabled")] + public Input? IsEnabled { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyAuthenticationContextRuleArgs() + { + } + public static new RoleManagementPolicyAuthenticationContextRuleArgs Empty => new RoleManagementPolicyAuthenticationContextRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyEnablementRuleArgs.cs b/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyEnablementRuleArgs.cs new file mode 100644 index 000000000000..a9d547029564 --- /dev/null +++ b/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyEnablementRuleArgs.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Inputs +{ + + /// + /// The role management policy enablement rule. + /// + public sealed class RoleManagementPolicyEnablementRuleArgs : global::Pulumi.ResourceArgs + { + [Input("enabledRules")] + private InputList>? _enabledRules; + + /// + /// The list of enabled rules. + /// + public InputList> EnabledRules + { + get => _enabledRules ?? (_enabledRules = new InputList>()); + set => _enabledRules = value; + } + + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyEnablementRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyEnablementRuleArgs() + { + } + public static new RoleManagementPolicyEnablementRuleArgs Empty => new RoleManagementPolicyEnablementRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyExpirationRuleArgs.cs b/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyExpirationRuleArgs.cs new file mode 100644 index 000000000000..16fc447e321f --- /dev/null +++ b/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyExpirationRuleArgs.cs @@ -0,0 +1,66 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Inputs +{ + + /// + /// The role management policy expiration rule. + /// + public sealed class RoleManagementPolicyExpirationRuleArgs : global::Pulumi.ResourceArgs + { + [Input("exceptionMembers")] + private InputList? _exceptionMembers; + + /// + /// The members not restricted by expiration rule. + /// + public InputList ExceptionMembers + { + get => _exceptionMembers ?? (_exceptionMembers = new InputList()); + set => _exceptionMembers = value; + } + + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The value indicating whether expiration is required. + /// + [Input("isExpirationRequired")] + public Input? IsExpirationRequired { get; set; } + + /// + /// The maximum duration of expiration in timespan. + /// + [Input("maximumDuration")] + public Input? MaximumDuration { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyExpirationRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyExpirationRuleArgs() + { + } + public static new RoleManagementPolicyExpirationRuleArgs Empty => new RoleManagementPolicyExpirationRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyNotificationRuleArgs.cs b/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyNotificationRuleArgs.cs new file mode 100644 index 000000000000..0d2170ee720e --- /dev/null +++ b/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyNotificationRuleArgs.cs @@ -0,0 +1,78 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Inputs +{ + + /// + /// The role management policy notification rule. + /// + public sealed class RoleManagementPolicyNotificationRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// Determines if the notification will be sent to the recipient type specified in the policy rule. + /// + [Input("isDefaultRecipientsEnabled")] + public Input? IsDefaultRecipientsEnabled { get; set; } + + /// + /// The notification level. + /// + [Input("notificationLevel")] + public InputUnion? NotificationLevel { get; set; } + + [Input("notificationRecipients")] + private InputList? _notificationRecipients; + + /// + /// The list of notification recipients. + /// + public InputList NotificationRecipients + { + get => _notificationRecipients ?? (_notificationRecipients = new InputList()); + set => _notificationRecipients = value; + } + + /// + /// The type of notification. + /// + [Input("notificationType")] + public InputUnion? NotificationType { get; set; } + + /// + /// The recipient type. + /// + [Input("recipientType")] + public InputUnion? RecipientType { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyNotificationRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyNotificationRuleArgs() + { + } + public static new RoleManagementPolicyNotificationRuleArgs Empty => new RoleManagementPolicyNotificationRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyPimOnlyModeRuleArgs.cs b/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyPimOnlyModeRuleArgs.cs new file mode 100644 index 000000000000..1e20092c3484 --- /dev/null +++ b/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyPimOnlyModeRuleArgs.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Inputs +{ + + /// + /// The role management policy PIM only mode rule. + /// + public sealed class RoleManagementPolicyPimOnlyModeRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The PIM Only Mode settings + /// + [Input("pimOnlyModeSettings")] + public Input? PimOnlyModeSettings { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyPimOnlyModeRuleArgs() + { + } + public static new RoleManagementPolicyPimOnlyModeRuleArgs Empty => new RoleManagementPolicyPimOnlyModeRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyRuleTargetArgs.cs b/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyRuleTargetArgs.cs new file mode 100644 index 000000000000..b4cb355d1c1f --- /dev/null +++ b/sdk/dotnet/Authorization/Inputs/RoleManagementPolicyRuleTargetArgs.cs @@ -0,0 +1,83 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Inputs +{ + + /// + /// The role management policy rule target. + /// + public sealed class RoleManagementPolicyRuleTargetArgs : global::Pulumi.ResourceArgs + { + /// + /// The caller of the setting. + /// + [Input("caller")] + public Input? Caller { get; set; } + + [Input("enforcedSettings")] + private InputList? _enforcedSettings; + + /// + /// The list of enforced settings. + /// + public InputList EnforcedSettings + { + get => _enforcedSettings ?? (_enforcedSettings = new InputList()); + set => _enforcedSettings = value; + } + + [Input("inheritableSettings")] + private InputList? _inheritableSettings; + + /// + /// The list of inheritable settings. + /// + public InputList InheritableSettings + { + get => _inheritableSettings ?? (_inheritableSettings = new InputList()); + set => _inheritableSettings = value; + } + + /// + /// The assignment level to which rule is applied. + /// + [Input("level")] + public Input? Level { get; set; } + + [Input("operations")] + private InputList? _operations; + + /// + /// The type of operation. + /// + public InputList Operations + { + get => _operations ?? (_operations = new InputList()); + set => _operations = value; + } + + [Input("targetObjects")] + private InputList? _targetObjects; + + /// + /// The list of target objects. + /// + public InputList TargetObjects + { + get => _targetObjects ?? (_targetObjects = new InputList()); + set => _targetObjects = value; + } + + public RoleManagementPolicyRuleTargetArgs() + { + } + public static new RoleManagementPolicyRuleTargetArgs Empty => new RoleManagementPolicyRuleTargetArgs(); + } +} diff --git a/sdk/dotnet/Authorization/Inputs/UserSetArgs.cs b/sdk/dotnet/Authorization/Inputs/UserSetArgs.cs new file mode 100644 index 000000000000..7e5ddf617193 --- /dev/null +++ b/sdk/dotnet/Authorization/Inputs/UserSetArgs.cs @@ -0,0 +1,47 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Inputs +{ + + /// + /// The detail of a user. + /// + public sealed class UserSetArgs : global::Pulumi.ResourceArgs + { + /// + /// The description of the user. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// The object id of the user. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The value indicating whether the user is a backup fallback approver + /// + [Input("isBackup")] + public Input? IsBackup { get; set; } + + /// + /// The type of user. + /// + [Input("userType")] + public InputUnion? UserType { get; set; } + + public UserSetArgs() + { + } + public static new UserSetArgs Empty => new UserSetArgs(); + } +} diff --git a/sdk/dotnet/Authorization/Inputs/UsersOrServicePrincipalSetArgs.cs b/sdk/dotnet/Authorization/Inputs/UsersOrServicePrincipalSetArgs.cs new file mode 100644 index 000000000000..1401263f3c78 --- /dev/null +++ b/sdk/dotnet/Authorization/Inputs/UsersOrServicePrincipalSetArgs.cs @@ -0,0 +1,41 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Inputs +{ + + /// + /// The detail of a subject. + /// + public sealed class UsersOrServicePrincipalSetArgs : global::Pulumi.ResourceArgs + { + /// + /// The display Name of the entity. + /// + [Input("displayName")] + public Input? DisplayName { get; set; } + + /// + /// The object id of the entity. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The type of user. + /// + [Input("type")] + public InputUnion? Type { get; set; } + + public UsersOrServicePrincipalSetArgs() + { + } + public static new UsersOrServicePrincipalSetArgs Empty => new UsersOrServicePrincipalSetArgs(); + } +} diff --git a/sdk/dotnet/Authorization/Outputs/PIMOnlyModeSettingsResponse.cs b/sdk/dotnet/Authorization/Outputs/PIMOnlyModeSettingsResponse.cs new file mode 100644 index 000000000000..e99d115a542e --- /dev/null +++ b/sdk/dotnet/Authorization/Outputs/PIMOnlyModeSettingsResponse.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Outputs +{ + + /// + /// The PIM Only Mode settings. + /// + [OutputType] + public sealed class PIMOnlyModeSettingsResponse + { + /// + /// The list of excluded assignment types allowed. + /// + public readonly ImmutableArray ExcludedAssignmentTypes; + /// + /// The list of excluded entities that the rule does not apply to. + /// + public readonly ImmutableArray Excludes; + /// + /// Determines whether the setting is enabled, disabled or report only. + /// + public readonly string? Mode; + + [OutputConstructor] + private PIMOnlyModeSettingsResponse( + ImmutableArray excludedAssignmentTypes, + + ImmutableArray excludes, + + string? mode) + { + ExcludedAssignmentTypes = excludedAssignmentTypes; + Excludes = excludes; + Mode = mode; + } + } +} diff --git a/sdk/dotnet/Authorization/Outputs/PolicyPropertiesResponse.cs b/sdk/dotnet/Authorization/Outputs/PolicyPropertiesResponse.cs new file mode 100644 index 000000000000..7ff55a8efac2 --- /dev/null +++ b/sdk/dotnet/Authorization/Outputs/PolicyPropertiesResponse.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Outputs +{ + + /// + /// Expanded info of resource scope + /// + [OutputType] + public sealed class PolicyPropertiesResponse + { + /// + /// Details of the resource scope + /// + public readonly Outputs.PolicyPropertiesResponseScope Scope; + + [OutputConstructor] + private PolicyPropertiesResponse(Outputs.PolicyPropertiesResponseScope scope) + { + Scope = scope; + } + } +} diff --git a/sdk/dotnet/Authorization/Outputs/PolicyPropertiesResponseScope.cs b/sdk/dotnet/Authorization/Outputs/PolicyPropertiesResponseScope.cs new file mode 100644 index 000000000000..1163e7706e17 --- /dev/null +++ b/sdk/dotnet/Authorization/Outputs/PolicyPropertiesResponseScope.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Outputs +{ + + /// + /// Details of the resource scope + /// + [OutputType] + public sealed class PolicyPropertiesResponseScope + { + /// + /// Display name of the resource + /// + public readonly string? DisplayName; + /// + /// Scope id of the resource + /// + public readonly string? Id; + /// + /// Type of the resource + /// + public readonly string? Type; + + [OutputConstructor] + private PolicyPropertiesResponseScope( + string? displayName, + + string? id, + + string? type) + { + DisplayName = displayName; + Id = id; + Type = type; + } + } +} diff --git a/sdk/dotnet/Authorization/Outputs/RoleManagementPolicyExpirationRuleResponse.cs b/sdk/dotnet/Authorization/Outputs/RoleManagementPolicyExpirationRuleResponse.cs index d1fab69506bf..6126757fef68 100644 --- a/sdk/dotnet/Authorization/Outputs/RoleManagementPolicyExpirationRuleResponse.cs +++ b/sdk/dotnet/Authorization/Outputs/RoleManagementPolicyExpirationRuleResponse.cs @@ -16,6 +16,10 @@ namespace Pulumi.AzureNative.Authorization.Outputs [OutputType] public sealed class RoleManagementPolicyExpirationRuleResponse { + /// + /// The members not restricted by expiration rule. + /// + public readonly ImmutableArray ExceptionMembers; /// /// The id of the rule. /// @@ -40,6 +44,8 @@ public sealed class RoleManagementPolicyExpirationRuleResponse [OutputConstructor] private RoleManagementPolicyExpirationRuleResponse( + ImmutableArray exceptionMembers, + string? id, bool? isExpirationRequired, @@ -50,6 +56,7 @@ private RoleManagementPolicyExpirationRuleResponse( Outputs.RoleManagementPolicyRuleTargetResponse? target) { + ExceptionMembers = exceptionMembers; Id = id; IsExpirationRequired = isExpirationRequired; MaximumDuration = maximumDuration; diff --git a/sdk/dotnet/Authorization/Outputs/RoleManagementPolicyPimOnlyModeRuleResponse.cs b/sdk/dotnet/Authorization/Outputs/RoleManagementPolicyPimOnlyModeRuleResponse.cs new file mode 100644 index 000000000000..764a16ee60eb --- /dev/null +++ b/sdk/dotnet/Authorization/Outputs/RoleManagementPolicyPimOnlyModeRuleResponse.cs @@ -0,0 +1,53 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Outputs +{ + + /// + /// The role management policy PIM only mode rule. + /// + [OutputType] + public sealed class RoleManagementPolicyPimOnlyModeRuleResponse + { + /// + /// The id of the rule. + /// + public readonly string? Id; + /// + /// The PIM Only Mode settings + /// + public readonly Outputs.PIMOnlyModeSettingsResponse? PimOnlyModeSettings; + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + /// + public readonly string RuleType; + /// + /// The target of the current rule. + /// + public readonly Outputs.RoleManagementPolicyRuleTargetResponse? Target; + + [OutputConstructor] + private RoleManagementPolicyPimOnlyModeRuleResponse( + string? id, + + Outputs.PIMOnlyModeSettingsResponse? pimOnlyModeSettings, + + string ruleType, + + Outputs.RoleManagementPolicyRuleTargetResponse? target) + { + Id = id; + PimOnlyModeSettings = pimOnlyModeSettings; + RuleType = ruleType; + Target = target; + } + } +} diff --git a/sdk/dotnet/Authorization/Outputs/UsersOrServicePrincipalSetResponse.cs b/sdk/dotnet/Authorization/Outputs/UsersOrServicePrincipalSetResponse.cs new file mode 100644 index 000000000000..175c2803b7a1 --- /dev/null +++ b/sdk/dotnet/Authorization/Outputs/UsersOrServicePrincipalSetResponse.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.Outputs +{ + + /// + /// The detail of a subject. + /// + [OutputType] + public sealed class UsersOrServicePrincipalSetResponse + { + /// + /// The display Name of the entity. + /// + public readonly string? DisplayName; + /// + /// The object id of the entity. + /// + public readonly string? Id; + /// + /// The type of user. + /// + public readonly string? Type; + + [OutputConstructor] + private UsersOrServicePrincipalSetResponse( + string? displayName, + + string? id, + + string? type) + { + DisplayName = displayName; + Id = id; + Type = type; + } + } +} diff --git a/sdk/dotnet/Authorization/RoleManagementPolicy.cs b/sdk/dotnet/Authorization/RoleManagementPolicy.cs new file mode 100644 index 000000000000..0980e33ae2b2 --- /dev/null +++ b/sdk/dotnet/Authorization/RoleManagementPolicy.cs @@ -0,0 +1,186 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization +{ + /// + /// Role management policy + /// Azure REST API version: 2024-09-01-preview. + /// + /// Other available API versions: 2020-10-01, 2020-10-01-preview, 2024-02-01-preview. + /// + [AzureNativeResourceType("azure-native:authorization:RoleManagementPolicy")] + public partial class RoleManagementPolicy : global::Pulumi.CustomResource + { + /// + /// The role management policy description. + /// + [Output("description")] + public Output Description { get; private set; } = null!; + + /// + /// The role management policy display name. + /// + [Output("displayName")] + public Output DisplayName { get; private set; } = null!; + + /// + /// The readonly computed rule applied to the policy. + /// + [Output("effectiveRules")] + public Output> EffectiveRules { get; private set; } = null!; + + /// + /// The role management policy is default policy. + /// + [Output("isOrganizationDefault")] + public Output IsOrganizationDefault { get; private set; } = null!; + + /// + /// The name of the entity last modified it + /// + [Output("lastModifiedBy")] + public Output LastModifiedBy { get; private set; } = null!; + + /// + /// The last modified date time. + /// + [Output("lastModifiedDateTime")] + public Output LastModifiedDateTime { get; private set; } = null!; + + /// + /// The role management policy name. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// Additional properties of scope + /// + [Output("policyProperties")] + public Output PolicyProperties { get; private set; } = null!; + + /// + /// The rule applied to the policy. + /// + [Output("rules")] + public Output> Rules { get; private set; } = null!; + + /// + /// The role management policy scope. + /// + [Output("scope")] + public Output Scope { get; private set; } = null!; + + /// + /// The role management policy type. + /// + [Output("type")] + public Output Type { get; private set; } = null!; + + + /// + /// Create a RoleManagementPolicy resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public RoleManagementPolicy(string name, RoleManagementPolicyArgs args, CustomResourceOptions? options = null) + : base("azure-native:authorization:RoleManagementPolicy", name, args ?? new RoleManagementPolicyArgs(), MakeResourceOptions(options, "")) + { + } + + private RoleManagementPolicy(string name, Input id, CustomResourceOptions? options = null) + : base("azure-native:authorization:RoleManagementPolicy", name, null, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + Aliases = + { + new global::Pulumi.Alias { Type = "azure-native:authorization/v20201001:RoleManagementPolicy" }, + new global::Pulumi.Alias { Type = "azure-native:authorization/v20201001preview:RoleManagementPolicy" }, + new global::Pulumi.Alias { Type = "azure-native:authorization/v20240201preview:RoleManagementPolicy" }, + new global::Pulumi.Alias { Type = "azure-native:authorization/v20240901preview:RoleManagementPolicy" }, + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing RoleManagementPolicy resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// A bag of options that control this resource's behavior + public static RoleManagementPolicy Get(string name, Input id, CustomResourceOptions? options = null) + { + return new RoleManagementPolicy(name, id, options); + } + } + + public sealed class RoleManagementPolicyArgs : global::Pulumi.ResourceArgs + { + /// + /// The role management policy description. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// The role management policy display name. + /// + [Input("displayName")] + public Input? DisplayName { get; set; } + + /// + /// The role management policy is default policy. + /// + [Input("isOrganizationDefault")] + public Input? IsOrganizationDefault { get; set; } + + /// + /// The name (guid) of the role management policy to upsert. + /// + [Input("roleManagementPolicyName")] + public Input? RoleManagementPolicyName { get; set; } + + [Input("rules")] + private InputList? _rules; + + /// + /// The rule applied to the policy. + /// + public InputList Rules + { + get => _rules ?? (_rules = new InputList()); + set => _rules = value; + } + + /// + /// The role management policy scope. + /// + [Input("scope", required: true)] + public Input Scope { get; set; } = null!; + + public RoleManagementPolicyArgs() + { + } + public static new RoleManagementPolicyArgs Empty => new RoleManagementPolicyArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001/Enums.cs b/sdk/dotnet/Authorization/V20201001/Enums.cs new file mode 100644 index 000000000000..6368985615d7 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001/Enums.cs @@ -0,0 +1,233 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.ComponentModel; +using Pulumi; + +namespace Pulumi.AzureNative.Authorization.V20201001 +{ + /// + /// The type of rule + /// + [EnumType] + public readonly struct ApprovalMode : IEquatable + { + private readonly string _value; + + private ApprovalMode(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static ApprovalMode SingleStage { get; } = new ApprovalMode("SingleStage"); + public static ApprovalMode Serial { get; } = new ApprovalMode("Serial"); + public static ApprovalMode Parallel { get; } = new ApprovalMode("Parallel"); + public static ApprovalMode NoApproval { get; } = new ApprovalMode("NoApproval"); + + public static bool operator ==(ApprovalMode left, ApprovalMode right) => left.Equals(right); + public static bool operator !=(ApprovalMode left, ApprovalMode right) => !left.Equals(right); + + public static explicit operator string(ApprovalMode value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is ApprovalMode other && Equals(other); + public bool Equals(ApprovalMode other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The type of enablement rule + /// + [EnumType] + public readonly struct EnablementRules : IEquatable + { + private readonly string _value; + + private EnablementRules(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static EnablementRules MultiFactorAuthentication { get; } = new EnablementRules("MultiFactorAuthentication"); + public static EnablementRules Justification { get; } = new EnablementRules("Justification"); + public static EnablementRules Ticketing { get; } = new EnablementRules("Ticketing"); + + public static bool operator ==(EnablementRules left, EnablementRules right) => left.Equals(right); + public static bool operator !=(EnablementRules left, EnablementRules right) => !left.Equals(right); + + public static explicit operator string(EnablementRules value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is EnablementRules other && Equals(other); + public bool Equals(EnablementRules other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The type of notification. + /// + [EnumType] + public readonly struct NotificationDeliveryMechanism : IEquatable + { + private readonly string _value; + + private NotificationDeliveryMechanism(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static NotificationDeliveryMechanism Email { get; } = new NotificationDeliveryMechanism("Email"); + + public static bool operator ==(NotificationDeliveryMechanism left, NotificationDeliveryMechanism right) => left.Equals(right); + public static bool operator !=(NotificationDeliveryMechanism left, NotificationDeliveryMechanism right) => !left.Equals(right); + + public static explicit operator string(NotificationDeliveryMechanism value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is NotificationDeliveryMechanism other && Equals(other); + public bool Equals(NotificationDeliveryMechanism other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The notification level. + /// + [EnumType] + public readonly struct NotificationLevel : IEquatable + { + private readonly string _value; + + private NotificationLevel(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static NotificationLevel None { get; } = new NotificationLevel("None"); + public static NotificationLevel Critical { get; } = new NotificationLevel("Critical"); + public static NotificationLevel All { get; } = new NotificationLevel("All"); + + public static bool operator ==(NotificationLevel left, NotificationLevel right) => left.Equals(right); + public static bool operator !=(NotificationLevel left, NotificationLevel right) => !left.Equals(right); + + public static explicit operator string(NotificationLevel value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is NotificationLevel other && Equals(other); + public bool Equals(NotificationLevel other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The recipient type. + /// + [EnumType] + public readonly struct RecipientType : IEquatable + { + private readonly string _value; + + private RecipientType(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static RecipientType Requestor { get; } = new RecipientType("Requestor"); + public static RecipientType Approver { get; } = new RecipientType("Approver"); + public static RecipientType Admin { get; } = new RecipientType("Admin"); + + public static bool operator ==(RecipientType left, RecipientType right) => left.Equals(right); + public static bool operator !=(RecipientType left, RecipientType right) => !left.Equals(right); + + public static explicit operator string(RecipientType value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is RecipientType other && Equals(other); + public bool Equals(RecipientType other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The type of rule + /// + [EnumType] + public readonly struct RoleManagementPolicyRuleType : IEquatable + { + private readonly string _value; + + private RoleManagementPolicyRuleType(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static RoleManagementPolicyRuleType RoleManagementPolicyApprovalRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyApprovalRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyAuthenticationContextRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyAuthenticationContextRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyEnablementRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyEnablementRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyExpirationRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyExpirationRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyNotificationRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyNotificationRule"); + + public static bool operator ==(RoleManagementPolicyRuleType left, RoleManagementPolicyRuleType right) => left.Equals(right); + public static bool operator !=(RoleManagementPolicyRuleType left, RoleManagementPolicyRuleType right) => !left.Equals(right); + + public static explicit operator string(RoleManagementPolicyRuleType value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is RoleManagementPolicyRuleType other && Equals(other); + public bool Equals(RoleManagementPolicyRuleType other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The type of user. + /// + [EnumType] + public readonly struct UserType : IEquatable + { + private readonly string _value; + + private UserType(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static UserType User { get; } = new UserType("User"); + public static UserType Group { get; } = new UserType("Group"); + + public static bool operator ==(UserType left, UserType right) => left.Equals(right); + public static bool operator !=(UserType left, UserType right) => !left.Equals(right); + + public static explicit operator string(UserType value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is UserType other && Equals(other); + public bool Equals(UserType other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } +} diff --git a/sdk/dotnet/Authorization/V20201001/GetRoleManagementPolicy.cs b/sdk/dotnet/Authorization/V20201001/GetRoleManagementPolicy.cs new file mode 100644 index 000000000000..da8676a6c913 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001/GetRoleManagementPolicy.cs @@ -0,0 +1,161 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001 +{ + public static class GetRoleManagementPolicy + { + /// + /// Get the specified role management policy for a resource scope + /// + public static Task InvokeAsync(GetRoleManagementPolicyArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.InvokeAsync("azure-native:authorization/v20201001:getRoleManagementPolicy", args ?? new GetRoleManagementPolicyArgs(), options.WithDefaults()); + + /// + /// Get the specified role management policy for a resource scope + /// + public static Output Invoke(GetRoleManagementPolicyInvokeArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.Invoke("azure-native:authorization/v20201001:getRoleManagementPolicy", args ?? new GetRoleManagementPolicyInvokeArgs(), options.WithDefaults()); + } + + + public sealed class GetRoleManagementPolicyArgs : global::Pulumi.InvokeArgs + { + /// + /// The name (guid) of the role management policy to get. + /// + [Input("roleManagementPolicyName", required: true)] + public string RoleManagementPolicyName { get; set; } = null!; + + /// + /// The scope of the role management policy. + /// + [Input("scope", required: true)] + public string Scope { get; set; } = null!; + + public GetRoleManagementPolicyArgs() + { + } + public static new GetRoleManagementPolicyArgs Empty => new GetRoleManagementPolicyArgs(); + } + + public sealed class GetRoleManagementPolicyInvokeArgs : global::Pulumi.InvokeArgs + { + /// + /// The name (guid) of the role management policy to get. + /// + [Input("roleManagementPolicyName", required: true)] + public Input RoleManagementPolicyName { get; set; } = null!; + + /// + /// The scope of the role management policy. + /// + [Input("scope", required: true)] + public Input Scope { get; set; } = null!; + + public GetRoleManagementPolicyInvokeArgs() + { + } + public static new GetRoleManagementPolicyInvokeArgs Empty => new GetRoleManagementPolicyInvokeArgs(); + } + + + [OutputType] + public sealed class GetRoleManagementPolicyResult + { + /// + /// The role management policy description. + /// + public readonly string? Description; + /// + /// The role management policy display name. + /// + public readonly string? DisplayName; + /// + /// The readonly computed rule applied to the policy. + /// + public readonly ImmutableArray EffectiveRules; + /// + /// The role management policy Id. + /// + public readonly string Id; + /// + /// The role management policy is default policy. + /// + public readonly bool? IsOrganizationDefault; + /// + /// The name of the entity last modified it + /// + public readonly Outputs.PrincipalResponse LastModifiedBy; + /// + /// The last modified date time. + /// + public readonly string LastModifiedDateTime; + /// + /// The role management policy name. + /// + public readonly string Name; + /// + /// Additional properties of scope + /// + public readonly Outputs.PolicyPropertiesResponse PolicyProperties; + /// + /// The rule applied to the policy. + /// + public readonly ImmutableArray Rules; + /// + /// The role management policy scope. + /// + public readonly string? Scope; + /// + /// The role management policy type. + /// + public readonly string Type; + + [OutputConstructor] + private GetRoleManagementPolicyResult( + string? description, + + string? displayName, + + ImmutableArray effectiveRules, + + string id, + + bool? isOrganizationDefault, + + Outputs.PrincipalResponse lastModifiedBy, + + string lastModifiedDateTime, + + string name, + + Outputs.PolicyPropertiesResponse policyProperties, + + ImmutableArray rules, + + string? scope, + + string type) + { + Description = description; + DisplayName = displayName; + EffectiveRules = effectiveRules; + Id = id; + IsOrganizationDefault = isOrganizationDefault; + LastModifiedBy = lastModifiedBy; + LastModifiedDateTime = lastModifiedDateTime; + Name = name; + PolicyProperties = policyProperties; + Rules = rules; + Scope = scope; + Type = type; + } + } +} diff --git a/sdk/dotnet/Authorization/V20201001/Inputs/ApprovalSettingsArgs.cs b/sdk/dotnet/Authorization/V20201001/Inputs/ApprovalSettingsArgs.cs new file mode 100644 index 000000000000..a9dc0498f281 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001/Inputs/ApprovalSettingsArgs.cs @@ -0,0 +1,59 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001.Inputs +{ + + /// + /// The approval settings. + /// + public sealed class ApprovalSettingsArgs : global::Pulumi.ResourceArgs + { + /// + /// The type of rule + /// + [Input("approvalMode")] + public InputUnion? ApprovalMode { get; set; } + + [Input("approvalStages")] + private InputList? _approvalStages; + + /// + /// The approval stages of the request. + /// + public InputList ApprovalStages + { + get => _approvalStages ?? (_approvalStages = new InputList()); + set => _approvalStages = value; + } + + /// + /// Determines whether approval is required or not. + /// + [Input("isApprovalRequired")] + public Input? IsApprovalRequired { get; set; } + + /// + /// Determines whether approval is required for assignment extension. + /// + [Input("isApprovalRequiredForExtension")] + public Input? IsApprovalRequiredForExtension { get; set; } + + /// + /// Determine whether requestor justification is required. + /// + [Input("isRequestorJustificationRequired")] + public Input? IsRequestorJustificationRequired { get; set; } + + public ApprovalSettingsArgs() + { + } + public static new ApprovalSettingsArgs Empty => new ApprovalSettingsArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001/Inputs/ApprovalStageArgs.cs b/sdk/dotnet/Authorization/V20201001/Inputs/ApprovalStageArgs.cs new file mode 100644 index 000000000000..e0ca3ef1be5f --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001/Inputs/ApprovalStageArgs.cs @@ -0,0 +1,71 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001.Inputs +{ + + /// + /// The approval stage. + /// + public sealed class ApprovalStageArgs : global::Pulumi.ResourceArgs + { + /// + /// The time in days when approval request would be timed out + /// + [Input("approvalStageTimeOutInDays")] + public Input? ApprovalStageTimeOutInDays { get; set; } + + [Input("escalationApprovers")] + private InputList? _escalationApprovers; + + /// + /// The escalation approver of the request. + /// + public InputList EscalationApprovers + { + get => _escalationApprovers ?? (_escalationApprovers = new InputList()); + set => _escalationApprovers = value; + } + + /// + /// The time in minutes when the approval request would be escalated if the primary approver does not approve + /// + [Input("escalationTimeInMinutes")] + public Input? EscalationTimeInMinutes { get; set; } + + /// + /// Determines whether approver need to provide justification for his decision. + /// + [Input("isApproverJustificationRequired")] + public Input? IsApproverJustificationRequired { get; set; } + + /// + /// The value determine whether escalation feature is enabled. + /// + [Input("isEscalationEnabled")] + public Input? IsEscalationEnabled { get; set; } + + [Input("primaryApprovers")] + private InputList? _primaryApprovers; + + /// + /// The primary approver of the request. + /// + public InputList PrimaryApprovers + { + get => _primaryApprovers ?? (_primaryApprovers = new InputList()); + set => _primaryApprovers = value; + } + + public ApprovalStageArgs() + { + } + public static new ApprovalStageArgs Empty => new ApprovalStageArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyApprovalRuleArgs.cs b/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyApprovalRuleArgs.cs new file mode 100644 index 000000000000..9820a482b630 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyApprovalRuleArgs.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001.Inputs +{ + + /// + /// The role management policy approval rule. + /// + public sealed class RoleManagementPolicyApprovalRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyApprovalRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The approval setting + /// + [Input("setting")] + public Input? Setting { get; set; } + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyApprovalRuleArgs() + { + } + public static new RoleManagementPolicyApprovalRuleArgs Empty => new RoleManagementPolicyApprovalRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyAuthenticationContextRuleArgs.cs b/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyAuthenticationContextRuleArgs.cs new file mode 100644 index 000000000000..802e88ba521a --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyAuthenticationContextRuleArgs.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001.Inputs +{ + + /// + /// The role management policy authentication context rule. + /// + public sealed class RoleManagementPolicyAuthenticationContextRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The claim value. + /// + [Input("claimValue")] + public Input? ClaimValue { get; set; } + + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The value indicating if rule is enabled. + /// + [Input("isEnabled")] + public Input? IsEnabled { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyAuthenticationContextRuleArgs() + { + } + public static new RoleManagementPolicyAuthenticationContextRuleArgs Empty => new RoleManagementPolicyAuthenticationContextRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyEnablementRuleArgs.cs b/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyEnablementRuleArgs.cs new file mode 100644 index 000000000000..f9773789dc26 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyEnablementRuleArgs.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001.Inputs +{ + + /// + /// The role management policy enablement rule. + /// + public sealed class RoleManagementPolicyEnablementRuleArgs : global::Pulumi.ResourceArgs + { + [Input("enabledRules")] + private InputList>? _enabledRules; + + /// + /// The list of enabled rules. + /// + public InputList> EnabledRules + { + get => _enabledRules ?? (_enabledRules = new InputList>()); + set => _enabledRules = value; + } + + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyEnablementRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyEnablementRuleArgs() + { + } + public static new RoleManagementPolicyEnablementRuleArgs Empty => new RoleManagementPolicyEnablementRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyExpirationRuleArgs.cs b/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyExpirationRuleArgs.cs new file mode 100644 index 000000000000..caf5a4d3f1a0 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyExpirationRuleArgs.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001.Inputs +{ + + /// + /// The role management policy expiration rule. + /// + public sealed class RoleManagementPolicyExpirationRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The value indicating whether expiration is required. + /// + [Input("isExpirationRequired")] + public Input? IsExpirationRequired { get; set; } + + /// + /// The maximum duration of expiration in timespan. + /// + [Input("maximumDuration")] + public Input? MaximumDuration { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyExpirationRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyExpirationRuleArgs() + { + } + public static new RoleManagementPolicyExpirationRuleArgs Empty => new RoleManagementPolicyExpirationRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyNotificationRuleArgs.cs b/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyNotificationRuleArgs.cs new file mode 100644 index 000000000000..5f2cc7c11499 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyNotificationRuleArgs.cs @@ -0,0 +1,78 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001.Inputs +{ + + /// + /// The role management policy notification rule. + /// + public sealed class RoleManagementPolicyNotificationRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// Determines if the notification will be sent to the recipient type specified in the policy rule. + /// + [Input("isDefaultRecipientsEnabled")] + public Input? IsDefaultRecipientsEnabled { get; set; } + + /// + /// The notification level. + /// + [Input("notificationLevel")] + public InputUnion? NotificationLevel { get; set; } + + [Input("notificationRecipients")] + private InputList? _notificationRecipients; + + /// + /// The list of notification recipients. + /// + public InputList NotificationRecipients + { + get => _notificationRecipients ?? (_notificationRecipients = new InputList()); + set => _notificationRecipients = value; + } + + /// + /// The type of notification. + /// + [Input("notificationType")] + public InputUnion? NotificationType { get; set; } + + /// + /// The recipient type. + /// + [Input("recipientType")] + public InputUnion? RecipientType { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyNotificationRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyNotificationRuleArgs() + { + } + public static new RoleManagementPolicyNotificationRuleArgs Empty => new RoleManagementPolicyNotificationRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyRuleTargetArgs.cs b/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyRuleTargetArgs.cs new file mode 100644 index 000000000000..a54422f30de3 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001/Inputs/RoleManagementPolicyRuleTargetArgs.cs @@ -0,0 +1,83 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001.Inputs +{ + + /// + /// The role management policy rule target. + /// + public sealed class RoleManagementPolicyRuleTargetArgs : global::Pulumi.ResourceArgs + { + /// + /// The caller of the setting. + /// + [Input("caller")] + public Input? Caller { get; set; } + + [Input("enforcedSettings")] + private InputList? _enforcedSettings; + + /// + /// The list of enforced settings. + /// + public InputList EnforcedSettings + { + get => _enforcedSettings ?? (_enforcedSettings = new InputList()); + set => _enforcedSettings = value; + } + + [Input("inheritableSettings")] + private InputList? _inheritableSettings; + + /// + /// The list of inheritable settings. + /// + public InputList InheritableSettings + { + get => _inheritableSettings ?? (_inheritableSettings = new InputList()); + set => _inheritableSettings = value; + } + + /// + /// The assignment level to which rule is applied. + /// + [Input("level")] + public Input? Level { get; set; } + + [Input("operations")] + private InputList? _operations; + + /// + /// The type of operation. + /// + public InputList Operations + { + get => _operations ?? (_operations = new InputList()); + set => _operations = value; + } + + [Input("targetObjects")] + private InputList? _targetObjects; + + /// + /// The list of target objects. + /// + public InputList TargetObjects + { + get => _targetObjects ?? (_targetObjects = new InputList()); + set => _targetObjects = value; + } + + public RoleManagementPolicyRuleTargetArgs() + { + } + public static new RoleManagementPolicyRuleTargetArgs Empty => new RoleManagementPolicyRuleTargetArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001/Inputs/UserSetArgs.cs b/sdk/dotnet/Authorization/V20201001/Inputs/UserSetArgs.cs new file mode 100644 index 000000000000..65d425a20072 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001/Inputs/UserSetArgs.cs @@ -0,0 +1,47 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001.Inputs +{ + + /// + /// The detail of a user. + /// + public sealed class UserSetArgs : global::Pulumi.ResourceArgs + { + /// + /// The description of the user. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// The object id of the user. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The value indicating whether the user is a backup fallback approver + /// + [Input("isBackup")] + public Input? IsBackup { get; set; } + + /// + /// The type of user. + /// + [Input("userType")] + public InputUnion? UserType { get; set; } + + public UserSetArgs() + { + } + public static new UserSetArgs Empty => new UserSetArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001/Outputs/PolicyPropertiesResponse.cs b/sdk/dotnet/Authorization/V20201001/Outputs/PolicyPropertiesResponse.cs new file mode 100644 index 000000000000..545131d811d6 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001/Outputs/PolicyPropertiesResponse.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001.Outputs +{ + + /// + /// Expanded info of resource scope + /// + [OutputType] + public sealed class PolicyPropertiesResponse + { + /// + /// Details of the resource scope + /// + public readonly Outputs.PolicyPropertiesResponseScope Scope; + + [OutputConstructor] + private PolicyPropertiesResponse(Outputs.PolicyPropertiesResponseScope scope) + { + Scope = scope; + } + } +} diff --git a/sdk/dotnet/Authorization/V20201001/Outputs/PolicyPropertiesResponseScope.cs b/sdk/dotnet/Authorization/V20201001/Outputs/PolicyPropertiesResponseScope.cs new file mode 100644 index 000000000000..29d27f0be2f8 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001/Outputs/PolicyPropertiesResponseScope.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001.Outputs +{ + + /// + /// Details of the resource scope + /// + [OutputType] + public sealed class PolicyPropertiesResponseScope + { + /// + /// Display name of the resource + /// + public readonly string? DisplayName; + /// + /// Scope id of the resource + /// + public readonly string? Id; + /// + /// Type of the resource + /// + public readonly string? Type; + + [OutputConstructor] + private PolicyPropertiesResponseScope( + string? displayName, + + string? id, + + string? type) + { + DisplayName = displayName; + Id = id; + Type = type; + } + } +} diff --git a/sdk/dotnet/Authorization/V20201001/RoleManagementPolicy.cs b/sdk/dotnet/Authorization/V20201001/RoleManagementPolicy.cs new file mode 100644 index 000000000000..b7ea9406adc7 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001/RoleManagementPolicy.cs @@ -0,0 +1,183 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001 +{ + /// + /// Role management policy + /// + [AzureNativeResourceType("azure-native:authorization/v20201001:RoleManagementPolicy")] + public partial class RoleManagementPolicy : global::Pulumi.CustomResource + { + /// + /// The role management policy description. + /// + [Output("description")] + public Output Description { get; private set; } = null!; + + /// + /// The role management policy display name. + /// + [Output("displayName")] + public Output DisplayName { get; private set; } = null!; + + /// + /// The readonly computed rule applied to the policy. + /// + [Output("effectiveRules")] + public Output> EffectiveRules { get; private set; } = null!; + + /// + /// The role management policy is default policy. + /// + [Output("isOrganizationDefault")] + public Output IsOrganizationDefault { get; private set; } = null!; + + /// + /// The name of the entity last modified it + /// + [Output("lastModifiedBy")] + public Output LastModifiedBy { get; private set; } = null!; + + /// + /// The last modified date time. + /// + [Output("lastModifiedDateTime")] + public Output LastModifiedDateTime { get; private set; } = null!; + + /// + /// The role management policy name. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// Additional properties of scope + /// + [Output("policyProperties")] + public Output PolicyProperties { get; private set; } = null!; + + /// + /// The rule applied to the policy. + /// + [Output("rules")] + public Output> Rules { get; private set; } = null!; + + /// + /// The role management policy scope. + /// + [Output("scope")] + public Output Scope { get; private set; } = null!; + + /// + /// The role management policy type. + /// + [Output("type")] + public Output Type { get; private set; } = null!; + + + /// + /// Create a RoleManagementPolicy resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public RoleManagementPolicy(string name, RoleManagementPolicyArgs args, CustomResourceOptions? options = null) + : base("azure-native:authorization/v20201001:RoleManagementPolicy", name, args ?? new RoleManagementPolicyArgs(), MakeResourceOptions(options, "")) + { + } + + private RoleManagementPolicy(string name, Input id, CustomResourceOptions? options = null) + : base("azure-native:authorization/v20201001:RoleManagementPolicy", name, null, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + Aliases = + { + new global::Pulumi.Alias { Type = "azure-native:authorization:RoleManagementPolicy" }, + new global::Pulumi.Alias { Type = "azure-native:authorization/v20201001preview:RoleManagementPolicy" }, + new global::Pulumi.Alias { Type = "azure-native:authorization/v20240201preview:RoleManagementPolicy" }, + new global::Pulumi.Alias { Type = "azure-native:authorization/v20240901preview:RoleManagementPolicy" }, + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing RoleManagementPolicy resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// A bag of options that control this resource's behavior + public static RoleManagementPolicy Get(string name, Input id, CustomResourceOptions? options = null) + { + return new RoleManagementPolicy(name, id, options); + } + } + + public sealed class RoleManagementPolicyArgs : global::Pulumi.ResourceArgs + { + /// + /// The role management policy description. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// The role management policy display name. + /// + [Input("displayName")] + public Input? DisplayName { get; set; } + + /// + /// The role management policy is default policy. + /// + [Input("isOrganizationDefault")] + public Input? IsOrganizationDefault { get; set; } + + /// + /// The name (guid) of the role management policy to upsert. + /// + [Input("roleManagementPolicyName")] + public Input? RoleManagementPolicyName { get; set; } + + [Input("rules")] + private InputList? _rules; + + /// + /// The rule applied to the policy. + /// + public InputList Rules + { + get => _rules ?? (_rules = new InputList()); + set => _rules = value; + } + + /// + /// The role management policy scope. + /// + [Input("scope", required: true)] + public Input Scope { get; set; } = null!; + + public RoleManagementPolicyArgs() + { + } + public static new RoleManagementPolicyArgs Empty => new RoleManagementPolicyArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Enums.cs b/sdk/dotnet/Authorization/V20201001Preview/Enums.cs new file mode 100644 index 000000000000..fc42cccdb15d --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Enums.cs @@ -0,0 +1,233 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.ComponentModel; +using Pulumi; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview +{ + /// + /// The type of rule + /// + [EnumType] + public readonly struct ApprovalMode : IEquatable + { + private readonly string _value; + + private ApprovalMode(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static ApprovalMode SingleStage { get; } = new ApprovalMode("SingleStage"); + public static ApprovalMode Serial { get; } = new ApprovalMode("Serial"); + public static ApprovalMode Parallel { get; } = new ApprovalMode("Parallel"); + public static ApprovalMode NoApproval { get; } = new ApprovalMode("NoApproval"); + + public static bool operator ==(ApprovalMode left, ApprovalMode right) => left.Equals(right); + public static bool operator !=(ApprovalMode left, ApprovalMode right) => !left.Equals(right); + + public static explicit operator string(ApprovalMode value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is ApprovalMode other && Equals(other); + public bool Equals(ApprovalMode other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The type of enablement rule + /// + [EnumType] + public readonly struct EnablementRules : IEquatable + { + private readonly string _value; + + private EnablementRules(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static EnablementRules MultiFactorAuthentication { get; } = new EnablementRules("MultiFactorAuthentication"); + public static EnablementRules Justification { get; } = new EnablementRules("Justification"); + public static EnablementRules Ticketing { get; } = new EnablementRules("Ticketing"); + + public static bool operator ==(EnablementRules left, EnablementRules right) => left.Equals(right); + public static bool operator !=(EnablementRules left, EnablementRules right) => !left.Equals(right); + + public static explicit operator string(EnablementRules value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is EnablementRules other && Equals(other); + public bool Equals(EnablementRules other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The type of notification. + /// + [EnumType] + public readonly struct NotificationDeliveryMechanism : IEquatable + { + private readonly string _value; + + private NotificationDeliveryMechanism(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static NotificationDeliveryMechanism Email { get; } = new NotificationDeliveryMechanism("Email"); + + public static bool operator ==(NotificationDeliveryMechanism left, NotificationDeliveryMechanism right) => left.Equals(right); + public static bool operator !=(NotificationDeliveryMechanism left, NotificationDeliveryMechanism right) => !left.Equals(right); + + public static explicit operator string(NotificationDeliveryMechanism value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is NotificationDeliveryMechanism other && Equals(other); + public bool Equals(NotificationDeliveryMechanism other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The notification level. + /// + [EnumType] + public readonly struct NotificationLevel : IEquatable + { + private readonly string _value; + + private NotificationLevel(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static NotificationLevel None { get; } = new NotificationLevel("None"); + public static NotificationLevel Critical { get; } = new NotificationLevel("Critical"); + public static NotificationLevel All { get; } = new NotificationLevel("All"); + + public static bool operator ==(NotificationLevel left, NotificationLevel right) => left.Equals(right); + public static bool operator !=(NotificationLevel left, NotificationLevel right) => !left.Equals(right); + + public static explicit operator string(NotificationLevel value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is NotificationLevel other && Equals(other); + public bool Equals(NotificationLevel other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The recipient type. + /// + [EnumType] + public readonly struct RecipientType : IEquatable + { + private readonly string _value; + + private RecipientType(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static RecipientType Requestor { get; } = new RecipientType("Requestor"); + public static RecipientType Approver { get; } = new RecipientType("Approver"); + public static RecipientType Admin { get; } = new RecipientType("Admin"); + + public static bool operator ==(RecipientType left, RecipientType right) => left.Equals(right); + public static bool operator !=(RecipientType left, RecipientType right) => !left.Equals(right); + + public static explicit operator string(RecipientType value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is RecipientType other && Equals(other); + public bool Equals(RecipientType other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The type of rule + /// + [EnumType] + public readonly struct RoleManagementPolicyRuleType : IEquatable + { + private readonly string _value; + + private RoleManagementPolicyRuleType(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static RoleManagementPolicyRuleType RoleManagementPolicyApprovalRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyApprovalRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyAuthenticationContextRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyAuthenticationContextRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyEnablementRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyEnablementRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyExpirationRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyExpirationRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyNotificationRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyNotificationRule"); + + public static bool operator ==(RoleManagementPolicyRuleType left, RoleManagementPolicyRuleType right) => left.Equals(right); + public static bool operator !=(RoleManagementPolicyRuleType left, RoleManagementPolicyRuleType right) => !left.Equals(right); + + public static explicit operator string(RoleManagementPolicyRuleType value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is RoleManagementPolicyRuleType other && Equals(other); + public bool Equals(RoleManagementPolicyRuleType other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The type of user. + /// + [EnumType] + public readonly struct UserType : IEquatable + { + private readonly string _value; + + private UserType(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static UserType User { get; } = new UserType("User"); + public static UserType Group { get; } = new UserType("Group"); + + public static bool operator ==(UserType left, UserType right) => left.Equals(right); + public static bool operator !=(UserType left, UserType right) => !left.Equals(right); + + public static explicit operator string(UserType value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is UserType other && Equals(other); + public bool Equals(UserType other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/GetRoleManagementPolicy.cs b/sdk/dotnet/Authorization/V20201001Preview/GetRoleManagementPolicy.cs new file mode 100644 index 000000000000..01ff956c8027 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/GetRoleManagementPolicy.cs @@ -0,0 +1,161 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview +{ + public static class GetRoleManagementPolicy + { + /// + /// Get the specified role management policy for a resource scope + /// + public static Task InvokeAsync(GetRoleManagementPolicyArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.InvokeAsync("azure-native:authorization/v20201001preview:getRoleManagementPolicy", args ?? new GetRoleManagementPolicyArgs(), options.WithDefaults()); + + /// + /// Get the specified role management policy for a resource scope + /// + public static Output Invoke(GetRoleManagementPolicyInvokeArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.Invoke("azure-native:authorization/v20201001preview:getRoleManagementPolicy", args ?? new GetRoleManagementPolicyInvokeArgs(), options.WithDefaults()); + } + + + public sealed class GetRoleManagementPolicyArgs : global::Pulumi.InvokeArgs + { + /// + /// The name (guid) of the role management policy to get. + /// + [Input("roleManagementPolicyName", required: true)] + public string RoleManagementPolicyName { get; set; } = null!; + + /// + /// The scope of the role management policy. + /// + [Input("scope", required: true)] + public string Scope { get; set; } = null!; + + public GetRoleManagementPolicyArgs() + { + } + public static new GetRoleManagementPolicyArgs Empty => new GetRoleManagementPolicyArgs(); + } + + public sealed class GetRoleManagementPolicyInvokeArgs : global::Pulumi.InvokeArgs + { + /// + /// The name (guid) of the role management policy to get. + /// + [Input("roleManagementPolicyName", required: true)] + public Input RoleManagementPolicyName { get; set; } = null!; + + /// + /// The scope of the role management policy. + /// + [Input("scope", required: true)] + public Input Scope { get; set; } = null!; + + public GetRoleManagementPolicyInvokeArgs() + { + } + public static new GetRoleManagementPolicyInvokeArgs Empty => new GetRoleManagementPolicyInvokeArgs(); + } + + + [OutputType] + public sealed class GetRoleManagementPolicyResult + { + /// + /// The role management policy description. + /// + public readonly string? Description; + /// + /// The role management policy display name. + /// + public readonly string? DisplayName; + /// + /// The readonly computed rule applied to the policy. + /// + public readonly ImmutableArray EffectiveRules; + /// + /// The role management policy Id. + /// + public readonly string Id; + /// + /// The role management policy is default policy. + /// + public readonly bool? IsOrganizationDefault; + /// + /// The name of the entity last modified it + /// + public readonly Outputs.PrincipalResponse LastModifiedBy; + /// + /// The last modified date time. + /// + public readonly string LastModifiedDateTime; + /// + /// The role management policy name. + /// + public readonly string Name; + /// + /// Additional properties of scope + /// + public readonly Outputs.PolicyPropertiesResponse PolicyProperties; + /// + /// The rule applied to the policy. + /// + public readonly ImmutableArray Rules; + /// + /// The role management policy scope. + /// + public readonly string? Scope; + /// + /// The role management policy type. + /// + public readonly string Type; + + [OutputConstructor] + private GetRoleManagementPolicyResult( + string? description, + + string? displayName, + + ImmutableArray effectiveRules, + + string id, + + bool? isOrganizationDefault, + + Outputs.PrincipalResponse lastModifiedBy, + + string lastModifiedDateTime, + + string name, + + Outputs.PolicyPropertiesResponse policyProperties, + + ImmutableArray rules, + + string? scope, + + string type) + { + Description = description; + DisplayName = displayName; + EffectiveRules = effectiveRules; + Id = id; + IsOrganizationDefault = isOrganizationDefault; + LastModifiedBy = lastModifiedBy; + LastModifiedDateTime = lastModifiedDateTime; + Name = name; + PolicyProperties = policyProperties; + Rules = rules; + Scope = scope; + Type = type; + } + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Inputs/ApprovalSettingsArgs.cs b/sdk/dotnet/Authorization/V20201001Preview/Inputs/ApprovalSettingsArgs.cs new file mode 100644 index 000000000000..dfa657ba8281 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Inputs/ApprovalSettingsArgs.cs @@ -0,0 +1,59 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Inputs +{ + + /// + /// The approval settings. + /// + public sealed class ApprovalSettingsArgs : global::Pulumi.ResourceArgs + { + /// + /// The type of rule + /// + [Input("approvalMode")] + public InputUnion? ApprovalMode { get; set; } + + [Input("approvalStages")] + private InputList? _approvalStages; + + /// + /// The approval stages of the request. + /// + public InputList ApprovalStages + { + get => _approvalStages ?? (_approvalStages = new InputList()); + set => _approvalStages = value; + } + + /// + /// Determines whether approval is required or not. + /// + [Input("isApprovalRequired")] + public Input? IsApprovalRequired { get; set; } + + /// + /// Determines whether approval is required for assignment extension. + /// + [Input("isApprovalRequiredForExtension")] + public Input? IsApprovalRequiredForExtension { get; set; } + + /// + /// Determine whether requestor justification is required. + /// + [Input("isRequestorJustificationRequired")] + public Input? IsRequestorJustificationRequired { get; set; } + + public ApprovalSettingsArgs() + { + } + public static new ApprovalSettingsArgs Empty => new ApprovalSettingsArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Inputs/ApprovalStageArgs.cs b/sdk/dotnet/Authorization/V20201001Preview/Inputs/ApprovalStageArgs.cs new file mode 100644 index 000000000000..bd7dc9a3dcae --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Inputs/ApprovalStageArgs.cs @@ -0,0 +1,71 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Inputs +{ + + /// + /// The approval stage. + /// + public sealed class ApprovalStageArgs : global::Pulumi.ResourceArgs + { + /// + /// The time in days when approval request would be timed out + /// + [Input("approvalStageTimeOutInDays")] + public Input? ApprovalStageTimeOutInDays { get; set; } + + [Input("escalationApprovers")] + private InputList? _escalationApprovers; + + /// + /// The escalation approver of the request. + /// + public InputList EscalationApprovers + { + get => _escalationApprovers ?? (_escalationApprovers = new InputList()); + set => _escalationApprovers = value; + } + + /// + /// The time in minutes when the approval request would be escalated if the primary approver does not approve + /// + [Input("escalationTimeInMinutes")] + public Input? EscalationTimeInMinutes { get; set; } + + /// + /// Determines whether approver need to provide justification for his decision. + /// + [Input("isApproverJustificationRequired")] + public Input? IsApproverJustificationRequired { get; set; } + + /// + /// The value determine whether escalation feature is enabled. + /// + [Input("isEscalationEnabled")] + public Input? IsEscalationEnabled { get; set; } + + [Input("primaryApprovers")] + private InputList? _primaryApprovers; + + /// + /// The primary approver of the request. + /// + public InputList PrimaryApprovers + { + get => _primaryApprovers ?? (_primaryApprovers = new InputList()); + set => _primaryApprovers = value; + } + + public ApprovalStageArgs() + { + } + public static new ApprovalStageArgs Empty => new ApprovalStageArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyApprovalRuleArgs.cs b/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyApprovalRuleArgs.cs new file mode 100644 index 000000000000..d75a74279679 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyApprovalRuleArgs.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Inputs +{ + + /// + /// The role management policy approval rule. + /// + public sealed class RoleManagementPolicyApprovalRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyApprovalRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The approval setting + /// + [Input("setting")] + public Input? Setting { get; set; } + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyApprovalRuleArgs() + { + } + public static new RoleManagementPolicyApprovalRuleArgs Empty => new RoleManagementPolicyApprovalRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyAuthenticationContextRuleArgs.cs b/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyAuthenticationContextRuleArgs.cs new file mode 100644 index 000000000000..9528359c77c6 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyAuthenticationContextRuleArgs.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Inputs +{ + + /// + /// The role management policy authentication context rule. + /// + public sealed class RoleManagementPolicyAuthenticationContextRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The claim value. + /// + [Input("claimValue")] + public Input? ClaimValue { get; set; } + + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The value indicating if rule is enabled. + /// + [Input("isEnabled")] + public Input? IsEnabled { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyAuthenticationContextRuleArgs() + { + } + public static new RoleManagementPolicyAuthenticationContextRuleArgs Empty => new RoleManagementPolicyAuthenticationContextRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyEnablementRuleArgs.cs b/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyEnablementRuleArgs.cs new file mode 100644 index 000000000000..782c64520a8d --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyEnablementRuleArgs.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Inputs +{ + + /// + /// The role management policy rule. + /// + public sealed class RoleManagementPolicyEnablementRuleArgs : global::Pulumi.ResourceArgs + { + [Input("enabledRules")] + private InputList>? _enabledRules; + + /// + /// The list of enabled rules. + /// + public InputList> EnabledRules + { + get => _enabledRules ?? (_enabledRules = new InputList>()); + set => _enabledRules = value; + } + + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyEnablementRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyEnablementRuleArgs() + { + } + public static new RoleManagementPolicyEnablementRuleArgs Empty => new RoleManagementPolicyEnablementRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyExpirationRuleArgs.cs b/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyExpirationRuleArgs.cs new file mode 100644 index 000000000000..17740758e96d --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyExpirationRuleArgs.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Inputs +{ + + /// + /// The role management policy expiration rule. + /// + public sealed class RoleManagementPolicyExpirationRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The value indicating whether expiration is required. + /// + [Input("isExpirationRequired")] + public Input? IsExpirationRequired { get; set; } + + /// + /// The maximum duration of expiration in timespan. + /// + [Input("maximumDuration")] + public Input? MaximumDuration { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyExpirationRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyExpirationRuleArgs() + { + } + public static new RoleManagementPolicyExpirationRuleArgs Empty => new RoleManagementPolicyExpirationRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyNotificationRuleArgs.cs b/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyNotificationRuleArgs.cs new file mode 100644 index 000000000000..d7d3947a0d0f --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyNotificationRuleArgs.cs @@ -0,0 +1,78 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Inputs +{ + + /// + /// The role management policy notification rule. + /// + public sealed class RoleManagementPolicyNotificationRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// Determines if the notification will be sent to the recipient type specified in the policy rule. + /// + [Input("isDefaultRecipientsEnabled")] + public Input? IsDefaultRecipientsEnabled { get; set; } + + /// + /// The notification level. + /// + [Input("notificationLevel")] + public InputUnion? NotificationLevel { get; set; } + + [Input("notificationRecipients")] + private InputList? _notificationRecipients; + + /// + /// The list of notification recipients. + /// + public InputList NotificationRecipients + { + get => _notificationRecipients ?? (_notificationRecipients = new InputList()); + set => _notificationRecipients = value; + } + + /// + /// The type of notification. + /// + [Input("notificationType")] + public InputUnion? NotificationType { get; set; } + + /// + /// The recipient type. + /// + [Input("recipientType")] + public InputUnion? RecipientType { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyNotificationRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyNotificationRuleArgs() + { + } + public static new RoleManagementPolicyNotificationRuleArgs Empty => new RoleManagementPolicyNotificationRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyRuleTargetArgs.cs b/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyRuleTargetArgs.cs new file mode 100644 index 000000000000..20eef4b33efc --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Inputs/RoleManagementPolicyRuleTargetArgs.cs @@ -0,0 +1,83 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Inputs +{ + + /// + /// The role management policy rule target. + /// + public sealed class RoleManagementPolicyRuleTargetArgs : global::Pulumi.ResourceArgs + { + /// + /// The caller of the setting. + /// + [Input("caller")] + public Input? Caller { get; set; } + + [Input("enforcedSettings")] + private InputList? _enforcedSettings; + + /// + /// The list of enforced settings. + /// + public InputList EnforcedSettings + { + get => _enforcedSettings ?? (_enforcedSettings = new InputList()); + set => _enforcedSettings = value; + } + + [Input("inheritableSettings")] + private InputList? _inheritableSettings; + + /// + /// The list of inheritable settings. + /// + public InputList InheritableSettings + { + get => _inheritableSettings ?? (_inheritableSettings = new InputList()); + set => _inheritableSettings = value; + } + + /// + /// The assignment level to which rule is applied. + /// + [Input("level")] + public Input? Level { get; set; } + + [Input("operations")] + private InputList? _operations; + + /// + /// The type of operation. + /// + public InputList Operations + { + get => _operations ?? (_operations = new InputList()); + set => _operations = value; + } + + [Input("targetObjects")] + private InputList? _targetObjects; + + /// + /// The list of target objects. + /// + public InputList TargetObjects + { + get => _targetObjects ?? (_targetObjects = new InputList()); + set => _targetObjects = value; + } + + public RoleManagementPolicyRuleTargetArgs() + { + } + public static new RoleManagementPolicyRuleTargetArgs Empty => new RoleManagementPolicyRuleTargetArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Inputs/UserSetArgs.cs b/sdk/dotnet/Authorization/V20201001Preview/Inputs/UserSetArgs.cs new file mode 100644 index 000000000000..c660246c8fa7 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Inputs/UserSetArgs.cs @@ -0,0 +1,47 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Inputs +{ + + /// + /// The detail of a user. + /// + public sealed class UserSetArgs : global::Pulumi.ResourceArgs + { + /// + /// The description of the user. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// The object id of the user. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The value indicating whether the user is a backup fallback approver + /// + [Input("isBackup")] + public Input? IsBackup { get; set; } + + /// + /// The type of user. + /// + [Input("userType")] + public InputUnion? UserType { get; set; } + + public UserSetArgs() + { + } + public static new UserSetArgs Empty => new UserSetArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Outputs/ApprovalSettingsResponse.cs b/sdk/dotnet/Authorization/V20201001Preview/Outputs/ApprovalSettingsResponse.cs new file mode 100644 index 000000000000..2ee9647b1070 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Outputs/ApprovalSettingsResponse.cs @@ -0,0 +1,59 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Outputs +{ + + /// + /// The approval settings. + /// + [OutputType] + public sealed class ApprovalSettingsResponse + { + /// + /// The type of rule + /// + public readonly string? ApprovalMode; + /// + /// The approval stages of the request. + /// + public readonly ImmutableArray ApprovalStages; + /// + /// Determines whether approval is required or not. + /// + public readonly bool? IsApprovalRequired; + /// + /// Determines whether approval is required for assignment extension. + /// + public readonly bool? IsApprovalRequiredForExtension; + /// + /// Determine whether requestor justification is required. + /// + public readonly bool? IsRequestorJustificationRequired; + + [OutputConstructor] + private ApprovalSettingsResponse( + string? approvalMode, + + ImmutableArray approvalStages, + + bool? isApprovalRequired, + + bool? isApprovalRequiredForExtension, + + bool? isRequestorJustificationRequired) + { + ApprovalMode = approvalMode; + ApprovalStages = approvalStages; + IsApprovalRequired = isApprovalRequired; + IsApprovalRequiredForExtension = isApprovalRequiredForExtension; + IsRequestorJustificationRequired = isRequestorJustificationRequired; + } + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Outputs/ApprovalStageResponse.cs b/sdk/dotnet/Authorization/V20201001Preview/Outputs/ApprovalStageResponse.cs new file mode 100644 index 000000000000..95bb4368439c --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Outputs/ApprovalStageResponse.cs @@ -0,0 +1,66 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Outputs +{ + + /// + /// The approval stage. + /// + [OutputType] + public sealed class ApprovalStageResponse + { + /// + /// The time in days when approval request would be timed out + /// + public readonly int? ApprovalStageTimeOutInDays; + /// + /// The escalation approver of the request. + /// + public readonly ImmutableArray EscalationApprovers; + /// + /// The time in minutes when the approval request would be escalated if the primary approver does not approve + /// + public readonly int? EscalationTimeInMinutes; + /// + /// Determines whether approver need to provide justification for his decision. + /// + public readonly bool? IsApproverJustificationRequired; + /// + /// The value determine whether escalation feature is enabled. + /// + public readonly bool? IsEscalationEnabled; + /// + /// The primary approver of the request. + /// + public readonly ImmutableArray PrimaryApprovers; + + [OutputConstructor] + private ApprovalStageResponse( + int? approvalStageTimeOutInDays, + + ImmutableArray escalationApprovers, + + int? escalationTimeInMinutes, + + bool? isApproverJustificationRequired, + + bool? isEscalationEnabled, + + ImmutableArray primaryApprovers) + { + ApprovalStageTimeOutInDays = approvalStageTimeOutInDays; + EscalationApprovers = escalationApprovers; + EscalationTimeInMinutes = escalationTimeInMinutes; + IsApproverJustificationRequired = isApproverJustificationRequired; + IsEscalationEnabled = isEscalationEnabled; + PrimaryApprovers = primaryApprovers; + } + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Outputs/PolicyPropertiesResponse.cs b/sdk/dotnet/Authorization/V20201001Preview/Outputs/PolicyPropertiesResponse.cs new file mode 100644 index 000000000000..9de83b0695cd --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Outputs/PolicyPropertiesResponse.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Outputs +{ + + [OutputType] + public sealed class PolicyPropertiesResponse + { + /// + /// Details of the resource scope + /// + public readonly Outputs.PolicyPropertiesResponseScope Scope; + + [OutputConstructor] + private PolicyPropertiesResponse(Outputs.PolicyPropertiesResponseScope scope) + { + Scope = scope; + } + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Outputs/PolicyPropertiesResponseScope.cs b/sdk/dotnet/Authorization/V20201001Preview/Outputs/PolicyPropertiesResponseScope.cs new file mode 100644 index 000000000000..d6bf0b18fd16 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Outputs/PolicyPropertiesResponseScope.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Outputs +{ + + /// + /// Details of the resource scope + /// + [OutputType] + public sealed class PolicyPropertiesResponseScope + { + /// + /// Display name of the resource + /// + public readonly string? DisplayName; + /// + /// Scope id of the resource + /// + public readonly string? Id; + /// + /// Type of the resource + /// + public readonly string? Type; + + [OutputConstructor] + private PolicyPropertiesResponseScope( + string? displayName, + + string? id, + + string? type) + { + DisplayName = displayName; + Id = id; + Type = type; + } + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyApprovalRuleResponse.cs b/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyApprovalRuleResponse.cs new file mode 100644 index 000000000000..a2d4bd36bd42 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyApprovalRuleResponse.cs @@ -0,0 +1,53 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Outputs +{ + + /// + /// The role management policy approval rule. + /// + [OutputType] + public sealed class RoleManagementPolicyApprovalRuleResponse + { + /// + /// The id of the rule. + /// + public readonly string? Id; + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyApprovalRule'. + /// + public readonly string RuleType; + /// + /// The approval setting + /// + public readonly Outputs.ApprovalSettingsResponse? Setting; + /// + /// The target of the current rule. + /// + public readonly Outputs.RoleManagementPolicyRuleTargetResponse? Target; + + [OutputConstructor] + private RoleManagementPolicyApprovalRuleResponse( + string? id, + + string ruleType, + + Outputs.ApprovalSettingsResponse? setting, + + Outputs.RoleManagementPolicyRuleTargetResponse? target) + { + Id = id; + RuleType = ruleType; + Setting = setting; + Target = target; + } + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyAuthenticationContextRuleResponse.cs b/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyAuthenticationContextRuleResponse.cs new file mode 100644 index 000000000000..4f9e61867e9a --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyAuthenticationContextRuleResponse.cs @@ -0,0 +1,60 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Outputs +{ + + /// + /// The role management policy authentication context rule. + /// + [OutputType] + public sealed class RoleManagementPolicyAuthenticationContextRuleResponse + { + /// + /// The claim value. + /// + public readonly string? ClaimValue; + /// + /// The id of the rule. + /// + public readonly string? Id; + /// + /// The value indicating if rule is enabled. + /// + public readonly bool? IsEnabled; + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + /// + public readonly string RuleType; + /// + /// The target of the current rule. + /// + public readonly Outputs.RoleManagementPolicyRuleTargetResponse? Target; + + [OutputConstructor] + private RoleManagementPolicyAuthenticationContextRuleResponse( + string? claimValue, + + string? id, + + bool? isEnabled, + + string ruleType, + + Outputs.RoleManagementPolicyRuleTargetResponse? target) + { + ClaimValue = claimValue; + Id = id; + IsEnabled = isEnabled; + RuleType = ruleType; + Target = target; + } + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyEnablementRuleResponse.cs b/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyEnablementRuleResponse.cs new file mode 100644 index 000000000000..c05349a1359c --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyEnablementRuleResponse.cs @@ -0,0 +1,53 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Outputs +{ + + /// + /// The role management policy rule. + /// + [OutputType] + public sealed class RoleManagementPolicyEnablementRuleResponse + { + /// + /// The list of enabled rules. + /// + public readonly ImmutableArray EnabledRules; + /// + /// The id of the rule. + /// + public readonly string? Id; + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyEnablementRule'. + /// + public readonly string RuleType; + /// + /// The target of the current rule. + /// + public readonly Outputs.RoleManagementPolicyRuleTargetResponse? Target; + + [OutputConstructor] + private RoleManagementPolicyEnablementRuleResponse( + ImmutableArray enabledRules, + + string? id, + + string ruleType, + + Outputs.RoleManagementPolicyRuleTargetResponse? target) + { + EnabledRules = enabledRules; + Id = id; + RuleType = ruleType; + Target = target; + } + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyExpirationRuleResponse.cs b/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyExpirationRuleResponse.cs new file mode 100644 index 000000000000..bb0a5c472afc --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyExpirationRuleResponse.cs @@ -0,0 +1,60 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Outputs +{ + + /// + /// The role management policy expiration rule. + /// + [OutputType] + public sealed class RoleManagementPolicyExpirationRuleResponse + { + /// + /// The id of the rule. + /// + public readonly string? Id; + /// + /// The value indicating whether expiration is required. + /// + public readonly bool? IsExpirationRequired; + /// + /// The maximum duration of expiration in timespan. + /// + public readonly string? MaximumDuration; + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyExpirationRule'. + /// + public readonly string RuleType; + /// + /// The target of the current rule. + /// + public readonly Outputs.RoleManagementPolicyRuleTargetResponse? Target; + + [OutputConstructor] + private RoleManagementPolicyExpirationRuleResponse( + string? id, + + bool? isExpirationRequired, + + string? maximumDuration, + + string ruleType, + + Outputs.RoleManagementPolicyRuleTargetResponse? target) + { + Id = id; + IsExpirationRequired = isExpirationRequired; + MaximumDuration = maximumDuration; + RuleType = ruleType; + Target = target; + } + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyNotificationRuleResponse.cs b/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyNotificationRuleResponse.cs new file mode 100644 index 000000000000..3d96ab7bddb0 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyNotificationRuleResponse.cs @@ -0,0 +1,81 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Outputs +{ + + /// + /// The role management policy notification rule. + /// + [OutputType] + public sealed class RoleManagementPolicyNotificationRuleResponse + { + /// + /// The id of the rule. + /// + public readonly string? Id; + /// + /// Determines if the notification will be sent to the recipient type specified in the policy rule. + /// + public readonly bool? IsDefaultRecipientsEnabled; + /// + /// The notification level. + /// + public readonly string? NotificationLevel; + /// + /// The list of notification recipients. + /// + public readonly ImmutableArray NotificationRecipients; + /// + /// The type of notification. + /// + public readonly string? NotificationType; + /// + /// The recipient type. + /// + public readonly string? RecipientType; + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyNotificationRule'. + /// + public readonly string RuleType; + /// + /// The target of the current rule. + /// + public readonly Outputs.RoleManagementPolicyRuleTargetResponse? Target; + + [OutputConstructor] + private RoleManagementPolicyNotificationRuleResponse( + string? id, + + bool? isDefaultRecipientsEnabled, + + string? notificationLevel, + + ImmutableArray notificationRecipients, + + string? notificationType, + + string? recipientType, + + string ruleType, + + Outputs.RoleManagementPolicyRuleTargetResponse? target) + { + Id = id; + IsDefaultRecipientsEnabled = isDefaultRecipientsEnabled; + NotificationLevel = notificationLevel; + NotificationRecipients = notificationRecipients; + NotificationType = notificationType; + RecipientType = recipientType; + RuleType = ruleType; + Target = target; + } + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyRuleTargetResponse.cs b/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyRuleTargetResponse.cs new file mode 100644 index 000000000000..b5b94cade9bb --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Outputs/RoleManagementPolicyRuleTargetResponse.cs @@ -0,0 +1,66 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Outputs +{ + + /// + /// The role management policy rule target. + /// + [OutputType] + public sealed class RoleManagementPolicyRuleTargetResponse + { + /// + /// The caller of the setting. + /// + public readonly string? Caller; + /// + /// The list of enforced settings. + /// + public readonly ImmutableArray EnforcedSettings; + /// + /// The list of inheritable settings. + /// + public readonly ImmutableArray InheritableSettings; + /// + /// The assignment level to which rule is applied. + /// + public readonly string? Level; + /// + /// The type of operation. + /// + public readonly ImmutableArray Operations; + /// + /// The list of target objects. + /// + public readonly ImmutableArray TargetObjects; + + [OutputConstructor] + private RoleManagementPolicyRuleTargetResponse( + string? caller, + + ImmutableArray enforcedSettings, + + ImmutableArray inheritableSettings, + + string? level, + + ImmutableArray operations, + + ImmutableArray targetObjects) + { + Caller = caller; + EnforcedSettings = enforcedSettings; + InheritableSettings = inheritableSettings; + Level = level; + Operations = operations; + TargetObjects = targetObjects; + } + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/Outputs/UserSetResponse.cs b/sdk/dotnet/Authorization/V20201001Preview/Outputs/UserSetResponse.cs new file mode 100644 index 000000000000..b1ba5070dfc4 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/Outputs/UserSetResponse.cs @@ -0,0 +1,52 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview.Outputs +{ + + /// + /// The detail of a user. + /// + [OutputType] + public sealed class UserSetResponse + { + /// + /// The description of the user. + /// + public readonly string? Description; + /// + /// The object id of the user. + /// + public readonly string? Id; + /// + /// The value indicating whether the user is a backup fallback approver + /// + public readonly bool? IsBackup; + /// + /// The type of user. + /// + public readonly string? UserType; + + [OutputConstructor] + private UserSetResponse( + string? description, + + string? id, + + bool? isBackup, + + string? userType) + { + Description = description; + Id = id; + IsBackup = isBackup; + UserType = userType; + } + } +} diff --git a/sdk/dotnet/Authorization/V20201001Preview/RoleManagementPolicy.cs b/sdk/dotnet/Authorization/V20201001Preview/RoleManagementPolicy.cs new file mode 100644 index 000000000000..c280a20be9a4 --- /dev/null +++ b/sdk/dotnet/Authorization/V20201001Preview/RoleManagementPolicy.cs @@ -0,0 +1,183 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20201001Preview +{ + /// + /// Role management policy + /// + [AzureNativeResourceType("azure-native:authorization/v20201001preview:RoleManagementPolicy")] + public partial class RoleManagementPolicy : global::Pulumi.CustomResource + { + /// + /// The role management policy description. + /// + [Output("description")] + public Output Description { get; private set; } = null!; + + /// + /// The role management policy display name. + /// + [Output("displayName")] + public Output DisplayName { get; private set; } = null!; + + /// + /// The readonly computed rule applied to the policy. + /// + [Output("effectiveRules")] + public Output> EffectiveRules { get; private set; } = null!; + + /// + /// The role management policy is default policy. + /// + [Output("isOrganizationDefault")] + public Output IsOrganizationDefault { get; private set; } = null!; + + /// + /// The name of the entity last modified it + /// + [Output("lastModifiedBy")] + public Output LastModifiedBy { get; private set; } = null!; + + /// + /// The last modified date time. + /// + [Output("lastModifiedDateTime")] + public Output LastModifiedDateTime { get; private set; } = null!; + + /// + /// The role management policy name. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// Additional properties of scope + /// + [Output("policyProperties")] + public Output PolicyProperties { get; private set; } = null!; + + /// + /// The rule applied to the policy. + /// + [Output("rules")] + public Output> Rules { get; private set; } = null!; + + /// + /// The role management policy scope. + /// + [Output("scope")] + public Output Scope { get; private set; } = null!; + + /// + /// The role management policy type. + /// + [Output("type")] + public Output Type { get; private set; } = null!; + + + /// + /// Create a RoleManagementPolicy resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public RoleManagementPolicy(string name, RoleManagementPolicyArgs args, CustomResourceOptions? options = null) + : base("azure-native:authorization/v20201001preview:RoleManagementPolicy", name, args ?? new RoleManagementPolicyArgs(), MakeResourceOptions(options, "")) + { + } + + private RoleManagementPolicy(string name, Input id, CustomResourceOptions? options = null) + : base("azure-native:authorization/v20201001preview:RoleManagementPolicy", name, null, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + Aliases = + { + new global::Pulumi.Alias { Type = "azure-native:authorization:RoleManagementPolicy" }, + new global::Pulumi.Alias { Type = "azure-native:authorization/v20201001:RoleManagementPolicy" }, + new global::Pulumi.Alias { Type = "azure-native:authorization/v20240201preview:RoleManagementPolicy" }, + new global::Pulumi.Alias { Type = "azure-native:authorization/v20240901preview:RoleManagementPolicy" }, + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing RoleManagementPolicy resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// A bag of options that control this resource's behavior + public static RoleManagementPolicy Get(string name, Input id, CustomResourceOptions? options = null) + { + return new RoleManagementPolicy(name, id, options); + } + } + + public sealed class RoleManagementPolicyArgs : global::Pulumi.ResourceArgs + { + /// + /// The role management policy description. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// The role management policy display name. + /// + [Input("displayName")] + public Input? DisplayName { get; set; } + + /// + /// The role management policy is default policy. + /// + [Input("isOrganizationDefault")] + public Input? IsOrganizationDefault { get; set; } + + /// + /// The name (guid) of the role management policy to upsert. + /// + [Input("roleManagementPolicyName")] + public Input? RoleManagementPolicyName { get; set; } + + [Input("rules")] + private InputList? _rules; + + /// + /// The rule applied to the policy. + /// + public InputList Rules + { + get => _rules ?? (_rules = new InputList()); + set => _rules = value; + } + + /// + /// The role management policy scope. + /// + [Input("scope", required: true)] + public Input Scope { get; set; } = null!; + + public RoleManagementPolicyArgs() + { + } + public static new RoleManagementPolicyArgs Empty => new RoleManagementPolicyArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/Enums.cs b/sdk/dotnet/Authorization/V20240201Preview/Enums.cs new file mode 100644 index 000000000000..558df545a8c4 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/Enums.cs @@ -0,0 +1,295 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.ComponentModel; +using Pulumi; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview +{ + /// + /// The type of rule + /// + [EnumType] + public readonly struct ApprovalMode : IEquatable + { + private readonly string _value; + + private ApprovalMode(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static ApprovalMode SingleStage { get; } = new ApprovalMode("SingleStage"); + public static ApprovalMode Serial { get; } = new ApprovalMode("Serial"); + public static ApprovalMode Parallel { get; } = new ApprovalMode("Parallel"); + public static ApprovalMode NoApproval { get; } = new ApprovalMode("NoApproval"); + + public static bool operator ==(ApprovalMode left, ApprovalMode right) => left.Equals(right); + public static bool operator !=(ApprovalMode left, ApprovalMode right) => !left.Equals(right); + + public static explicit operator string(ApprovalMode value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is ApprovalMode other && Equals(other); + public bool Equals(ApprovalMode other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The type of enablement rule + /// + [EnumType] + public readonly struct EnablementRules : IEquatable + { + private readonly string _value; + + private EnablementRules(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static EnablementRules MultiFactorAuthentication { get; } = new EnablementRules("MultiFactorAuthentication"); + public static EnablementRules Justification { get; } = new EnablementRules("Justification"); + public static EnablementRules Ticketing { get; } = new EnablementRules("Ticketing"); + + public static bool operator ==(EnablementRules left, EnablementRules right) => left.Equals(right); + public static bool operator !=(EnablementRules left, EnablementRules right) => !left.Equals(right); + + public static explicit operator string(EnablementRules value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is EnablementRules other && Equals(other); + public bool Equals(EnablementRules other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + [EnumType] + public readonly struct ExcludedPrincipalTypes : IEquatable + { + private readonly string _value; + + private ExcludedPrincipalTypes(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static ExcludedPrincipalTypes ServicePrincipalsAsTarget { get; } = new ExcludedPrincipalTypes("ServicePrincipalsAsTarget"); + public static ExcludedPrincipalTypes ServicePrincipalsAsRequestor { get; } = new ExcludedPrincipalTypes("ServicePrincipalsAsRequestor"); + + public static bool operator ==(ExcludedPrincipalTypes left, ExcludedPrincipalTypes right) => left.Equals(right); + public static bool operator !=(ExcludedPrincipalTypes left, ExcludedPrincipalTypes right) => !left.Equals(right); + + public static explicit operator string(ExcludedPrincipalTypes value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is ExcludedPrincipalTypes other && Equals(other); + public bool Equals(ExcludedPrincipalTypes other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The type of notification. + /// + [EnumType] + public readonly struct NotificationDeliveryMechanism : IEquatable + { + private readonly string _value; + + private NotificationDeliveryMechanism(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static NotificationDeliveryMechanism Email { get; } = new NotificationDeliveryMechanism("Email"); + + public static bool operator ==(NotificationDeliveryMechanism left, NotificationDeliveryMechanism right) => left.Equals(right); + public static bool operator !=(NotificationDeliveryMechanism left, NotificationDeliveryMechanism right) => !left.Equals(right); + + public static explicit operator string(NotificationDeliveryMechanism value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is NotificationDeliveryMechanism other && Equals(other); + public bool Equals(NotificationDeliveryMechanism other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The notification level. + /// + [EnumType] + public readonly struct NotificationLevel : IEquatable + { + private readonly string _value; + + private NotificationLevel(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static NotificationLevel None { get; } = new NotificationLevel("None"); + public static NotificationLevel Critical { get; } = new NotificationLevel("Critical"); + public static NotificationLevel All { get; } = new NotificationLevel("All"); + + public static bool operator ==(NotificationLevel left, NotificationLevel right) => left.Equals(right); + public static bool operator !=(NotificationLevel left, NotificationLevel right) => !left.Equals(right); + + public static explicit operator string(NotificationLevel value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is NotificationLevel other && Equals(other); + public bool Equals(NotificationLevel other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// Determines whether the setting is enabled, disabled or report only. + /// + [EnumType] + public readonly struct PIMOnlyMode : IEquatable + { + private readonly string _value; + + private PIMOnlyMode(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static PIMOnlyMode Disabled { get; } = new PIMOnlyMode("Disabled"); + public static PIMOnlyMode Enabled { get; } = new PIMOnlyMode("Enabled"); + public static PIMOnlyMode ReportOnly { get; } = new PIMOnlyMode("ReportOnly"); + + public static bool operator ==(PIMOnlyMode left, PIMOnlyMode right) => left.Equals(right); + public static bool operator !=(PIMOnlyMode left, PIMOnlyMode right) => !left.Equals(right); + + public static explicit operator string(PIMOnlyMode value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is PIMOnlyMode other && Equals(other); + public bool Equals(PIMOnlyMode other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The recipient type. + /// + [EnumType] + public readonly struct RecipientType : IEquatable + { + private readonly string _value; + + private RecipientType(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static RecipientType Requestor { get; } = new RecipientType("Requestor"); + public static RecipientType Approver { get; } = new RecipientType("Approver"); + public static RecipientType Admin { get; } = new RecipientType("Admin"); + + public static bool operator ==(RecipientType left, RecipientType right) => left.Equals(right); + public static bool operator !=(RecipientType left, RecipientType right) => !left.Equals(right); + + public static explicit operator string(RecipientType value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is RecipientType other && Equals(other); + public bool Equals(RecipientType other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The type of rule + /// + [EnumType] + public readonly struct RoleManagementPolicyRuleType : IEquatable + { + private readonly string _value; + + private RoleManagementPolicyRuleType(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static RoleManagementPolicyRuleType RoleManagementPolicyApprovalRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyApprovalRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyAuthenticationContextRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyAuthenticationContextRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyEnablementRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyEnablementRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyExpirationRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyExpirationRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyNotificationRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyNotificationRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyPimOnlyModeRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyPimOnlyModeRule"); + + public static bool operator ==(RoleManagementPolicyRuleType left, RoleManagementPolicyRuleType right) => left.Equals(right); + public static bool operator !=(RoleManagementPolicyRuleType left, RoleManagementPolicyRuleType right) => !left.Equals(right); + + public static explicit operator string(RoleManagementPolicyRuleType value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is RoleManagementPolicyRuleType other && Equals(other); + public bool Equals(RoleManagementPolicyRuleType other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The type of user. + /// + [EnumType] + public readonly struct UserType : IEquatable + { + private readonly string _value; + + private UserType(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static UserType User { get; } = new UserType("User"); + public static UserType Group { get; } = new UserType("Group"); + public static UserType ServicePrincipal { get; } = new UserType("ServicePrincipal"); + + public static bool operator ==(UserType left, UserType right) => left.Equals(right); + public static bool operator !=(UserType left, UserType right) => !left.Equals(right); + + public static explicit operator string(UserType value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is UserType other && Equals(other); + public bool Equals(UserType other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/GetRoleManagementPolicy.cs b/sdk/dotnet/Authorization/V20240201Preview/GetRoleManagementPolicy.cs new file mode 100644 index 000000000000..c434e6acf167 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/GetRoleManagementPolicy.cs @@ -0,0 +1,161 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview +{ + public static class GetRoleManagementPolicy + { + /// + /// Get the specified role management policy for a resource scope + /// + public static Task InvokeAsync(GetRoleManagementPolicyArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.InvokeAsync("azure-native:authorization/v20240201preview:getRoleManagementPolicy", args ?? new GetRoleManagementPolicyArgs(), options.WithDefaults()); + + /// + /// Get the specified role management policy for a resource scope + /// + public static Output Invoke(GetRoleManagementPolicyInvokeArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.Invoke("azure-native:authorization/v20240201preview:getRoleManagementPolicy", args ?? new GetRoleManagementPolicyInvokeArgs(), options.WithDefaults()); + } + + + public sealed class GetRoleManagementPolicyArgs : global::Pulumi.InvokeArgs + { + /// + /// The name (guid) of the role management policy to get. + /// + [Input("roleManagementPolicyName", required: true)] + public string RoleManagementPolicyName { get; set; } = null!; + + /// + /// The scope of the role management policy. + /// + [Input("scope", required: true)] + public string Scope { get; set; } = null!; + + public GetRoleManagementPolicyArgs() + { + } + public static new GetRoleManagementPolicyArgs Empty => new GetRoleManagementPolicyArgs(); + } + + public sealed class GetRoleManagementPolicyInvokeArgs : global::Pulumi.InvokeArgs + { + /// + /// The name (guid) of the role management policy to get. + /// + [Input("roleManagementPolicyName", required: true)] + public Input RoleManagementPolicyName { get; set; } = null!; + + /// + /// The scope of the role management policy. + /// + [Input("scope", required: true)] + public Input Scope { get; set; } = null!; + + public GetRoleManagementPolicyInvokeArgs() + { + } + public static new GetRoleManagementPolicyInvokeArgs Empty => new GetRoleManagementPolicyInvokeArgs(); + } + + + [OutputType] + public sealed class GetRoleManagementPolicyResult + { + /// + /// The role management policy description. + /// + public readonly string? Description; + /// + /// The role management policy display name. + /// + public readonly string? DisplayName; + /// + /// The readonly computed rule applied to the policy. + /// + public readonly ImmutableArray EffectiveRules; + /// + /// The role management policy Id. + /// + public readonly string Id; + /// + /// The role management policy is default policy. + /// + public readonly bool? IsOrganizationDefault; + /// + /// The name of the entity last modified it + /// + public readonly Outputs.PrincipalResponse LastModifiedBy; + /// + /// The last modified date time. + /// + public readonly string LastModifiedDateTime; + /// + /// The role management policy name. + /// + public readonly string Name; + /// + /// Additional properties of scope + /// + public readonly Outputs.PolicyPropertiesResponse PolicyProperties; + /// + /// The rule applied to the policy. + /// + public readonly ImmutableArray Rules; + /// + /// The role management policy scope. + /// + public readonly string? Scope; + /// + /// The role management policy type. + /// + public readonly string Type; + + [OutputConstructor] + private GetRoleManagementPolicyResult( + string? description, + + string? displayName, + + ImmutableArray effectiveRules, + + string id, + + bool? isOrganizationDefault, + + Outputs.PrincipalResponse lastModifiedBy, + + string lastModifiedDateTime, + + string name, + + Outputs.PolicyPropertiesResponse policyProperties, + + ImmutableArray rules, + + string? scope, + + string type) + { + Description = description; + DisplayName = displayName; + EffectiveRules = effectiveRules; + Id = id; + IsOrganizationDefault = isOrganizationDefault; + LastModifiedBy = lastModifiedBy; + LastModifiedDateTime = lastModifiedDateTime; + Name = name; + PolicyProperties = policyProperties; + Rules = rules; + Scope = scope; + Type = type; + } + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/Inputs/ApprovalSettingsArgs.cs b/sdk/dotnet/Authorization/V20240201Preview/Inputs/ApprovalSettingsArgs.cs new file mode 100644 index 000000000000..a16da794288f --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/Inputs/ApprovalSettingsArgs.cs @@ -0,0 +1,59 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview.Inputs +{ + + /// + /// The approval settings. + /// + public sealed class ApprovalSettingsArgs : global::Pulumi.ResourceArgs + { + /// + /// The type of rule + /// + [Input("approvalMode")] + public InputUnion? ApprovalMode { get; set; } + + [Input("approvalStages")] + private InputList? _approvalStages; + + /// + /// The approval stages of the request. + /// + public InputList ApprovalStages + { + get => _approvalStages ?? (_approvalStages = new InputList()); + set => _approvalStages = value; + } + + /// + /// Determines whether approval is required or not. + /// + [Input("isApprovalRequired")] + public Input? IsApprovalRequired { get; set; } + + /// + /// Determines whether approval is required for assignment extension. + /// + [Input("isApprovalRequiredForExtension")] + public Input? IsApprovalRequiredForExtension { get; set; } + + /// + /// Determine whether requestor justification is required. + /// + [Input("isRequestorJustificationRequired")] + public Input? IsRequestorJustificationRequired { get; set; } + + public ApprovalSettingsArgs() + { + } + public static new ApprovalSettingsArgs Empty => new ApprovalSettingsArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/Inputs/ApprovalStageArgs.cs b/sdk/dotnet/Authorization/V20240201Preview/Inputs/ApprovalStageArgs.cs new file mode 100644 index 000000000000..d8e551a9c8d9 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/Inputs/ApprovalStageArgs.cs @@ -0,0 +1,71 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview.Inputs +{ + + /// + /// The approval stage. + /// + public sealed class ApprovalStageArgs : global::Pulumi.ResourceArgs + { + /// + /// The time in days when approval request would be timed out + /// + [Input("approvalStageTimeOutInDays")] + public Input? ApprovalStageTimeOutInDays { get; set; } + + [Input("escalationApprovers")] + private InputList? _escalationApprovers; + + /// + /// The escalation approver of the request. + /// + public InputList EscalationApprovers + { + get => _escalationApprovers ?? (_escalationApprovers = new InputList()); + set => _escalationApprovers = value; + } + + /// + /// The time in minutes when the approval request would be escalated if the primary approver does not approve + /// + [Input("escalationTimeInMinutes")] + public Input? EscalationTimeInMinutes { get; set; } + + /// + /// Determines whether approver need to provide justification for his decision. + /// + [Input("isApproverJustificationRequired")] + public Input? IsApproverJustificationRequired { get; set; } + + /// + /// The value determine whether escalation feature is enabled. + /// + [Input("isEscalationEnabled")] + public Input? IsEscalationEnabled { get; set; } + + [Input("primaryApprovers")] + private InputList? _primaryApprovers; + + /// + /// The primary approver of the request. + /// + public InputList PrimaryApprovers + { + get => _primaryApprovers ?? (_primaryApprovers = new InputList()); + set => _primaryApprovers = value; + } + + public ApprovalStageArgs() + { + } + public static new ApprovalStageArgs Empty => new ApprovalStageArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/Inputs/PIMOnlyModeSettingsArgs.cs b/sdk/dotnet/Authorization/V20240201Preview/Inputs/PIMOnlyModeSettingsArgs.cs new file mode 100644 index 000000000000..74369f3cac1f --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/Inputs/PIMOnlyModeSettingsArgs.cs @@ -0,0 +1,53 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview.Inputs +{ + + /// + /// The PIM Only Mode settings. + /// + public sealed class PIMOnlyModeSettingsArgs : global::Pulumi.ResourceArgs + { + [Input("excludedAssignmentTypes")] + private InputList>? _excludedAssignmentTypes; + + /// + /// The list of excluded assignment types allowed. + /// + public InputList> ExcludedAssignmentTypes + { + get => _excludedAssignmentTypes ?? (_excludedAssignmentTypes = new InputList>()); + set => _excludedAssignmentTypes = value; + } + + [Input("excludes")] + private InputList? _excludes; + + /// + /// The list of excluded entities that the rule does not apply to. + /// + public InputList Excludes + { + get => _excludes ?? (_excludes = new InputList()); + set => _excludes = value; + } + + /// + /// Determines whether the setting is enabled, disabled or report only. + /// + [Input("mode")] + public InputUnion? Mode { get; set; } + + public PIMOnlyModeSettingsArgs() + { + } + public static new PIMOnlyModeSettingsArgs Empty => new PIMOnlyModeSettingsArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyApprovalRuleArgs.cs b/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyApprovalRuleArgs.cs new file mode 100644 index 000000000000..736a5dba1c3a --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyApprovalRuleArgs.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview.Inputs +{ + + /// + /// The role management policy approval rule. + /// + public sealed class RoleManagementPolicyApprovalRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyApprovalRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The approval setting + /// + [Input("setting")] + public Input? Setting { get; set; } + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyApprovalRuleArgs() + { + } + public static new RoleManagementPolicyApprovalRuleArgs Empty => new RoleManagementPolicyApprovalRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyAuthenticationContextRuleArgs.cs b/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyAuthenticationContextRuleArgs.cs new file mode 100644 index 000000000000..291ab65441b1 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyAuthenticationContextRuleArgs.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview.Inputs +{ + + /// + /// The role management policy authentication context rule. + /// + public sealed class RoleManagementPolicyAuthenticationContextRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The claim value. + /// + [Input("claimValue")] + public Input? ClaimValue { get; set; } + + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The value indicating if rule is enabled. + /// + [Input("isEnabled")] + public Input? IsEnabled { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyAuthenticationContextRuleArgs() + { + } + public static new RoleManagementPolicyAuthenticationContextRuleArgs Empty => new RoleManagementPolicyAuthenticationContextRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyEnablementRuleArgs.cs b/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyEnablementRuleArgs.cs new file mode 100644 index 000000000000..d827f38a7bcc --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyEnablementRuleArgs.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview.Inputs +{ + + /// + /// The role management policy enablement rule. + /// + public sealed class RoleManagementPolicyEnablementRuleArgs : global::Pulumi.ResourceArgs + { + [Input("enabledRules")] + private InputList>? _enabledRules; + + /// + /// The list of enabled rules. + /// + public InputList> EnabledRules + { + get => _enabledRules ?? (_enabledRules = new InputList>()); + set => _enabledRules = value; + } + + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyEnablementRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyEnablementRuleArgs() + { + } + public static new RoleManagementPolicyEnablementRuleArgs Empty => new RoleManagementPolicyEnablementRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyExpirationRuleArgs.cs b/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyExpirationRuleArgs.cs new file mode 100644 index 000000000000..e1122afb4d35 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyExpirationRuleArgs.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview.Inputs +{ + + /// + /// The role management policy expiration rule. + /// + public sealed class RoleManagementPolicyExpirationRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The value indicating whether expiration is required. + /// + [Input("isExpirationRequired")] + public Input? IsExpirationRequired { get; set; } + + /// + /// The maximum duration of expiration in timespan. + /// + [Input("maximumDuration")] + public Input? MaximumDuration { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyExpirationRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyExpirationRuleArgs() + { + } + public static new RoleManagementPolicyExpirationRuleArgs Empty => new RoleManagementPolicyExpirationRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyNotificationRuleArgs.cs b/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyNotificationRuleArgs.cs new file mode 100644 index 000000000000..6c4474ed559f --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyNotificationRuleArgs.cs @@ -0,0 +1,78 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview.Inputs +{ + + /// + /// The role management policy notification rule. + /// + public sealed class RoleManagementPolicyNotificationRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// Determines if the notification will be sent to the recipient type specified in the policy rule. + /// + [Input("isDefaultRecipientsEnabled")] + public Input? IsDefaultRecipientsEnabled { get; set; } + + /// + /// The notification level. + /// + [Input("notificationLevel")] + public InputUnion? NotificationLevel { get; set; } + + [Input("notificationRecipients")] + private InputList? _notificationRecipients; + + /// + /// The list of notification recipients. + /// + public InputList NotificationRecipients + { + get => _notificationRecipients ?? (_notificationRecipients = new InputList()); + set => _notificationRecipients = value; + } + + /// + /// The type of notification. + /// + [Input("notificationType")] + public InputUnion? NotificationType { get; set; } + + /// + /// The recipient type. + /// + [Input("recipientType")] + public InputUnion? RecipientType { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyNotificationRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyNotificationRuleArgs() + { + } + public static new RoleManagementPolicyNotificationRuleArgs Empty => new RoleManagementPolicyNotificationRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyPimOnlyModeRuleArgs.cs b/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyPimOnlyModeRuleArgs.cs new file mode 100644 index 000000000000..5420a6b880c9 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyPimOnlyModeRuleArgs.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview.Inputs +{ + + /// + /// The role management policy PIM only mode rule. + /// + public sealed class RoleManagementPolicyPimOnlyModeRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The PIM Only Mode settings + /// + [Input("pimOnlyModeSettings")] + public Input? PimOnlyModeSettings { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyPimOnlyModeRuleArgs() + { + } + public static new RoleManagementPolicyPimOnlyModeRuleArgs Empty => new RoleManagementPolicyPimOnlyModeRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyRuleTargetArgs.cs b/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyRuleTargetArgs.cs new file mode 100644 index 000000000000..3de380b01668 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/Inputs/RoleManagementPolicyRuleTargetArgs.cs @@ -0,0 +1,83 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview.Inputs +{ + + /// + /// The role management policy rule target. + /// + public sealed class RoleManagementPolicyRuleTargetArgs : global::Pulumi.ResourceArgs + { + /// + /// The caller of the setting. + /// + [Input("caller")] + public Input? Caller { get; set; } + + [Input("enforcedSettings")] + private InputList? _enforcedSettings; + + /// + /// The list of enforced settings. + /// + public InputList EnforcedSettings + { + get => _enforcedSettings ?? (_enforcedSettings = new InputList()); + set => _enforcedSettings = value; + } + + [Input("inheritableSettings")] + private InputList? _inheritableSettings; + + /// + /// The list of inheritable settings. + /// + public InputList InheritableSettings + { + get => _inheritableSettings ?? (_inheritableSettings = new InputList()); + set => _inheritableSettings = value; + } + + /// + /// The assignment level to which rule is applied. + /// + [Input("level")] + public Input? Level { get; set; } + + [Input("operations")] + private InputList? _operations; + + /// + /// The type of operation. + /// + public InputList Operations + { + get => _operations ?? (_operations = new InputList()); + set => _operations = value; + } + + [Input("targetObjects")] + private InputList? _targetObjects; + + /// + /// The list of target objects. + /// + public InputList TargetObjects + { + get => _targetObjects ?? (_targetObjects = new InputList()); + set => _targetObjects = value; + } + + public RoleManagementPolicyRuleTargetArgs() + { + } + public static new RoleManagementPolicyRuleTargetArgs Empty => new RoleManagementPolicyRuleTargetArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/Inputs/UserSetArgs.cs b/sdk/dotnet/Authorization/V20240201Preview/Inputs/UserSetArgs.cs new file mode 100644 index 000000000000..a222da810d29 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/Inputs/UserSetArgs.cs @@ -0,0 +1,47 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview.Inputs +{ + + /// + /// The detail of a user. + /// + public sealed class UserSetArgs : global::Pulumi.ResourceArgs + { + /// + /// The description of the user. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// The object id of the user. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The value indicating whether the user is a backup fallback approver + /// + [Input("isBackup")] + public Input? IsBackup { get; set; } + + /// + /// The type of user. + /// + [Input("userType")] + public InputUnion? UserType { get; set; } + + public UserSetArgs() + { + } + public static new UserSetArgs Empty => new UserSetArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/Inputs/UsersOrServicePrincipalSetArgs.cs b/sdk/dotnet/Authorization/V20240201Preview/Inputs/UsersOrServicePrincipalSetArgs.cs new file mode 100644 index 000000000000..7cba5064eec4 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/Inputs/UsersOrServicePrincipalSetArgs.cs @@ -0,0 +1,41 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview.Inputs +{ + + /// + /// The detail of a subject. + /// + public sealed class UsersOrServicePrincipalSetArgs : global::Pulumi.ResourceArgs + { + /// + /// The display Name of the entity. + /// + [Input("displayName")] + public Input? DisplayName { get; set; } + + /// + /// The object id of the entity. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The type of user. + /// + [Input("type")] + public InputUnion? Type { get; set; } + + public UsersOrServicePrincipalSetArgs() + { + } + public static new UsersOrServicePrincipalSetArgs Empty => new UsersOrServicePrincipalSetArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/Outputs/PolicyPropertiesResponse.cs b/sdk/dotnet/Authorization/V20240201Preview/Outputs/PolicyPropertiesResponse.cs new file mode 100644 index 000000000000..e1e98400ce58 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/Outputs/PolicyPropertiesResponse.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview.Outputs +{ + + /// + /// Expanded info of resource scope + /// + [OutputType] + public sealed class PolicyPropertiesResponse + { + /// + /// Details of the resource scope + /// + public readonly Outputs.PolicyPropertiesResponseScope Scope; + + [OutputConstructor] + private PolicyPropertiesResponse(Outputs.PolicyPropertiesResponseScope scope) + { + Scope = scope; + } + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/Outputs/PolicyPropertiesResponseScope.cs b/sdk/dotnet/Authorization/V20240201Preview/Outputs/PolicyPropertiesResponseScope.cs new file mode 100644 index 000000000000..cab9c345e50e --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/Outputs/PolicyPropertiesResponseScope.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview.Outputs +{ + + /// + /// Details of the resource scope + /// + [OutputType] + public sealed class PolicyPropertiesResponseScope + { + /// + /// Display name of the resource + /// + public readonly string? DisplayName; + /// + /// Scope id of the resource + /// + public readonly string? Id; + /// + /// Type of the resource + /// + public readonly string? Type; + + [OutputConstructor] + private PolicyPropertiesResponseScope( + string? displayName, + + string? id, + + string? type) + { + DisplayName = displayName; + Id = id; + Type = type; + } + } +} diff --git a/sdk/dotnet/Authorization/V20240201Preview/RoleManagementPolicy.cs b/sdk/dotnet/Authorization/V20240201Preview/RoleManagementPolicy.cs new file mode 100644 index 000000000000..421461912cdd --- /dev/null +++ b/sdk/dotnet/Authorization/V20240201Preview/RoleManagementPolicy.cs @@ -0,0 +1,183 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240201Preview +{ + /// + /// Role management policy + /// + [AzureNativeResourceType("azure-native:authorization/v20240201preview:RoleManagementPolicy")] + public partial class RoleManagementPolicy : global::Pulumi.CustomResource + { + /// + /// The role management policy description. + /// + [Output("description")] + public Output Description { get; private set; } = null!; + + /// + /// The role management policy display name. + /// + [Output("displayName")] + public Output DisplayName { get; private set; } = null!; + + /// + /// The readonly computed rule applied to the policy. + /// + [Output("effectiveRules")] + public Output> EffectiveRules { get; private set; } = null!; + + /// + /// The role management policy is default policy. + /// + [Output("isOrganizationDefault")] + public Output IsOrganizationDefault { get; private set; } = null!; + + /// + /// The name of the entity last modified it + /// + [Output("lastModifiedBy")] + public Output LastModifiedBy { get; private set; } = null!; + + /// + /// The last modified date time. + /// + [Output("lastModifiedDateTime")] + public Output LastModifiedDateTime { get; private set; } = null!; + + /// + /// The role management policy name. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// Additional properties of scope + /// + [Output("policyProperties")] + public Output PolicyProperties { get; private set; } = null!; + + /// + /// The rule applied to the policy. + /// + [Output("rules")] + public Output> Rules { get; private set; } = null!; + + /// + /// The role management policy scope. + /// + [Output("scope")] + public Output Scope { get; private set; } = null!; + + /// + /// The role management policy type. + /// + [Output("type")] + public Output Type { get; private set; } = null!; + + + /// + /// Create a RoleManagementPolicy resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public RoleManagementPolicy(string name, RoleManagementPolicyArgs args, CustomResourceOptions? options = null) + : base("azure-native:authorization/v20240201preview:RoleManagementPolicy", name, args ?? new RoleManagementPolicyArgs(), MakeResourceOptions(options, "")) + { + } + + private RoleManagementPolicy(string name, Input id, CustomResourceOptions? options = null) + : base("azure-native:authorization/v20240201preview:RoleManagementPolicy", name, null, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + Aliases = + { + new global::Pulumi.Alias { Type = "azure-native:authorization:RoleManagementPolicy" }, + new global::Pulumi.Alias { Type = "azure-native:authorization/v20201001:RoleManagementPolicy" }, + new global::Pulumi.Alias { Type = "azure-native:authorization/v20201001preview:RoleManagementPolicy" }, + new global::Pulumi.Alias { Type = "azure-native:authorization/v20240901preview:RoleManagementPolicy" }, + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing RoleManagementPolicy resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// A bag of options that control this resource's behavior + public static RoleManagementPolicy Get(string name, Input id, CustomResourceOptions? options = null) + { + return new RoleManagementPolicy(name, id, options); + } + } + + public sealed class RoleManagementPolicyArgs : global::Pulumi.ResourceArgs + { + /// + /// The role management policy description. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// The role management policy display name. + /// + [Input("displayName")] + public Input? DisplayName { get; set; } + + /// + /// The role management policy is default policy. + /// + [Input("isOrganizationDefault")] + public Input? IsOrganizationDefault { get; set; } + + /// + /// The name (guid) of the role management policy to upsert. + /// + [Input("roleManagementPolicyName")] + public Input? RoleManagementPolicyName { get; set; } + + [Input("rules")] + private InputList? _rules; + + /// + /// The rule applied to the policy. + /// + public InputList Rules + { + get => _rules ?? (_rules = new InputList()); + set => _rules = value; + } + + /// + /// The role management policy scope. + /// + [Input("scope", required: true)] + public Input Scope { get; set; } = null!; + + public RoleManagementPolicyArgs() + { + } + public static new RoleManagementPolicyArgs Empty => new RoleManagementPolicyArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/Enums.cs b/sdk/dotnet/Authorization/V20240901Preview/Enums.cs new file mode 100644 index 000000000000..34101ecc1251 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/Enums.cs @@ -0,0 +1,295 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.ComponentModel; +using Pulumi; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview +{ + /// + /// The type of rule + /// + [EnumType] + public readonly struct ApprovalMode : IEquatable + { + private readonly string _value; + + private ApprovalMode(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static ApprovalMode SingleStage { get; } = new ApprovalMode("SingleStage"); + public static ApprovalMode Serial { get; } = new ApprovalMode("Serial"); + public static ApprovalMode Parallel { get; } = new ApprovalMode("Parallel"); + public static ApprovalMode NoApproval { get; } = new ApprovalMode("NoApproval"); + + public static bool operator ==(ApprovalMode left, ApprovalMode right) => left.Equals(right); + public static bool operator !=(ApprovalMode left, ApprovalMode right) => !left.Equals(right); + + public static explicit operator string(ApprovalMode value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is ApprovalMode other && Equals(other); + public bool Equals(ApprovalMode other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The type of enablement rule + /// + [EnumType] + public readonly struct EnablementRules : IEquatable + { + private readonly string _value; + + private EnablementRules(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static EnablementRules MultiFactorAuthentication { get; } = new EnablementRules("MultiFactorAuthentication"); + public static EnablementRules Justification { get; } = new EnablementRules("Justification"); + public static EnablementRules Ticketing { get; } = new EnablementRules("Ticketing"); + + public static bool operator ==(EnablementRules left, EnablementRules right) => left.Equals(right); + public static bool operator !=(EnablementRules left, EnablementRules right) => !left.Equals(right); + + public static explicit operator string(EnablementRules value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is EnablementRules other && Equals(other); + public bool Equals(EnablementRules other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + [EnumType] + public readonly struct ExcludedPrincipalTypes : IEquatable + { + private readonly string _value; + + private ExcludedPrincipalTypes(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static ExcludedPrincipalTypes ServicePrincipalsAsTarget { get; } = new ExcludedPrincipalTypes("ServicePrincipalsAsTarget"); + public static ExcludedPrincipalTypes ServicePrincipalsAsRequestor { get; } = new ExcludedPrincipalTypes("ServicePrincipalsAsRequestor"); + + public static bool operator ==(ExcludedPrincipalTypes left, ExcludedPrincipalTypes right) => left.Equals(right); + public static bool operator !=(ExcludedPrincipalTypes left, ExcludedPrincipalTypes right) => !left.Equals(right); + + public static explicit operator string(ExcludedPrincipalTypes value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is ExcludedPrincipalTypes other && Equals(other); + public bool Equals(ExcludedPrincipalTypes other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The type of notification. + /// + [EnumType] + public readonly struct NotificationDeliveryMechanism : IEquatable + { + private readonly string _value; + + private NotificationDeliveryMechanism(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static NotificationDeliveryMechanism Email { get; } = new NotificationDeliveryMechanism("Email"); + + public static bool operator ==(NotificationDeliveryMechanism left, NotificationDeliveryMechanism right) => left.Equals(right); + public static bool operator !=(NotificationDeliveryMechanism left, NotificationDeliveryMechanism right) => !left.Equals(right); + + public static explicit operator string(NotificationDeliveryMechanism value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is NotificationDeliveryMechanism other && Equals(other); + public bool Equals(NotificationDeliveryMechanism other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The notification level. + /// + [EnumType] + public readonly struct NotificationLevel : IEquatable + { + private readonly string _value; + + private NotificationLevel(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static NotificationLevel None { get; } = new NotificationLevel("None"); + public static NotificationLevel Critical { get; } = new NotificationLevel("Critical"); + public static NotificationLevel All { get; } = new NotificationLevel("All"); + + public static bool operator ==(NotificationLevel left, NotificationLevel right) => left.Equals(right); + public static bool operator !=(NotificationLevel left, NotificationLevel right) => !left.Equals(right); + + public static explicit operator string(NotificationLevel value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is NotificationLevel other && Equals(other); + public bool Equals(NotificationLevel other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// Determines whether the setting is enabled, disabled or report only. + /// + [EnumType] + public readonly struct PIMOnlyMode : IEquatable + { + private readonly string _value; + + private PIMOnlyMode(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static PIMOnlyMode Disabled { get; } = new PIMOnlyMode("Disabled"); + public static PIMOnlyMode Enabled { get; } = new PIMOnlyMode("Enabled"); + public static PIMOnlyMode ReportOnly { get; } = new PIMOnlyMode("ReportOnly"); + + public static bool operator ==(PIMOnlyMode left, PIMOnlyMode right) => left.Equals(right); + public static bool operator !=(PIMOnlyMode left, PIMOnlyMode right) => !left.Equals(right); + + public static explicit operator string(PIMOnlyMode value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is PIMOnlyMode other && Equals(other); + public bool Equals(PIMOnlyMode other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The recipient type. + /// + [EnumType] + public readonly struct RecipientType : IEquatable + { + private readonly string _value; + + private RecipientType(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static RecipientType Requestor { get; } = new RecipientType("Requestor"); + public static RecipientType Approver { get; } = new RecipientType("Approver"); + public static RecipientType Admin { get; } = new RecipientType("Admin"); + + public static bool operator ==(RecipientType left, RecipientType right) => left.Equals(right); + public static bool operator !=(RecipientType left, RecipientType right) => !left.Equals(right); + + public static explicit operator string(RecipientType value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is RecipientType other && Equals(other); + public bool Equals(RecipientType other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The type of rule + /// + [EnumType] + public readonly struct RoleManagementPolicyRuleType : IEquatable + { + private readonly string _value; + + private RoleManagementPolicyRuleType(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static RoleManagementPolicyRuleType RoleManagementPolicyApprovalRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyApprovalRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyAuthenticationContextRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyAuthenticationContextRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyEnablementRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyEnablementRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyExpirationRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyExpirationRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyNotificationRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyNotificationRule"); + public static RoleManagementPolicyRuleType RoleManagementPolicyPimOnlyModeRule { get; } = new RoleManagementPolicyRuleType("RoleManagementPolicyPimOnlyModeRule"); + + public static bool operator ==(RoleManagementPolicyRuleType left, RoleManagementPolicyRuleType right) => left.Equals(right); + public static bool operator !=(RoleManagementPolicyRuleType left, RoleManagementPolicyRuleType right) => !left.Equals(right); + + public static explicit operator string(RoleManagementPolicyRuleType value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is RoleManagementPolicyRuleType other && Equals(other); + public bool Equals(RoleManagementPolicyRuleType other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The type of user. + /// + [EnumType] + public readonly struct UserType : IEquatable + { + private readonly string _value; + + private UserType(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static UserType User { get; } = new UserType("User"); + public static UserType Group { get; } = new UserType("Group"); + public static UserType ServicePrincipal { get; } = new UserType("ServicePrincipal"); + + public static bool operator ==(UserType left, UserType right) => left.Equals(right); + public static bool operator !=(UserType left, UserType right) => !left.Equals(right); + + public static explicit operator string(UserType value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is UserType other && Equals(other); + public bool Equals(UserType other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/GetRoleManagementPolicy.cs b/sdk/dotnet/Authorization/V20240901Preview/GetRoleManagementPolicy.cs new file mode 100644 index 000000000000..4eda0a089fd7 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/GetRoleManagementPolicy.cs @@ -0,0 +1,161 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview +{ + public static class GetRoleManagementPolicy + { + /// + /// Get the specified role management policy for a resource scope + /// + public static Task InvokeAsync(GetRoleManagementPolicyArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.InvokeAsync("azure-native:authorization/v20240901preview:getRoleManagementPolicy", args ?? new GetRoleManagementPolicyArgs(), options.WithDefaults()); + + /// + /// Get the specified role management policy for a resource scope + /// + public static Output Invoke(GetRoleManagementPolicyInvokeArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.Invoke("azure-native:authorization/v20240901preview:getRoleManagementPolicy", args ?? new GetRoleManagementPolicyInvokeArgs(), options.WithDefaults()); + } + + + public sealed class GetRoleManagementPolicyArgs : global::Pulumi.InvokeArgs + { + /// + /// The name (guid) of the role management policy to get. + /// + [Input("roleManagementPolicyName", required: true)] + public string RoleManagementPolicyName { get; set; } = null!; + + /// + /// The scope of the role management policy. + /// + [Input("scope", required: true)] + public string Scope { get; set; } = null!; + + public GetRoleManagementPolicyArgs() + { + } + public static new GetRoleManagementPolicyArgs Empty => new GetRoleManagementPolicyArgs(); + } + + public sealed class GetRoleManagementPolicyInvokeArgs : global::Pulumi.InvokeArgs + { + /// + /// The name (guid) of the role management policy to get. + /// + [Input("roleManagementPolicyName", required: true)] + public Input RoleManagementPolicyName { get; set; } = null!; + + /// + /// The scope of the role management policy. + /// + [Input("scope", required: true)] + public Input Scope { get; set; } = null!; + + public GetRoleManagementPolicyInvokeArgs() + { + } + public static new GetRoleManagementPolicyInvokeArgs Empty => new GetRoleManagementPolicyInvokeArgs(); + } + + + [OutputType] + public sealed class GetRoleManagementPolicyResult + { + /// + /// The role management policy description. + /// + public readonly string? Description; + /// + /// The role management policy display name. + /// + public readonly string? DisplayName; + /// + /// The readonly computed rule applied to the policy. + /// + public readonly ImmutableArray EffectiveRules; + /// + /// The role management policy Id. + /// + public readonly string Id; + /// + /// The role management policy is default policy. + /// + public readonly bool? IsOrganizationDefault; + /// + /// The name of the entity last modified it + /// + public readonly Outputs.PrincipalResponse LastModifiedBy; + /// + /// The last modified date time. + /// + public readonly string LastModifiedDateTime; + /// + /// The role management policy name. + /// + public readonly string Name; + /// + /// Additional properties of scope + /// + public readonly Outputs.PolicyPropertiesResponse PolicyProperties; + /// + /// The rule applied to the policy. + /// + public readonly ImmutableArray Rules; + /// + /// The role management policy scope. + /// + public readonly string? Scope; + /// + /// The role management policy type. + /// + public readonly string Type; + + [OutputConstructor] + private GetRoleManagementPolicyResult( + string? description, + + string? displayName, + + ImmutableArray effectiveRules, + + string id, + + bool? isOrganizationDefault, + + Outputs.PrincipalResponse lastModifiedBy, + + string lastModifiedDateTime, + + string name, + + Outputs.PolicyPropertiesResponse policyProperties, + + ImmutableArray rules, + + string? scope, + + string type) + { + Description = description; + DisplayName = displayName; + EffectiveRules = effectiveRules; + Id = id; + IsOrganizationDefault = isOrganizationDefault; + LastModifiedBy = lastModifiedBy; + LastModifiedDateTime = lastModifiedDateTime; + Name = name; + PolicyProperties = policyProperties; + Rules = rules; + Scope = scope; + Type = type; + } + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/Inputs/ApprovalSettingsArgs.cs b/sdk/dotnet/Authorization/V20240901Preview/Inputs/ApprovalSettingsArgs.cs new file mode 100644 index 000000000000..350f994bd9e9 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/Inputs/ApprovalSettingsArgs.cs @@ -0,0 +1,59 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview.Inputs +{ + + /// + /// The approval settings. + /// + public sealed class ApprovalSettingsArgs : global::Pulumi.ResourceArgs + { + /// + /// The type of rule + /// + [Input("approvalMode")] + public InputUnion? ApprovalMode { get; set; } + + [Input("approvalStages")] + private InputList? _approvalStages; + + /// + /// The approval stages of the request. + /// + public InputList ApprovalStages + { + get => _approvalStages ?? (_approvalStages = new InputList()); + set => _approvalStages = value; + } + + /// + /// Determines whether approval is required or not. + /// + [Input("isApprovalRequired")] + public Input? IsApprovalRequired { get; set; } + + /// + /// Determines whether approval is required for assignment extension. + /// + [Input("isApprovalRequiredForExtension")] + public Input? IsApprovalRequiredForExtension { get; set; } + + /// + /// Determine whether requestor justification is required. + /// + [Input("isRequestorJustificationRequired")] + public Input? IsRequestorJustificationRequired { get; set; } + + public ApprovalSettingsArgs() + { + } + public static new ApprovalSettingsArgs Empty => new ApprovalSettingsArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/Inputs/ApprovalStageArgs.cs b/sdk/dotnet/Authorization/V20240901Preview/Inputs/ApprovalStageArgs.cs new file mode 100644 index 000000000000..66b261f13859 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/Inputs/ApprovalStageArgs.cs @@ -0,0 +1,71 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview.Inputs +{ + + /// + /// The approval stage. + /// + public sealed class ApprovalStageArgs : global::Pulumi.ResourceArgs + { + /// + /// The time in days when approval request would be timed out + /// + [Input("approvalStageTimeOutInDays")] + public Input? ApprovalStageTimeOutInDays { get; set; } + + [Input("escalationApprovers")] + private InputList? _escalationApprovers; + + /// + /// The escalation approver of the request. + /// + public InputList EscalationApprovers + { + get => _escalationApprovers ?? (_escalationApprovers = new InputList()); + set => _escalationApprovers = value; + } + + /// + /// The time in minutes when the approval request would be escalated if the primary approver does not approve + /// + [Input("escalationTimeInMinutes")] + public Input? EscalationTimeInMinutes { get; set; } + + /// + /// Determines whether approver need to provide justification for his decision. + /// + [Input("isApproverJustificationRequired")] + public Input? IsApproverJustificationRequired { get; set; } + + /// + /// The value determine whether escalation feature is enabled. + /// + [Input("isEscalationEnabled")] + public Input? IsEscalationEnabled { get; set; } + + [Input("primaryApprovers")] + private InputList? _primaryApprovers; + + /// + /// The primary approver of the request. + /// + public InputList PrimaryApprovers + { + get => _primaryApprovers ?? (_primaryApprovers = new InputList()); + set => _primaryApprovers = value; + } + + public ApprovalStageArgs() + { + } + public static new ApprovalStageArgs Empty => new ApprovalStageArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/Inputs/PIMOnlyModeSettingsArgs.cs b/sdk/dotnet/Authorization/V20240901Preview/Inputs/PIMOnlyModeSettingsArgs.cs new file mode 100644 index 000000000000..afb844ea7c50 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/Inputs/PIMOnlyModeSettingsArgs.cs @@ -0,0 +1,53 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview.Inputs +{ + + /// + /// The PIM Only Mode settings. + /// + public sealed class PIMOnlyModeSettingsArgs : global::Pulumi.ResourceArgs + { + [Input("excludedAssignmentTypes")] + private InputList>? _excludedAssignmentTypes; + + /// + /// The list of excluded assignment types allowed. + /// + public InputList> ExcludedAssignmentTypes + { + get => _excludedAssignmentTypes ?? (_excludedAssignmentTypes = new InputList>()); + set => _excludedAssignmentTypes = value; + } + + [Input("excludes")] + private InputList? _excludes; + + /// + /// The list of excluded entities that the rule does not apply to. + /// + public InputList Excludes + { + get => _excludes ?? (_excludes = new InputList()); + set => _excludes = value; + } + + /// + /// Determines whether the setting is enabled, disabled or report only. + /// + [Input("mode")] + public InputUnion? Mode { get; set; } + + public PIMOnlyModeSettingsArgs() + { + } + public static new PIMOnlyModeSettingsArgs Empty => new PIMOnlyModeSettingsArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyApprovalRuleArgs.cs b/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyApprovalRuleArgs.cs new file mode 100644 index 000000000000..88855c805178 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyApprovalRuleArgs.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview.Inputs +{ + + /// + /// The role management policy approval rule. + /// + public sealed class RoleManagementPolicyApprovalRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyApprovalRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The approval setting + /// + [Input("setting")] + public Input? Setting { get; set; } + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyApprovalRuleArgs() + { + } + public static new RoleManagementPolicyApprovalRuleArgs Empty => new RoleManagementPolicyApprovalRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyAuthenticationContextRuleArgs.cs b/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyAuthenticationContextRuleArgs.cs new file mode 100644 index 000000000000..5f472e58fa48 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyAuthenticationContextRuleArgs.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview.Inputs +{ + + /// + /// The role management policy authentication context rule. + /// + public sealed class RoleManagementPolicyAuthenticationContextRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The claim value. + /// + [Input("claimValue")] + public Input? ClaimValue { get; set; } + + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The value indicating if rule is enabled. + /// + [Input("isEnabled")] + public Input? IsEnabled { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyAuthenticationContextRuleArgs() + { + } + public static new RoleManagementPolicyAuthenticationContextRuleArgs Empty => new RoleManagementPolicyAuthenticationContextRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyEnablementRuleArgs.cs b/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyEnablementRuleArgs.cs new file mode 100644 index 000000000000..7903bafb9770 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyEnablementRuleArgs.cs @@ -0,0 +1,54 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview.Inputs +{ + + /// + /// The role management policy enablement rule. + /// + public sealed class RoleManagementPolicyEnablementRuleArgs : global::Pulumi.ResourceArgs + { + [Input("enabledRules")] + private InputList>? _enabledRules; + + /// + /// The list of enabled rules. + /// + public InputList> EnabledRules + { + get => _enabledRules ?? (_enabledRules = new InputList>()); + set => _enabledRules = value; + } + + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyEnablementRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyEnablementRuleArgs() + { + } + public static new RoleManagementPolicyEnablementRuleArgs Empty => new RoleManagementPolicyEnablementRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyExpirationRuleArgs.cs b/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyExpirationRuleArgs.cs new file mode 100644 index 000000000000..91237e4326f5 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyExpirationRuleArgs.cs @@ -0,0 +1,66 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview.Inputs +{ + + /// + /// The role management policy expiration rule. + /// + public sealed class RoleManagementPolicyExpirationRuleArgs : global::Pulumi.ResourceArgs + { + [Input("exceptionMembers")] + private InputList? _exceptionMembers; + + /// + /// The members not restricted by expiration rule. + /// + public InputList ExceptionMembers + { + get => _exceptionMembers ?? (_exceptionMembers = new InputList()); + set => _exceptionMembers = value; + } + + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The value indicating whether expiration is required. + /// + [Input("isExpirationRequired")] + public Input? IsExpirationRequired { get; set; } + + /// + /// The maximum duration of expiration in timespan. + /// + [Input("maximumDuration")] + public Input? MaximumDuration { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyExpirationRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyExpirationRuleArgs() + { + } + public static new RoleManagementPolicyExpirationRuleArgs Empty => new RoleManagementPolicyExpirationRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyNotificationRuleArgs.cs b/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyNotificationRuleArgs.cs new file mode 100644 index 000000000000..1ee97b1f0ede --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyNotificationRuleArgs.cs @@ -0,0 +1,78 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview.Inputs +{ + + /// + /// The role management policy notification rule. + /// + public sealed class RoleManagementPolicyNotificationRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// Determines if the notification will be sent to the recipient type specified in the policy rule. + /// + [Input("isDefaultRecipientsEnabled")] + public Input? IsDefaultRecipientsEnabled { get; set; } + + /// + /// The notification level. + /// + [Input("notificationLevel")] + public InputUnion? NotificationLevel { get; set; } + + [Input("notificationRecipients")] + private InputList? _notificationRecipients; + + /// + /// The list of notification recipients. + /// + public InputList NotificationRecipients + { + get => _notificationRecipients ?? (_notificationRecipients = new InputList()); + set => _notificationRecipients = value; + } + + /// + /// The type of notification. + /// + [Input("notificationType")] + public InputUnion? NotificationType { get; set; } + + /// + /// The recipient type. + /// + [Input("recipientType")] + public InputUnion? RecipientType { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyNotificationRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyNotificationRuleArgs() + { + } + public static new RoleManagementPolicyNotificationRuleArgs Empty => new RoleManagementPolicyNotificationRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyPimOnlyModeRuleArgs.cs b/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyPimOnlyModeRuleArgs.cs new file mode 100644 index 000000000000..0379953c4d51 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyPimOnlyModeRuleArgs.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview.Inputs +{ + + /// + /// The role management policy PIM only mode rule. + /// + public sealed class RoleManagementPolicyPimOnlyModeRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The id of the rule. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The PIM Only Mode settings + /// + [Input("pimOnlyModeSettings")] + public Input? PimOnlyModeSettings { get; set; } + + /// + /// The type of rule + /// Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + /// + [Input("ruleType", required: true)] + public Input RuleType { get; set; } = null!; + + /// + /// The target of the current rule. + /// + [Input("target")] + public Input? Target { get; set; } + + public RoleManagementPolicyPimOnlyModeRuleArgs() + { + } + public static new RoleManagementPolicyPimOnlyModeRuleArgs Empty => new RoleManagementPolicyPimOnlyModeRuleArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyRuleTargetArgs.cs b/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyRuleTargetArgs.cs new file mode 100644 index 000000000000..abd9ced54ade --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/Inputs/RoleManagementPolicyRuleTargetArgs.cs @@ -0,0 +1,83 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview.Inputs +{ + + /// + /// The role management policy rule target. + /// + public sealed class RoleManagementPolicyRuleTargetArgs : global::Pulumi.ResourceArgs + { + /// + /// The caller of the setting. + /// + [Input("caller")] + public Input? Caller { get; set; } + + [Input("enforcedSettings")] + private InputList? _enforcedSettings; + + /// + /// The list of enforced settings. + /// + public InputList EnforcedSettings + { + get => _enforcedSettings ?? (_enforcedSettings = new InputList()); + set => _enforcedSettings = value; + } + + [Input("inheritableSettings")] + private InputList? _inheritableSettings; + + /// + /// The list of inheritable settings. + /// + public InputList InheritableSettings + { + get => _inheritableSettings ?? (_inheritableSettings = new InputList()); + set => _inheritableSettings = value; + } + + /// + /// The assignment level to which rule is applied. + /// + [Input("level")] + public Input? Level { get; set; } + + [Input("operations")] + private InputList? _operations; + + /// + /// The type of operation. + /// + public InputList Operations + { + get => _operations ?? (_operations = new InputList()); + set => _operations = value; + } + + [Input("targetObjects")] + private InputList? _targetObjects; + + /// + /// The list of target objects. + /// + public InputList TargetObjects + { + get => _targetObjects ?? (_targetObjects = new InputList()); + set => _targetObjects = value; + } + + public RoleManagementPolicyRuleTargetArgs() + { + } + public static new RoleManagementPolicyRuleTargetArgs Empty => new RoleManagementPolicyRuleTargetArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/Inputs/UserSetArgs.cs b/sdk/dotnet/Authorization/V20240901Preview/Inputs/UserSetArgs.cs new file mode 100644 index 000000000000..b19532999bcc --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/Inputs/UserSetArgs.cs @@ -0,0 +1,47 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview.Inputs +{ + + /// + /// The detail of a user. + /// + public sealed class UserSetArgs : global::Pulumi.ResourceArgs + { + /// + /// The description of the user. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// The object id of the user. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The value indicating whether the user is a backup fallback approver + /// + [Input("isBackup")] + public Input? IsBackup { get; set; } + + /// + /// The type of user. + /// + [Input("userType")] + public InputUnion? UserType { get; set; } + + public UserSetArgs() + { + } + public static new UserSetArgs Empty => new UserSetArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/Inputs/UsersOrServicePrincipalSetArgs.cs b/sdk/dotnet/Authorization/V20240901Preview/Inputs/UsersOrServicePrincipalSetArgs.cs new file mode 100644 index 000000000000..3ce581c9a5fc --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/Inputs/UsersOrServicePrincipalSetArgs.cs @@ -0,0 +1,41 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview.Inputs +{ + + /// + /// The detail of a subject. + /// + public sealed class UsersOrServicePrincipalSetArgs : global::Pulumi.ResourceArgs + { + /// + /// The display Name of the entity. + /// + [Input("displayName")] + public Input? DisplayName { get; set; } + + /// + /// The object id of the entity. + /// + [Input("id")] + public Input? Id { get; set; } + + /// + /// The type of user. + /// + [Input("type")] + public InputUnion? Type { get; set; } + + public UsersOrServicePrincipalSetArgs() + { + } + public static new UsersOrServicePrincipalSetArgs Empty => new UsersOrServicePrincipalSetArgs(); + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/Outputs/PolicyPropertiesResponse.cs b/sdk/dotnet/Authorization/V20240901Preview/Outputs/PolicyPropertiesResponse.cs new file mode 100644 index 000000000000..ff27d5349076 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/Outputs/PolicyPropertiesResponse.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview.Outputs +{ + + /// + /// Expanded info of resource scope + /// + [OutputType] + public sealed class PolicyPropertiesResponse + { + /// + /// Details of the resource scope + /// + public readonly Outputs.PolicyPropertiesResponseScope Scope; + + [OutputConstructor] + private PolicyPropertiesResponse(Outputs.PolicyPropertiesResponseScope scope) + { + Scope = scope; + } + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/Outputs/PolicyPropertiesResponseScope.cs b/sdk/dotnet/Authorization/V20240901Preview/Outputs/PolicyPropertiesResponseScope.cs new file mode 100644 index 000000000000..752322603dd6 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/Outputs/PolicyPropertiesResponseScope.cs @@ -0,0 +1,45 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview.Outputs +{ + + /// + /// Details of the resource scope + /// + [OutputType] + public sealed class PolicyPropertiesResponseScope + { + /// + /// Display name of the resource + /// + public readonly string? DisplayName; + /// + /// Scope id of the resource + /// + public readonly string? Id; + /// + /// Type of the resource + /// + public readonly string? Type; + + [OutputConstructor] + private PolicyPropertiesResponseScope( + string? displayName, + + string? id, + + string? type) + { + DisplayName = displayName; + Id = id; + Type = type; + } + } +} diff --git a/sdk/dotnet/Authorization/V20240901Preview/RoleManagementPolicy.cs b/sdk/dotnet/Authorization/V20240901Preview/RoleManagementPolicy.cs new file mode 100644 index 000000000000..e3ace2e687e2 --- /dev/null +++ b/sdk/dotnet/Authorization/V20240901Preview/RoleManagementPolicy.cs @@ -0,0 +1,183 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AzureNative.Authorization.V20240901Preview +{ + /// + /// Role management policy + /// + [AzureNativeResourceType("azure-native:authorization/v20240901preview:RoleManagementPolicy")] + public partial class RoleManagementPolicy : global::Pulumi.CustomResource + { + /// + /// The role management policy description. + /// + [Output("description")] + public Output Description { get; private set; } = null!; + + /// + /// The role management policy display name. + /// + [Output("displayName")] + public Output DisplayName { get; private set; } = null!; + + /// + /// The readonly computed rule applied to the policy. + /// + [Output("effectiveRules")] + public Output> EffectiveRules { get; private set; } = null!; + + /// + /// The role management policy is default policy. + /// + [Output("isOrganizationDefault")] + public Output IsOrganizationDefault { get; private set; } = null!; + + /// + /// The name of the entity last modified it + /// + [Output("lastModifiedBy")] + public Output LastModifiedBy { get; private set; } = null!; + + /// + /// The last modified date time. + /// + [Output("lastModifiedDateTime")] + public Output LastModifiedDateTime { get; private set; } = null!; + + /// + /// The role management policy name. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// Additional properties of scope + /// + [Output("policyProperties")] + public Output PolicyProperties { get; private set; } = null!; + + /// + /// The rule applied to the policy. + /// + [Output("rules")] + public Output> Rules { get; private set; } = null!; + + /// + /// The role management policy scope. + /// + [Output("scope")] + public Output Scope { get; private set; } = null!; + + /// + /// The role management policy type. + /// + [Output("type")] + public Output Type { get; private set; } = null!; + + + /// + /// Create a RoleManagementPolicy resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public RoleManagementPolicy(string name, RoleManagementPolicyArgs args, CustomResourceOptions? options = null) + : base("azure-native:authorization/v20240901preview:RoleManagementPolicy", name, args ?? new RoleManagementPolicyArgs(), MakeResourceOptions(options, "")) + { + } + + private RoleManagementPolicy(string name, Input id, CustomResourceOptions? options = null) + : base("azure-native:authorization/v20240901preview:RoleManagementPolicy", name, null, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + Aliases = + { + new global::Pulumi.Alias { Type = "azure-native:authorization:RoleManagementPolicy" }, + new global::Pulumi.Alias { Type = "azure-native:authorization/v20201001:RoleManagementPolicy" }, + new global::Pulumi.Alias { Type = "azure-native:authorization/v20201001preview:RoleManagementPolicy" }, + new global::Pulumi.Alias { Type = "azure-native:authorization/v20240201preview:RoleManagementPolicy" }, + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing RoleManagementPolicy resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// A bag of options that control this resource's behavior + public static RoleManagementPolicy Get(string name, Input id, CustomResourceOptions? options = null) + { + return new RoleManagementPolicy(name, id, options); + } + } + + public sealed class RoleManagementPolicyArgs : global::Pulumi.ResourceArgs + { + /// + /// The role management policy description. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// The role management policy display name. + /// + [Input("displayName")] + public Input? DisplayName { get; set; } + + /// + /// The role management policy is default policy. + /// + [Input("isOrganizationDefault")] + public Input? IsOrganizationDefault { get; set; } + + /// + /// The name (guid) of the role management policy to upsert. + /// + [Input("roleManagementPolicyName")] + public Input? RoleManagementPolicyName { get; set; } + + [Input("rules")] + private InputList? _rules; + + /// + /// The rule applied to the policy. + /// + public InputList Rules + { + get => _rules ?? (_rules = new InputList()); + set => _rules = value; + } + + /// + /// The role management policy scope. + /// + [Input("scope", required: true)] + public Input Scope { get; set; } = null!; + + public RoleManagementPolicyArgs() + { + } + public static new RoleManagementPolicyArgs Empty => new RoleManagementPolicyArgs(); + } +} diff --git a/sdk/nodejs/authorization/getRoleManagementPolicy.ts b/sdk/nodejs/authorization/getRoleManagementPolicy.ts new file mode 100644 index 000000000000..d7a62fa8121c --- /dev/null +++ b/sdk/nodejs/authorization/getRoleManagementPolicy.ts @@ -0,0 +1,111 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../types/input"; +import * as outputs from "../types/output"; +import * as enums from "../types/enums"; +import * as utilities from "../utilities"; + +/** + * Get the specified role management policy for a resource scope + * Azure REST API version: 2024-09-01-preview. + * + * Other available API versions: 2020-10-01, 2020-10-01-preview, 2024-02-01-preview. + */ +export function getRoleManagementPolicy(args: GetRoleManagementPolicyArgs, opts?: pulumi.InvokeOptions): Promise { + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invoke("azure-native:authorization:getRoleManagementPolicy", { + "roleManagementPolicyName": args.roleManagementPolicyName, + "scope": args.scope, + }, opts); +} + +export interface GetRoleManagementPolicyArgs { + /** + * The name (guid) of the role management policy to get. + */ + roleManagementPolicyName: string; + /** + * The scope of the role management policy. + */ + scope: string; +} + +/** + * Role management policy + */ +export interface GetRoleManagementPolicyResult { + /** + * The role management policy description. + */ + readonly description?: string; + /** + * The role management policy display name. + */ + readonly displayName?: string; + /** + * The readonly computed rule applied to the policy. + */ + readonly effectiveRules: (outputs.authorization.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.RoleManagementPolicyNotificationRuleResponse | outputs.authorization.RoleManagementPolicyPimOnlyModeRuleResponse)[]; + /** + * The role management policy Id. + */ + readonly id: string; + /** + * The role management policy is default policy. + */ + readonly isOrganizationDefault?: boolean; + /** + * The name of the entity last modified it + */ + readonly lastModifiedBy: outputs.authorization.PrincipalResponse; + /** + * The last modified date time. + */ + readonly lastModifiedDateTime: string; + /** + * The role management policy name. + */ + readonly name: string; + /** + * Additional properties of scope + */ + readonly policyProperties: outputs.authorization.PolicyPropertiesResponse; + /** + * The rule applied to the policy. + */ + readonly rules?: (outputs.authorization.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.RoleManagementPolicyNotificationRuleResponse | outputs.authorization.RoleManagementPolicyPimOnlyModeRuleResponse)[]; + /** + * The role management policy scope. + */ + readonly scope?: string; + /** + * The role management policy type. + */ + readonly type: string; +} +/** + * Get the specified role management policy for a resource scope + * Azure REST API version: 2024-09-01-preview. + * + * Other available API versions: 2020-10-01, 2020-10-01-preview, 2024-02-01-preview. + */ +export function getRoleManagementPolicyOutput(args: GetRoleManagementPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invokeOutput("azure-native:authorization:getRoleManagementPolicy", { + "roleManagementPolicyName": args.roleManagementPolicyName, + "scope": args.scope, + }, opts); +} + +export interface GetRoleManagementPolicyOutputArgs { + /** + * The name (guid) of the role management policy to get. + */ + roleManagementPolicyName: pulumi.Input; + /** + * The scope of the role management policy. + */ + scope: pulumi.Input; +} diff --git a/sdk/nodejs/authorization/index.ts b/sdk/nodejs/authorization/index.ts index 2106f5b35b54..6e77bb295435 100644 --- a/sdk/nodejs/authorization/index.ts +++ b/sdk/nodejs/authorization/index.ts @@ -125,6 +125,11 @@ export const getRoleDefinition: typeof import("./getRoleDefinition").getRoleDefi export const getRoleDefinitionOutput: typeof import("./getRoleDefinition").getRoleDefinitionOutput = null as any; utilities.lazyLoad(exports, ["getRoleDefinition","getRoleDefinitionOutput"], () => require("./getRoleDefinition")); +export { GetRoleManagementPolicyArgs, GetRoleManagementPolicyResult, GetRoleManagementPolicyOutputArgs } from "./getRoleManagementPolicy"; +export const getRoleManagementPolicy: typeof import("./getRoleManagementPolicy").getRoleManagementPolicy = null as any; +export const getRoleManagementPolicyOutput: typeof import("./getRoleManagementPolicy").getRoleManagementPolicyOutput = null as any; +utilities.lazyLoad(exports, ["getRoleManagementPolicy","getRoleManagementPolicyOutput"], () => require("./getRoleManagementPolicy")); + export { GetRoleManagementPolicyAssignmentArgs, GetRoleManagementPolicyAssignmentResult, GetRoleManagementPolicyAssignmentOutputArgs } from "./getRoleManagementPolicyAssignment"; export const getRoleManagementPolicyAssignment: typeof import("./getRoleManagementPolicyAssignment").getRoleManagementPolicyAssignment = null as any; export const getRoleManagementPolicyAssignmentOutput: typeof import("./getRoleManagementPolicyAssignment").getRoleManagementPolicyAssignmentOutput = null as any; @@ -280,6 +285,11 @@ export type RoleDefinition = import("./roleDefinition").RoleDefinition; export const RoleDefinition: typeof import("./roleDefinition").RoleDefinition = null as any; utilities.lazyLoad(exports, ["RoleDefinition"], () => require("./roleDefinition")); +export { RoleManagementPolicyArgs } from "./roleManagementPolicy"; +export type RoleManagementPolicy = import("./roleManagementPolicy").RoleManagementPolicy; +export const RoleManagementPolicy: typeof import("./roleManagementPolicy").RoleManagementPolicy = null as any; +utilities.lazyLoad(exports, ["RoleManagementPolicy"], () => require("./roleManagementPolicy")); + export { RoleManagementPolicyAssignmentArgs } from "./roleManagementPolicyAssignment"; export type RoleManagementPolicyAssignment = import("./roleManagementPolicyAssignment").RoleManagementPolicyAssignment; export const RoleManagementPolicyAssignment: typeof import("./roleManagementPolicyAssignment").RoleManagementPolicyAssignment = null as any; @@ -410,6 +420,8 @@ const _module = { return new RoleAssignment(name, undefined, { urn }) case "azure-native:authorization:RoleDefinition": return new RoleDefinition(name, undefined, { urn }) + case "azure-native:authorization:RoleManagementPolicy": + return new RoleManagementPolicy(name, undefined, { urn }) case "azure-native:authorization:RoleManagementPolicyAssignment": return new RoleManagementPolicyAssignment(name, undefined, { urn }) case "azure-native:authorization:ScopeAccessReviewHistoryDefinitionById": diff --git a/sdk/nodejs/authorization/roleManagementPolicy.ts b/sdk/nodejs/authorization/roleManagementPolicy.ts new file mode 100644 index 000000000000..f48fd4270fb9 --- /dev/null +++ b/sdk/nodejs/authorization/roleManagementPolicy.ts @@ -0,0 +1,162 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../types/input"; +import * as outputs from "../types/output"; +import * as enums from "../types/enums"; +import * as utilities from "../utilities"; + +/** + * Role management policy + * Azure REST API version: 2024-09-01-preview. + * + * Other available API versions: 2020-10-01, 2020-10-01-preview, 2024-02-01-preview. + */ +export class RoleManagementPolicy extends pulumi.CustomResource { + /** + * Get an existing RoleManagementPolicy resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, opts?: pulumi.CustomResourceOptions): RoleManagementPolicy { + return new RoleManagementPolicy(name, undefined as any, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'azure-native:authorization:RoleManagementPolicy'; + + /** + * Returns true if the given object is an instance of RoleManagementPolicy. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is RoleManagementPolicy { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === RoleManagementPolicy.__pulumiType; + } + + /** + * The role management policy description. + */ + public readonly description!: pulumi.Output; + /** + * The role management policy display name. + */ + public readonly displayName!: pulumi.Output; + /** + * The readonly computed rule applied to the policy. + */ + public /*out*/ readonly effectiveRules!: pulumi.Output<(outputs.authorization.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.RoleManagementPolicyNotificationRuleResponse | outputs.authorization.RoleManagementPolicyPimOnlyModeRuleResponse)[]>; + /** + * The role management policy is default policy. + */ + public readonly isOrganizationDefault!: pulumi.Output; + /** + * The name of the entity last modified it + */ + public /*out*/ readonly lastModifiedBy!: pulumi.Output; + /** + * The last modified date time. + */ + public /*out*/ readonly lastModifiedDateTime!: pulumi.Output; + /** + * The role management policy name. + */ + public /*out*/ readonly name!: pulumi.Output; + /** + * Additional properties of scope + */ + public /*out*/ readonly policyProperties!: pulumi.Output; + /** + * The rule applied to the policy. + */ + public readonly rules!: pulumi.Output<(outputs.authorization.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.RoleManagementPolicyNotificationRuleResponse | outputs.authorization.RoleManagementPolicyPimOnlyModeRuleResponse)[] | undefined>; + /** + * The role management policy scope. + */ + public readonly scope!: pulumi.Output; + /** + * The role management policy type. + */ + public /*out*/ readonly type!: pulumi.Output; + + /** + * Create a RoleManagementPolicy resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: RoleManagementPolicyArgs, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (!opts.id) { + if ((!args || args.scope === undefined) && !opts.urn) { + throw new Error("Missing required property 'scope'"); + } + resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["displayName"] = args ? args.displayName : undefined; + resourceInputs["isOrganizationDefault"] = args ? args.isOrganizationDefault : undefined; + resourceInputs["roleManagementPolicyName"] = args ? args.roleManagementPolicyName : undefined; + resourceInputs["rules"] = args ? args.rules : undefined; + resourceInputs["scope"] = args ? args.scope : undefined; + resourceInputs["effectiveRules"] = undefined /*out*/; + resourceInputs["lastModifiedBy"] = undefined /*out*/; + resourceInputs["lastModifiedDateTime"] = undefined /*out*/; + resourceInputs["name"] = undefined /*out*/; + resourceInputs["policyProperties"] = undefined /*out*/; + resourceInputs["type"] = undefined /*out*/; + } else { + resourceInputs["description"] = undefined /*out*/; + resourceInputs["displayName"] = undefined /*out*/; + resourceInputs["effectiveRules"] = undefined /*out*/; + resourceInputs["isOrganizationDefault"] = undefined /*out*/; + resourceInputs["lastModifiedBy"] = undefined /*out*/; + resourceInputs["lastModifiedDateTime"] = undefined /*out*/; + resourceInputs["name"] = undefined /*out*/; + resourceInputs["policyProperties"] = undefined /*out*/; + resourceInputs["rules"] = undefined /*out*/; + resourceInputs["scope"] = undefined /*out*/; + resourceInputs["type"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const aliasOpts = { aliases: [{ type: "azure-native:authorization/v20201001:RoleManagementPolicy" }, { type: "azure-native:authorization/v20201001preview:RoleManagementPolicy" }, { type: "azure-native:authorization/v20240201preview:RoleManagementPolicy" }, { type: "azure-native:authorization/v20240901preview:RoleManagementPolicy" }] }; + opts = pulumi.mergeOptions(opts, aliasOpts); + super(RoleManagementPolicy.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * The set of arguments for constructing a RoleManagementPolicy resource. + */ +export interface RoleManagementPolicyArgs { + /** + * The role management policy description. + */ + description?: pulumi.Input; + /** + * The role management policy display name. + */ + displayName?: pulumi.Input; + /** + * The role management policy is default policy. + */ + isOrganizationDefault?: pulumi.Input; + /** + * The name (guid) of the role management policy to upsert. + */ + roleManagementPolicyName?: pulumi.Input; + /** + * The rule applied to the policy. + */ + rules?: pulumi.Input[]>; + /** + * The role management policy scope. + */ + scope: pulumi.Input; +} diff --git a/sdk/nodejs/authorization/v20201001/getRoleManagementPolicy.ts b/sdk/nodejs/authorization/v20201001/getRoleManagementPolicy.ts new file mode 100644 index 000000000000..dee941ab63c3 --- /dev/null +++ b/sdk/nodejs/authorization/v20201001/getRoleManagementPolicy.ts @@ -0,0 +1,105 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../../types/input"; +import * as outputs from "../../types/output"; +import * as enums from "../../types/enums"; +import * as utilities from "../../utilities"; + +/** + * Get the specified role management policy for a resource scope + */ +export function getRoleManagementPolicy(args: GetRoleManagementPolicyArgs, opts?: pulumi.InvokeOptions): Promise { + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invoke("azure-native:authorization/v20201001:getRoleManagementPolicy", { + "roleManagementPolicyName": args.roleManagementPolicyName, + "scope": args.scope, + }, opts); +} + +export interface GetRoleManagementPolicyArgs { + /** + * The name (guid) of the role management policy to get. + */ + roleManagementPolicyName: string; + /** + * The scope of the role management policy. + */ + scope: string; +} + +/** + * Role management policy + */ +export interface GetRoleManagementPolicyResult { + /** + * The role management policy description. + */ + readonly description?: string; + /** + * The role management policy display name. + */ + readonly displayName?: string; + /** + * The readonly computed rule applied to the policy. + */ + readonly effectiveRules: (outputs.authorization.v20201001.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.v20201001.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.v20201001.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.v20201001.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.v20201001.RoleManagementPolicyNotificationRuleResponse)[]; + /** + * The role management policy Id. + */ + readonly id: string; + /** + * The role management policy is default policy. + */ + readonly isOrganizationDefault?: boolean; + /** + * The name of the entity last modified it + */ + readonly lastModifiedBy: outputs.authorization.v20201001.PrincipalResponse; + /** + * The last modified date time. + */ + readonly lastModifiedDateTime: string; + /** + * The role management policy name. + */ + readonly name: string; + /** + * Additional properties of scope + */ + readonly policyProperties: outputs.authorization.v20201001.PolicyPropertiesResponse; + /** + * The rule applied to the policy. + */ + readonly rules?: (outputs.authorization.v20201001.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.v20201001.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.v20201001.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.v20201001.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.v20201001.RoleManagementPolicyNotificationRuleResponse)[]; + /** + * The role management policy scope. + */ + readonly scope?: string; + /** + * The role management policy type. + */ + readonly type: string; +} +/** + * Get the specified role management policy for a resource scope + */ +export function getRoleManagementPolicyOutput(args: GetRoleManagementPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invokeOutput("azure-native:authorization/v20201001:getRoleManagementPolicy", { + "roleManagementPolicyName": args.roleManagementPolicyName, + "scope": args.scope, + }, opts); +} + +export interface GetRoleManagementPolicyOutputArgs { + /** + * The name (guid) of the role management policy to get. + */ + roleManagementPolicyName: pulumi.Input; + /** + * The scope of the role management policy. + */ + scope: pulumi.Input; +} diff --git a/sdk/nodejs/authorization/v20201001/index.ts b/sdk/nodejs/authorization/v20201001/index.ts index ff40b3ea8ea2..7893f478edb8 100644 --- a/sdk/nodejs/authorization/v20201001/index.ts +++ b/sdk/nodejs/authorization/v20201001/index.ts @@ -5,21 +5,36 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../../utilities"; // Export members: +export { GetRoleManagementPolicyArgs, GetRoleManagementPolicyResult, GetRoleManagementPolicyOutputArgs } from "./getRoleManagementPolicy"; +export const getRoleManagementPolicy: typeof import("./getRoleManagementPolicy").getRoleManagementPolicy = null as any; +export const getRoleManagementPolicyOutput: typeof import("./getRoleManagementPolicy").getRoleManagementPolicyOutput = null as any; +utilities.lazyLoad(exports, ["getRoleManagementPolicy","getRoleManagementPolicyOutput"], () => require("./getRoleManagementPolicy")); + export { GetRoleManagementPolicyAssignmentArgs, GetRoleManagementPolicyAssignmentResult, GetRoleManagementPolicyAssignmentOutputArgs } from "./getRoleManagementPolicyAssignment"; export const getRoleManagementPolicyAssignment: typeof import("./getRoleManagementPolicyAssignment").getRoleManagementPolicyAssignment = null as any; export const getRoleManagementPolicyAssignmentOutput: typeof import("./getRoleManagementPolicyAssignment").getRoleManagementPolicyAssignmentOutput = null as any; utilities.lazyLoad(exports, ["getRoleManagementPolicyAssignment","getRoleManagementPolicyAssignmentOutput"], () => require("./getRoleManagementPolicyAssignment")); +export { RoleManagementPolicyArgs } from "./roleManagementPolicy"; +export type RoleManagementPolicy = import("./roleManagementPolicy").RoleManagementPolicy; +export const RoleManagementPolicy: typeof import("./roleManagementPolicy").RoleManagementPolicy = null as any; +utilities.lazyLoad(exports, ["RoleManagementPolicy"], () => require("./roleManagementPolicy")); + export { RoleManagementPolicyAssignmentArgs } from "./roleManagementPolicyAssignment"; export type RoleManagementPolicyAssignment = import("./roleManagementPolicyAssignment").RoleManagementPolicyAssignment; export const RoleManagementPolicyAssignment: typeof import("./roleManagementPolicyAssignment").RoleManagementPolicyAssignment = null as any; utilities.lazyLoad(exports, ["RoleManagementPolicyAssignment"], () => require("./roleManagementPolicyAssignment")); +// Export enums: +export * from "../../types/enums/authorization/v20201001"; + const _module = { version: utilities.getVersion(), construct: (name: string, type: string, urn: string): pulumi.Resource => { switch (type) { + case "azure-native:authorization/v20201001:RoleManagementPolicy": + return new RoleManagementPolicy(name, undefined, { urn }) case "azure-native:authorization/v20201001:RoleManagementPolicyAssignment": return new RoleManagementPolicyAssignment(name, undefined, { urn }) default: diff --git a/sdk/nodejs/authorization/v20201001/roleManagementPolicy.ts b/sdk/nodejs/authorization/v20201001/roleManagementPolicy.ts new file mode 100644 index 000000000000..6557ae51367c --- /dev/null +++ b/sdk/nodejs/authorization/v20201001/roleManagementPolicy.ts @@ -0,0 +1,159 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../../types/input"; +import * as outputs from "../../types/output"; +import * as enums from "../../types/enums"; +import * as utilities from "../../utilities"; + +/** + * Role management policy + */ +export class RoleManagementPolicy extends pulumi.CustomResource { + /** + * Get an existing RoleManagementPolicy resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, opts?: pulumi.CustomResourceOptions): RoleManagementPolicy { + return new RoleManagementPolicy(name, undefined as any, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'azure-native:authorization/v20201001:RoleManagementPolicy'; + + /** + * Returns true if the given object is an instance of RoleManagementPolicy. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is RoleManagementPolicy { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === RoleManagementPolicy.__pulumiType; + } + + /** + * The role management policy description. + */ + public readonly description!: pulumi.Output; + /** + * The role management policy display name. + */ + public readonly displayName!: pulumi.Output; + /** + * The readonly computed rule applied to the policy. + */ + public /*out*/ readonly effectiveRules!: pulumi.Output<(outputs.authorization.v20201001.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.v20201001.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.v20201001.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.v20201001.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.v20201001.RoleManagementPolicyNotificationRuleResponse)[]>; + /** + * The role management policy is default policy. + */ + public readonly isOrganizationDefault!: pulumi.Output; + /** + * The name of the entity last modified it + */ + public /*out*/ readonly lastModifiedBy!: pulumi.Output; + /** + * The last modified date time. + */ + public /*out*/ readonly lastModifiedDateTime!: pulumi.Output; + /** + * The role management policy name. + */ + public /*out*/ readonly name!: pulumi.Output; + /** + * Additional properties of scope + */ + public /*out*/ readonly policyProperties!: pulumi.Output; + /** + * The rule applied to the policy. + */ + public readonly rules!: pulumi.Output<(outputs.authorization.v20201001.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.v20201001.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.v20201001.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.v20201001.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.v20201001.RoleManagementPolicyNotificationRuleResponse)[] | undefined>; + /** + * The role management policy scope. + */ + public readonly scope!: pulumi.Output; + /** + * The role management policy type. + */ + public /*out*/ readonly type!: pulumi.Output; + + /** + * Create a RoleManagementPolicy resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: RoleManagementPolicyArgs, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (!opts.id) { + if ((!args || args.scope === undefined) && !opts.urn) { + throw new Error("Missing required property 'scope'"); + } + resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["displayName"] = args ? args.displayName : undefined; + resourceInputs["isOrganizationDefault"] = args ? args.isOrganizationDefault : undefined; + resourceInputs["roleManagementPolicyName"] = args ? args.roleManagementPolicyName : undefined; + resourceInputs["rules"] = args ? args.rules : undefined; + resourceInputs["scope"] = args ? args.scope : undefined; + resourceInputs["effectiveRules"] = undefined /*out*/; + resourceInputs["lastModifiedBy"] = undefined /*out*/; + resourceInputs["lastModifiedDateTime"] = undefined /*out*/; + resourceInputs["name"] = undefined /*out*/; + resourceInputs["policyProperties"] = undefined /*out*/; + resourceInputs["type"] = undefined /*out*/; + } else { + resourceInputs["description"] = undefined /*out*/; + resourceInputs["displayName"] = undefined /*out*/; + resourceInputs["effectiveRules"] = undefined /*out*/; + resourceInputs["isOrganizationDefault"] = undefined /*out*/; + resourceInputs["lastModifiedBy"] = undefined /*out*/; + resourceInputs["lastModifiedDateTime"] = undefined /*out*/; + resourceInputs["name"] = undefined /*out*/; + resourceInputs["policyProperties"] = undefined /*out*/; + resourceInputs["rules"] = undefined /*out*/; + resourceInputs["scope"] = undefined /*out*/; + resourceInputs["type"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const aliasOpts = { aliases: [{ type: "azure-native:authorization:RoleManagementPolicy" }, { type: "azure-native:authorization/v20201001preview:RoleManagementPolicy" }, { type: "azure-native:authorization/v20240201preview:RoleManagementPolicy" }, { type: "azure-native:authorization/v20240901preview:RoleManagementPolicy" }] }; + opts = pulumi.mergeOptions(opts, aliasOpts); + super(RoleManagementPolicy.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * The set of arguments for constructing a RoleManagementPolicy resource. + */ +export interface RoleManagementPolicyArgs { + /** + * The role management policy description. + */ + description?: pulumi.Input; + /** + * The role management policy display name. + */ + displayName?: pulumi.Input; + /** + * The role management policy is default policy. + */ + isOrganizationDefault?: pulumi.Input; + /** + * The name (guid) of the role management policy to upsert. + */ + roleManagementPolicyName?: pulumi.Input; + /** + * The rule applied to the policy. + */ + rules?: pulumi.Input[]>; + /** + * The role management policy scope. + */ + scope: pulumi.Input; +} diff --git a/sdk/nodejs/authorization/v20201001preview/getRoleManagementPolicy.ts b/sdk/nodejs/authorization/v20201001preview/getRoleManagementPolicy.ts new file mode 100644 index 000000000000..a5cce2172f52 --- /dev/null +++ b/sdk/nodejs/authorization/v20201001preview/getRoleManagementPolicy.ts @@ -0,0 +1,105 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../../types/input"; +import * as outputs from "../../types/output"; +import * as enums from "../../types/enums"; +import * as utilities from "../../utilities"; + +/** + * Get the specified role management policy for a resource scope + */ +export function getRoleManagementPolicy(args: GetRoleManagementPolicyArgs, opts?: pulumi.InvokeOptions): Promise { + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invoke("azure-native:authorization/v20201001preview:getRoleManagementPolicy", { + "roleManagementPolicyName": args.roleManagementPolicyName, + "scope": args.scope, + }, opts); +} + +export interface GetRoleManagementPolicyArgs { + /** + * The name (guid) of the role management policy to get. + */ + roleManagementPolicyName: string; + /** + * The scope of the role management policy. + */ + scope: string; +} + +/** + * Role management policy + */ +export interface GetRoleManagementPolicyResult { + /** + * The role management policy description. + */ + readonly description?: string; + /** + * The role management policy display name. + */ + readonly displayName?: string; + /** + * The readonly computed rule applied to the policy. + */ + readonly effectiveRules: (outputs.authorization.v20201001preview.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.v20201001preview.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.v20201001preview.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.v20201001preview.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.v20201001preview.RoleManagementPolicyNotificationRuleResponse)[]; + /** + * The role management policy Id. + */ + readonly id: string; + /** + * The role management policy is default policy. + */ + readonly isOrganizationDefault?: boolean; + /** + * The name of the entity last modified it + */ + readonly lastModifiedBy: outputs.authorization.v20201001preview.PrincipalResponse; + /** + * The last modified date time. + */ + readonly lastModifiedDateTime: string; + /** + * The role management policy name. + */ + readonly name: string; + /** + * Additional properties of scope + */ + readonly policyProperties: outputs.authorization.v20201001preview.PolicyPropertiesResponse; + /** + * The rule applied to the policy. + */ + readonly rules?: (outputs.authorization.v20201001preview.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.v20201001preview.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.v20201001preview.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.v20201001preview.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.v20201001preview.RoleManagementPolicyNotificationRuleResponse)[]; + /** + * The role management policy scope. + */ + readonly scope?: string; + /** + * The role management policy type. + */ + readonly type: string; +} +/** + * Get the specified role management policy for a resource scope + */ +export function getRoleManagementPolicyOutput(args: GetRoleManagementPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invokeOutput("azure-native:authorization/v20201001preview:getRoleManagementPolicy", { + "roleManagementPolicyName": args.roleManagementPolicyName, + "scope": args.scope, + }, opts); +} + +export interface GetRoleManagementPolicyOutputArgs { + /** + * The name (guid) of the role management policy to get. + */ + roleManagementPolicyName: pulumi.Input; + /** + * The scope of the role management policy. + */ + scope: pulumi.Input; +} diff --git a/sdk/nodejs/authorization/v20201001preview/index.ts b/sdk/nodejs/authorization/v20201001preview/index.ts index 8ccd1be3ee78..e9dba9d21f72 100644 --- a/sdk/nodejs/authorization/v20201001preview/index.ts +++ b/sdk/nodejs/authorization/v20201001preview/index.ts @@ -5,21 +5,36 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../../utilities"; // Export members: +export { GetRoleManagementPolicyArgs, GetRoleManagementPolicyResult, GetRoleManagementPolicyOutputArgs } from "./getRoleManagementPolicy"; +export const getRoleManagementPolicy: typeof import("./getRoleManagementPolicy").getRoleManagementPolicy = null as any; +export const getRoleManagementPolicyOutput: typeof import("./getRoleManagementPolicy").getRoleManagementPolicyOutput = null as any; +utilities.lazyLoad(exports, ["getRoleManagementPolicy","getRoleManagementPolicyOutput"], () => require("./getRoleManagementPolicy")); + export { GetRoleManagementPolicyAssignmentArgs, GetRoleManagementPolicyAssignmentResult, GetRoleManagementPolicyAssignmentOutputArgs } from "./getRoleManagementPolicyAssignment"; export const getRoleManagementPolicyAssignment: typeof import("./getRoleManagementPolicyAssignment").getRoleManagementPolicyAssignment = null as any; export const getRoleManagementPolicyAssignmentOutput: typeof import("./getRoleManagementPolicyAssignment").getRoleManagementPolicyAssignmentOutput = null as any; utilities.lazyLoad(exports, ["getRoleManagementPolicyAssignment","getRoleManagementPolicyAssignmentOutput"], () => require("./getRoleManagementPolicyAssignment")); +export { RoleManagementPolicyArgs } from "./roleManagementPolicy"; +export type RoleManagementPolicy = import("./roleManagementPolicy").RoleManagementPolicy; +export const RoleManagementPolicy: typeof import("./roleManagementPolicy").RoleManagementPolicy = null as any; +utilities.lazyLoad(exports, ["RoleManagementPolicy"], () => require("./roleManagementPolicy")); + export { RoleManagementPolicyAssignmentArgs } from "./roleManagementPolicyAssignment"; export type RoleManagementPolicyAssignment = import("./roleManagementPolicyAssignment").RoleManagementPolicyAssignment; export const RoleManagementPolicyAssignment: typeof import("./roleManagementPolicyAssignment").RoleManagementPolicyAssignment = null as any; utilities.lazyLoad(exports, ["RoleManagementPolicyAssignment"], () => require("./roleManagementPolicyAssignment")); +// Export enums: +export * from "../../types/enums/authorization/v20201001preview"; + const _module = { version: utilities.getVersion(), construct: (name: string, type: string, urn: string): pulumi.Resource => { switch (type) { + case "azure-native:authorization/v20201001preview:RoleManagementPolicy": + return new RoleManagementPolicy(name, undefined, { urn }) case "azure-native:authorization/v20201001preview:RoleManagementPolicyAssignment": return new RoleManagementPolicyAssignment(name, undefined, { urn }) default: diff --git a/sdk/nodejs/authorization/v20201001preview/roleManagementPolicy.ts b/sdk/nodejs/authorization/v20201001preview/roleManagementPolicy.ts new file mode 100644 index 000000000000..c6a014481824 --- /dev/null +++ b/sdk/nodejs/authorization/v20201001preview/roleManagementPolicy.ts @@ -0,0 +1,159 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../../types/input"; +import * as outputs from "../../types/output"; +import * as enums from "../../types/enums"; +import * as utilities from "../../utilities"; + +/** + * Role management policy + */ +export class RoleManagementPolicy extends pulumi.CustomResource { + /** + * Get an existing RoleManagementPolicy resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, opts?: pulumi.CustomResourceOptions): RoleManagementPolicy { + return new RoleManagementPolicy(name, undefined as any, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'azure-native:authorization/v20201001preview:RoleManagementPolicy'; + + /** + * Returns true if the given object is an instance of RoleManagementPolicy. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is RoleManagementPolicy { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === RoleManagementPolicy.__pulumiType; + } + + /** + * The role management policy description. + */ + public readonly description!: pulumi.Output; + /** + * The role management policy display name. + */ + public readonly displayName!: pulumi.Output; + /** + * The readonly computed rule applied to the policy. + */ + public /*out*/ readonly effectiveRules!: pulumi.Output<(outputs.authorization.v20201001preview.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.v20201001preview.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.v20201001preview.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.v20201001preview.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.v20201001preview.RoleManagementPolicyNotificationRuleResponse)[]>; + /** + * The role management policy is default policy. + */ + public readonly isOrganizationDefault!: pulumi.Output; + /** + * The name of the entity last modified it + */ + public /*out*/ readonly lastModifiedBy!: pulumi.Output; + /** + * The last modified date time. + */ + public /*out*/ readonly lastModifiedDateTime!: pulumi.Output; + /** + * The role management policy name. + */ + public /*out*/ readonly name!: pulumi.Output; + /** + * Additional properties of scope + */ + public /*out*/ readonly policyProperties!: pulumi.Output; + /** + * The rule applied to the policy. + */ + public readonly rules!: pulumi.Output<(outputs.authorization.v20201001preview.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.v20201001preview.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.v20201001preview.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.v20201001preview.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.v20201001preview.RoleManagementPolicyNotificationRuleResponse)[] | undefined>; + /** + * The role management policy scope. + */ + public readonly scope!: pulumi.Output; + /** + * The role management policy type. + */ + public /*out*/ readonly type!: pulumi.Output; + + /** + * Create a RoleManagementPolicy resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: RoleManagementPolicyArgs, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (!opts.id) { + if ((!args || args.scope === undefined) && !opts.urn) { + throw new Error("Missing required property 'scope'"); + } + resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["displayName"] = args ? args.displayName : undefined; + resourceInputs["isOrganizationDefault"] = args ? args.isOrganizationDefault : undefined; + resourceInputs["roleManagementPolicyName"] = args ? args.roleManagementPolicyName : undefined; + resourceInputs["rules"] = args ? args.rules : undefined; + resourceInputs["scope"] = args ? args.scope : undefined; + resourceInputs["effectiveRules"] = undefined /*out*/; + resourceInputs["lastModifiedBy"] = undefined /*out*/; + resourceInputs["lastModifiedDateTime"] = undefined /*out*/; + resourceInputs["name"] = undefined /*out*/; + resourceInputs["policyProperties"] = undefined /*out*/; + resourceInputs["type"] = undefined /*out*/; + } else { + resourceInputs["description"] = undefined /*out*/; + resourceInputs["displayName"] = undefined /*out*/; + resourceInputs["effectiveRules"] = undefined /*out*/; + resourceInputs["isOrganizationDefault"] = undefined /*out*/; + resourceInputs["lastModifiedBy"] = undefined /*out*/; + resourceInputs["lastModifiedDateTime"] = undefined /*out*/; + resourceInputs["name"] = undefined /*out*/; + resourceInputs["policyProperties"] = undefined /*out*/; + resourceInputs["rules"] = undefined /*out*/; + resourceInputs["scope"] = undefined /*out*/; + resourceInputs["type"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const aliasOpts = { aliases: [{ type: "azure-native:authorization:RoleManagementPolicy" }, { type: "azure-native:authorization/v20201001:RoleManagementPolicy" }, { type: "azure-native:authorization/v20240201preview:RoleManagementPolicy" }, { type: "azure-native:authorization/v20240901preview:RoleManagementPolicy" }] }; + opts = pulumi.mergeOptions(opts, aliasOpts); + super(RoleManagementPolicy.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * The set of arguments for constructing a RoleManagementPolicy resource. + */ +export interface RoleManagementPolicyArgs { + /** + * The role management policy description. + */ + description?: pulumi.Input; + /** + * The role management policy display name. + */ + displayName?: pulumi.Input; + /** + * The role management policy is default policy. + */ + isOrganizationDefault?: pulumi.Input; + /** + * The name (guid) of the role management policy to upsert. + */ + roleManagementPolicyName?: pulumi.Input; + /** + * The rule applied to the policy. + */ + rules?: pulumi.Input[]>; + /** + * The role management policy scope. + */ + scope: pulumi.Input; +} diff --git a/sdk/nodejs/authorization/v20240201preview/getRoleManagementPolicy.ts b/sdk/nodejs/authorization/v20240201preview/getRoleManagementPolicy.ts new file mode 100644 index 000000000000..77fdb5c2430f --- /dev/null +++ b/sdk/nodejs/authorization/v20240201preview/getRoleManagementPolicy.ts @@ -0,0 +1,105 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../../types/input"; +import * as outputs from "../../types/output"; +import * as enums from "../../types/enums"; +import * as utilities from "../../utilities"; + +/** + * Get the specified role management policy for a resource scope + */ +export function getRoleManagementPolicy(args: GetRoleManagementPolicyArgs, opts?: pulumi.InvokeOptions): Promise { + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invoke("azure-native:authorization/v20240201preview:getRoleManagementPolicy", { + "roleManagementPolicyName": args.roleManagementPolicyName, + "scope": args.scope, + }, opts); +} + +export interface GetRoleManagementPolicyArgs { + /** + * The name (guid) of the role management policy to get. + */ + roleManagementPolicyName: string; + /** + * The scope of the role management policy. + */ + scope: string; +} + +/** + * Role management policy + */ +export interface GetRoleManagementPolicyResult { + /** + * The role management policy description. + */ + readonly description?: string; + /** + * The role management policy display name. + */ + readonly displayName?: string; + /** + * The readonly computed rule applied to the policy. + */ + readonly effectiveRules: (outputs.authorization.v20240201preview.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyNotificationRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyPimOnlyModeRuleResponse)[]; + /** + * The role management policy Id. + */ + readonly id: string; + /** + * The role management policy is default policy. + */ + readonly isOrganizationDefault?: boolean; + /** + * The name of the entity last modified it + */ + readonly lastModifiedBy: outputs.authorization.v20240201preview.PrincipalResponse; + /** + * The last modified date time. + */ + readonly lastModifiedDateTime: string; + /** + * The role management policy name. + */ + readonly name: string; + /** + * Additional properties of scope + */ + readonly policyProperties: outputs.authorization.v20240201preview.PolicyPropertiesResponse; + /** + * The rule applied to the policy. + */ + readonly rules?: (outputs.authorization.v20240201preview.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyNotificationRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyPimOnlyModeRuleResponse)[]; + /** + * The role management policy scope. + */ + readonly scope?: string; + /** + * The role management policy type. + */ + readonly type: string; +} +/** + * Get the specified role management policy for a resource scope + */ +export function getRoleManagementPolicyOutput(args: GetRoleManagementPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invokeOutput("azure-native:authorization/v20240201preview:getRoleManagementPolicy", { + "roleManagementPolicyName": args.roleManagementPolicyName, + "scope": args.scope, + }, opts); +} + +export interface GetRoleManagementPolicyOutputArgs { + /** + * The name (guid) of the role management policy to get. + */ + roleManagementPolicyName: pulumi.Input; + /** + * The scope of the role management policy. + */ + scope: pulumi.Input; +} diff --git a/sdk/nodejs/authorization/v20240201preview/index.ts b/sdk/nodejs/authorization/v20240201preview/index.ts index c12ef7f8e894..bd6026594cbf 100644 --- a/sdk/nodejs/authorization/v20240201preview/index.ts +++ b/sdk/nodejs/authorization/v20240201preview/index.ts @@ -5,21 +5,36 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../../utilities"; // Export members: +export { GetRoleManagementPolicyArgs, GetRoleManagementPolicyResult, GetRoleManagementPolicyOutputArgs } from "./getRoleManagementPolicy"; +export const getRoleManagementPolicy: typeof import("./getRoleManagementPolicy").getRoleManagementPolicy = null as any; +export const getRoleManagementPolicyOutput: typeof import("./getRoleManagementPolicy").getRoleManagementPolicyOutput = null as any; +utilities.lazyLoad(exports, ["getRoleManagementPolicy","getRoleManagementPolicyOutput"], () => require("./getRoleManagementPolicy")); + export { GetRoleManagementPolicyAssignmentArgs, GetRoleManagementPolicyAssignmentResult, GetRoleManagementPolicyAssignmentOutputArgs } from "./getRoleManagementPolicyAssignment"; export const getRoleManagementPolicyAssignment: typeof import("./getRoleManagementPolicyAssignment").getRoleManagementPolicyAssignment = null as any; export const getRoleManagementPolicyAssignmentOutput: typeof import("./getRoleManagementPolicyAssignment").getRoleManagementPolicyAssignmentOutput = null as any; utilities.lazyLoad(exports, ["getRoleManagementPolicyAssignment","getRoleManagementPolicyAssignmentOutput"], () => require("./getRoleManagementPolicyAssignment")); +export { RoleManagementPolicyArgs } from "./roleManagementPolicy"; +export type RoleManagementPolicy = import("./roleManagementPolicy").RoleManagementPolicy; +export const RoleManagementPolicy: typeof import("./roleManagementPolicy").RoleManagementPolicy = null as any; +utilities.lazyLoad(exports, ["RoleManagementPolicy"], () => require("./roleManagementPolicy")); + export { RoleManagementPolicyAssignmentArgs } from "./roleManagementPolicyAssignment"; export type RoleManagementPolicyAssignment = import("./roleManagementPolicyAssignment").RoleManagementPolicyAssignment; export const RoleManagementPolicyAssignment: typeof import("./roleManagementPolicyAssignment").RoleManagementPolicyAssignment = null as any; utilities.lazyLoad(exports, ["RoleManagementPolicyAssignment"], () => require("./roleManagementPolicyAssignment")); +// Export enums: +export * from "../../types/enums/authorization/v20240201preview"; + const _module = { version: utilities.getVersion(), construct: (name: string, type: string, urn: string): pulumi.Resource => { switch (type) { + case "azure-native:authorization/v20240201preview:RoleManagementPolicy": + return new RoleManagementPolicy(name, undefined, { urn }) case "azure-native:authorization/v20240201preview:RoleManagementPolicyAssignment": return new RoleManagementPolicyAssignment(name, undefined, { urn }) default: diff --git a/sdk/nodejs/authorization/v20240201preview/roleManagementPolicy.ts b/sdk/nodejs/authorization/v20240201preview/roleManagementPolicy.ts new file mode 100644 index 000000000000..6f94dd5cd5e0 --- /dev/null +++ b/sdk/nodejs/authorization/v20240201preview/roleManagementPolicy.ts @@ -0,0 +1,159 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../../types/input"; +import * as outputs from "../../types/output"; +import * as enums from "../../types/enums"; +import * as utilities from "../../utilities"; + +/** + * Role management policy + */ +export class RoleManagementPolicy extends pulumi.CustomResource { + /** + * Get an existing RoleManagementPolicy resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, opts?: pulumi.CustomResourceOptions): RoleManagementPolicy { + return new RoleManagementPolicy(name, undefined as any, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'azure-native:authorization/v20240201preview:RoleManagementPolicy'; + + /** + * Returns true if the given object is an instance of RoleManagementPolicy. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is RoleManagementPolicy { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === RoleManagementPolicy.__pulumiType; + } + + /** + * The role management policy description. + */ + public readonly description!: pulumi.Output; + /** + * The role management policy display name. + */ + public readonly displayName!: pulumi.Output; + /** + * The readonly computed rule applied to the policy. + */ + public /*out*/ readonly effectiveRules!: pulumi.Output<(outputs.authorization.v20240201preview.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyNotificationRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyPimOnlyModeRuleResponse)[]>; + /** + * The role management policy is default policy. + */ + public readonly isOrganizationDefault!: pulumi.Output; + /** + * The name of the entity last modified it + */ + public /*out*/ readonly lastModifiedBy!: pulumi.Output; + /** + * The last modified date time. + */ + public /*out*/ readonly lastModifiedDateTime!: pulumi.Output; + /** + * The role management policy name. + */ + public /*out*/ readonly name!: pulumi.Output; + /** + * Additional properties of scope + */ + public /*out*/ readonly policyProperties!: pulumi.Output; + /** + * The rule applied to the policy. + */ + public readonly rules!: pulumi.Output<(outputs.authorization.v20240201preview.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyNotificationRuleResponse | outputs.authorization.v20240201preview.RoleManagementPolicyPimOnlyModeRuleResponse)[] | undefined>; + /** + * The role management policy scope. + */ + public readonly scope!: pulumi.Output; + /** + * The role management policy type. + */ + public /*out*/ readonly type!: pulumi.Output; + + /** + * Create a RoleManagementPolicy resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: RoleManagementPolicyArgs, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (!opts.id) { + if ((!args || args.scope === undefined) && !opts.urn) { + throw new Error("Missing required property 'scope'"); + } + resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["displayName"] = args ? args.displayName : undefined; + resourceInputs["isOrganizationDefault"] = args ? args.isOrganizationDefault : undefined; + resourceInputs["roleManagementPolicyName"] = args ? args.roleManagementPolicyName : undefined; + resourceInputs["rules"] = args ? args.rules : undefined; + resourceInputs["scope"] = args ? args.scope : undefined; + resourceInputs["effectiveRules"] = undefined /*out*/; + resourceInputs["lastModifiedBy"] = undefined /*out*/; + resourceInputs["lastModifiedDateTime"] = undefined /*out*/; + resourceInputs["name"] = undefined /*out*/; + resourceInputs["policyProperties"] = undefined /*out*/; + resourceInputs["type"] = undefined /*out*/; + } else { + resourceInputs["description"] = undefined /*out*/; + resourceInputs["displayName"] = undefined /*out*/; + resourceInputs["effectiveRules"] = undefined /*out*/; + resourceInputs["isOrganizationDefault"] = undefined /*out*/; + resourceInputs["lastModifiedBy"] = undefined /*out*/; + resourceInputs["lastModifiedDateTime"] = undefined /*out*/; + resourceInputs["name"] = undefined /*out*/; + resourceInputs["policyProperties"] = undefined /*out*/; + resourceInputs["rules"] = undefined /*out*/; + resourceInputs["scope"] = undefined /*out*/; + resourceInputs["type"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const aliasOpts = { aliases: [{ type: "azure-native:authorization:RoleManagementPolicy" }, { type: "azure-native:authorization/v20201001:RoleManagementPolicy" }, { type: "azure-native:authorization/v20201001preview:RoleManagementPolicy" }, { type: "azure-native:authorization/v20240901preview:RoleManagementPolicy" }] }; + opts = pulumi.mergeOptions(opts, aliasOpts); + super(RoleManagementPolicy.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * The set of arguments for constructing a RoleManagementPolicy resource. + */ +export interface RoleManagementPolicyArgs { + /** + * The role management policy description. + */ + description?: pulumi.Input; + /** + * The role management policy display name. + */ + displayName?: pulumi.Input; + /** + * The role management policy is default policy. + */ + isOrganizationDefault?: pulumi.Input; + /** + * The name (guid) of the role management policy to upsert. + */ + roleManagementPolicyName?: pulumi.Input; + /** + * The rule applied to the policy. + */ + rules?: pulumi.Input[]>; + /** + * The role management policy scope. + */ + scope: pulumi.Input; +} diff --git a/sdk/nodejs/authorization/v20240901preview/getRoleManagementPolicy.ts b/sdk/nodejs/authorization/v20240901preview/getRoleManagementPolicy.ts new file mode 100644 index 000000000000..d4e49113b7f6 --- /dev/null +++ b/sdk/nodejs/authorization/v20240901preview/getRoleManagementPolicy.ts @@ -0,0 +1,105 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../../types/input"; +import * as outputs from "../../types/output"; +import * as enums from "../../types/enums"; +import * as utilities from "../../utilities"; + +/** + * Get the specified role management policy for a resource scope + */ +export function getRoleManagementPolicy(args: GetRoleManagementPolicyArgs, opts?: pulumi.InvokeOptions): Promise { + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invoke("azure-native:authorization/v20240901preview:getRoleManagementPolicy", { + "roleManagementPolicyName": args.roleManagementPolicyName, + "scope": args.scope, + }, opts); +} + +export interface GetRoleManagementPolicyArgs { + /** + * The name (guid) of the role management policy to get. + */ + roleManagementPolicyName: string; + /** + * The scope of the role management policy. + */ + scope: string; +} + +/** + * Role management policy + */ +export interface GetRoleManagementPolicyResult { + /** + * The role management policy description. + */ + readonly description?: string; + /** + * The role management policy display name. + */ + readonly displayName?: string; + /** + * The readonly computed rule applied to the policy. + */ + readonly effectiveRules: (outputs.authorization.v20240901preview.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyNotificationRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyPimOnlyModeRuleResponse)[]; + /** + * The role management policy Id. + */ + readonly id: string; + /** + * The role management policy is default policy. + */ + readonly isOrganizationDefault?: boolean; + /** + * The name of the entity last modified it + */ + readonly lastModifiedBy: outputs.authorization.v20240901preview.PrincipalResponse; + /** + * The last modified date time. + */ + readonly lastModifiedDateTime: string; + /** + * The role management policy name. + */ + readonly name: string; + /** + * Additional properties of scope + */ + readonly policyProperties: outputs.authorization.v20240901preview.PolicyPropertiesResponse; + /** + * The rule applied to the policy. + */ + readonly rules?: (outputs.authorization.v20240901preview.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyNotificationRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyPimOnlyModeRuleResponse)[]; + /** + * The role management policy scope. + */ + readonly scope?: string; + /** + * The role management policy type. + */ + readonly type: string; +} +/** + * Get the specified role management policy for a resource scope + */ +export function getRoleManagementPolicyOutput(args: GetRoleManagementPolicyOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invokeOutput("azure-native:authorization/v20240901preview:getRoleManagementPolicy", { + "roleManagementPolicyName": args.roleManagementPolicyName, + "scope": args.scope, + }, opts); +} + +export interface GetRoleManagementPolicyOutputArgs { + /** + * The name (guid) of the role management policy to get. + */ + roleManagementPolicyName: pulumi.Input; + /** + * The scope of the role management policy. + */ + scope: pulumi.Input; +} diff --git a/sdk/nodejs/authorization/v20240901preview/index.ts b/sdk/nodejs/authorization/v20240901preview/index.ts index 54f15d4e0ace..40643ed52d1a 100644 --- a/sdk/nodejs/authorization/v20240901preview/index.ts +++ b/sdk/nodejs/authorization/v20240901preview/index.ts @@ -5,21 +5,36 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../../utilities"; // Export members: +export { GetRoleManagementPolicyArgs, GetRoleManagementPolicyResult, GetRoleManagementPolicyOutputArgs } from "./getRoleManagementPolicy"; +export const getRoleManagementPolicy: typeof import("./getRoleManagementPolicy").getRoleManagementPolicy = null as any; +export const getRoleManagementPolicyOutput: typeof import("./getRoleManagementPolicy").getRoleManagementPolicyOutput = null as any; +utilities.lazyLoad(exports, ["getRoleManagementPolicy","getRoleManagementPolicyOutput"], () => require("./getRoleManagementPolicy")); + export { GetRoleManagementPolicyAssignmentArgs, GetRoleManagementPolicyAssignmentResult, GetRoleManagementPolicyAssignmentOutputArgs } from "./getRoleManagementPolicyAssignment"; export const getRoleManagementPolicyAssignment: typeof import("./getRoleManagementPolicyAssignment").getRoleManagementPolicyAssignment = null as any; export const getRoleManagementPolicyAssignmentOutput: typeof import("./getRoleManagementPolicyAssignment").getRoleManagementPolicyAssignmentOutput = null as any; utilities.lazyLoad(exports, ["getRoleManagementPolicyAssignment","getRoleManagementPolicyAssignmentOutput"], () => require("./getRoleManagementPolicyAssignment")); +export { RoleManagementPolicyArgs } from "./roleManagementPolicy"; +export type RoleManagementPolicy = import("./roleManagementPolicy").RoleManagementPolicy; +export const RoleManagementPolicy: typeof import("./roleManagementPolicy").RoleManagementPolicy = null as any; +utilities.lazyLoad(exports, ["RoleManagementPolicy"], () => require("./roleManagementPolicy")); + export { RoleManagementPolicyAssignmentArgs } from "./roleManagementPolicyAssignment"; export type RoleManagementPolicyAssignment = import("./roleManagementPolicyAssignment").RoleManagementPolicyAssignment; export const RoleManagementPolicyAssignment: typeof import("./roleManagementPolicyAssignment").RoleManagementPolicyAssignment = null as any; utilities.lazyLoad(exports, ["RoleManagementPolicyAssignment"], () => require("./roleManagementPolicyAssignment")); +// Export enums: +export * from "../../types/enums/authorization/v20240901preview"; + const _module = { version: utilities.getVersion(), construct: (name: string, type: string, urn: string): pulumi.Resource => { switch (type) { + case "azure-native:authorization/v20240901preview:RoleManagementPolicy": + return new RoleManagementPolicy(name, undefined, { urn }) case "azure-native:authorization/v20240901preview:RoleManagementPolicyAssignment": return new RoleManagementPolicyAssignment(name, undefined, { urn }) default: diff --git a/sdk/nodejs/authorization/v20240901preview/roleManagementPolicy.ts b/sdk/nodejs/authorization/v20240901preview/roleManagementPolicy.ts new file mode 100644 index 000000000000..e32f5d03ce23 --- /dev/null +++ b/sdk/nodejs/authorization/v20240901preview/roleManagementPolicy.ts @@ -0,0 +1,159 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../../types/input"; +import * as outputs from "../../types/output"; +import * as enums from "../../types/enums"; +import * as utilities from "../../utilities"; + +/** + * Role management policy + */ +export class RoleManagementPolicy extends pulumi.CustomResource { + /** + * Get an existing RoleManagementPolicy resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, opts?: pulumi.CustomResourceOptions): RoleManagementPolicy { + return new RoleManagementPolicy(name, undefined as any, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'azure-native:authorization/v20240901preview:RoleManagementPolicy'; + + /** + * Returns true if the given object is an instance of RoleManagementPolicy. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is RoleManagementPolicy { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === RoleManagementPolicy.__pulumiType; + } + + /** + * The role management policy description. + */ + public readonly description!: pulumi.Output; + /** + * The role management policy display name. + */ + public readonly displayName!: pulumi.Output; + /** + * The readonly computed rule applied to the policy. + */ + public /*out*/ readonly effectiveRules!: pulumi.Output<(outputs.authorization.v20240901preview.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyNotificationRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyPimOnlyModeRuleResponse)[]>; + /** + * The role management policy is default policy. + */ + public readonly isOrganizationDefault!: pulumi.Output; + /** + * The name of the entity last modified it + */ + public /*out*/ readonly lastModifiedBy!: pulumi.Output; + /** + * The last modified date time. + */ + public /*out*/ readonly lastModifiedDateTime!: pulumi.Output; + /** + * The role management policy name. + */ + public /*out*/ readonly name!: pulumi.Output; + /** + * Additional properties of scope + */ + public /*out*/ readonly policyProperties!: pulumi.Output; + /** + * The rule applied to the policy. + */ + public readonly rules!: pulumi.Output<(outputs.authorization.v20240901preview.RoleManagementPolicyApprovalRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyAuthenticationContextRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyEnablementRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyExpirationRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyNotificationRuleResponse | outputs.authorization.v20240901preview.RoleManagementPolicyPimOnlyModeRuleResponse)[] | undefined>; + /** + * The role management policy scope. + */ + public readonly scope!: pulumi.Output; + /** + * The role management policy type. + */ + public /*out*/ readonly type!: pulumi.Output; + + /** + * Create a RoleManagementPolicy resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: RoleManagementPolicyArgs, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (!opts.id) { + if ((!args || args.scope === undefined) && !opts.urn) { + throw new Error("Missing required property 'scope'"); + } + resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["displayName"] = args ? args.displayName : undefined; + resourceInputs["isOrganizationDefault"] = args ? args.isOrganizationDefault : undefined; + resourceInputs["roleManagementPolicyName"] = args ? args.roleManagementPolicyName : undefined; + resourceInputs["rules"] = args ? args.rules : undefined; + resourceInputs["scope"] = args ? args.scope : undefined; + resourceInputs["effectiveRules"] = undefined /*out*/; + resourceInputs["lastModifiedBy"] = undefined /*out*/; + resourceInputs["lastModifiedDateTime"] = undefined /*out*/; + resourceInputs["name"] = undefined /*out*/; + resourceInputs["policyProperties"] = undefined /*out*/; + resourceInputs["type"] = undefined /*out*/; + } else { + resourceInputs["description"] = undefined /*out*/; + resourceInputs["displayName"] = undefined /*out*/; + resourceInputs["effectiveRules"] = undefined /*out*/; + resourceInputs["isOrganizationDefault"] = undefined /*out*/; + resourceInputs["lastModifiedBy"] = undefined /*out*/; + resourceInputs["lastModifiedDateTime"] = undefined /*out*/; + resourceInputs["name"] = undefined /*out*/; + resourceInputs["policyProperties"] = undefined /*out*/; + resourceInputs["rules"] = undefined /*out*/; + resourceInputs["scope"] = undefined /*out*/; + resourceInputs["type"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const aliasOpts = { aliases: [{ type: "azure-native:authorization:RoleManagementPolicy" }, { type: "azure-native:authorization/v20201001:RoleManagementPolicy" }, { type: "azure-native:authorization/v20201001preview:RoleManagementPolicy" }, { type: "azure-native:authorization/v20240201preview:RoleManagementPolicy" }] }; + opts = pulumi.mergeOptions(opts, aliasOpts); + super(RoleManagementPolicy.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * The set of arguments for constructing a RoleManagementPolicy resource. + */ +export interface RoleManagementPolicyArgs { + /** + * The role management policy description. + */ + description?: pulumi.Input; + /** + * The role management policy display name. + */ + displayName?: pulumi.Input; + /** + * The role management policy is default policy. + */ + isOrganizationDefault?: pulumi.Input; + /** + * The name (guid) of the role management policy to upsert. + */ + roleManagementPolicyName?: pulumi.Input; + /** + * The rule applied to the policy. + */ + rules?: pulumi.Input[]>; + /** + * The role management policy scope. + */ + scope: pulumi.Input; +} diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json index 77c2589f8966..3122c774d6b4 100644 --- a/sdk/nodejs/tsconfig.json +++ b/sdk/nodejs/tsconfig.json @@ -2592,6 +2592,7 @@ "authorization/getResourceManagementPrivateLink.ts", "authorization/getRoleAssignment.ts", "authorization/getRoleDefinition.ts", + "authorization/getRoleManagementPolicy.ts", "authorization/getRoleManagementPolicyAssignment.ts", "authorization/getScopeAccessReviewHistoryDefinitionById.ts", "authorization/getScopeAccessReviewScheduleDefinitionById.ts", @@ -2624,6 +2625,7 @@ "authorization/resourceManagementPrivateLink.ts", "authorization/roleAssignment.ts", "authorization/roleDefinition.ts", + "authorization/roleManagementPolicy.ts", "authorization/roleManagementPolicyAssignment.ts", "authorization/scopeAccessReviewHistoryDefinitionById.ts", "authorization/scopeAccessReviewScheduleDefinitionById.ts", @@ -2668,11 +2670,15 @@ "authorization/v20200501/managementLockByScope.ts", "authorization/v20200501/privateLinkAssociation.ts", "authorization/v20200501/resourceManagementPrivateLink.ts", + "authorization/v20201001/getRoleManagementPolicy.ts", "authorization/v20201001/getRoleManagementPolicyAssignment.ts", "authorization/v20201001/index.ts", + "authorization/v20201001/roleManagementPolicy.ts", "authorization/v20201001/roleManagementPolicyAssignment.ts", + "authorization/v20201001preview/getRoleManagementPolicy.ts", "authorization/v20201001preview/getRoleManagementPolicyAssignment.ts", "authorization/v20201001preview/index.ts", + "authorization/v20201001preview/roleManagementPolicy.ts", "authorization/v20201001preview/roleManagementPolicyAssignment.ts", "authorization/v20210601/getPolicyDefinition.ts", "authorization/v20210601/getPolicyDefinitionAtManagementGroup.ts", @@ -2738,8 +2744,10 @@ "authorization/v20230401/policySetDefinitionAtManagementGroup.ts", "authorization/v20230401/policySetDefinitionVersion.ts", "authorization/v20230401/policySetDefinitionVersionAtManagementGroup.ts", + "authorization/v20240201preview/getRoleManagementPolicy.ts", "authorization/v20240201preview/getRoleManagementPolicyAssignment.ts", "authorization/v20240201preview/index.ts", + "authorization/v20240201preview/roleManagementPolicy.ts", "authorization/v20240201preview/roleManagementPolicyAssignment.ts", "authorization/v20240401/getPolicyAssignment.ts", "authorization/v20240401/index.ts", @@ -2769,8 +2777,10 @@ "authorization/v20240501/policySetDefinitionAtManagementGroup.ts", "authorization/v20240501/policySetDefinitionVersion.ts", "authorization/v20240501/policySetDefinitionVersionAtManagementGroup.ts", + "authorization/v20240901preview/getRoleManagementPolicy.ts", "authorization/v20240901preview/getRoleManagementPolicyAssignment.ts", "authorization/v20240901preview/index.ts", + "authorization/v20240901preview/roleManagementPolicy.ts", "authorization/v20240901preview/roleManagementPolicyAssignment.ts", "authorization/variable.ts", "authorization/variableAtManagementGroup.ts", @@ -23372,14 +23382,18 @@ "types/enums/authorization/v20200301preview/index.ts", "types/enums/authorization/v20200401preview/index.ts", "types/enums/authorization/v20200501/index.ts", + "types/enums/authorization/v20201001/index.ts", + "types/enums/authorization/v20201001preview/index.ts", "types/enums/authorization/v20210601/index.ts", "types/enums/authorization/v20211201preview/index.ts", "types/enums/authorization/v20220401/index.ts", "types/enums/authorization/v20220601/index.ts", "types/enums/authorization/v20220701preview/index.ts", "types/enums/authorization/v20230401/index.ts", + "types/enums/authorization/v20240201preview/index.ts", "types/enums/authorization/v20240401/index.ts", "types/enums/authorization/v20240501/index.ts", + "types/enums/authorization/v20240901preview/index.ts", "types/enums/automanage/index.ts", "types/enums/automanage/v20200630preview/index.ts", "types/enums/automation/index.ts", diff --git a/sdk/nodejs/types/enums/authorization/index.ts b/sdk/nodejs/types/enums/authorization/index.ts index a38b8db99aed..130b6e2b34e6 100644 --- a/sdk/nodejs/types/enums/authorization/index.ts +++ b/sdk/nodejs/types/enums/authorization/index.ts @@ -8,14 +8,18 @@ import * as v20200301 from "./v20200301"; import * as v20200301preview from "./v20200301preview"; import * as v20200401preview from "./v20200401preview"; import * as v20200501 from "./v20200501"; +import * as v20201001 from "./v20201001"; +import * as v20201001preview from "./v20201001preview"; import * as v20210601 from "./v20210601"; import * as v20211201preview from "./v20211201preview"; import * as v20220401 from "./v20220401"; import * as v20220601 from "./v20220601"; import * as v20220701preview from "./v20220701preview"; import * as v20230401 from "./v20230401"; +import * as v20240201preview from "./v20240201preview"; import * as v20240401 from "./v20240401"; import * as v20240501 from "./v20240501"; +import * as v20240901preview from "./v20240901preview"; export { v20180501, @@ -24,14 +28,18 @@ export { v20200301preview, v20200401preview, v20200501, + v20201001, + v20201001preview, v20210601, v20211201preview, v20220401, v20220601, v20220701preview, v20230401, + v20240201preview, v20240401, v20240501, + v20240901preview, }; export const AccessReviewRecurrencePatternType = { @@ -68,6 +76,18 @@ export const AccessReviewResult = { */ export type AccessReviewResult = (typeof AccessReviewResult)[keyof typeof AccessReviewResult]; +export const ApprovalMode = { + SingleStage: "SingleStage", + Serial: "Serial", + Parallel: "Parallel", + NoApproval: "NoApproval", +} as const; + +/** + * The type of rule + */ +export type ApprovalMode = (typeof ApprovalMode)[keyof typeof ApprovalMode]; + export const AssignmentScopeValidation = { /** * This option will validate the exemption is at or under the assignment scope. @@ -95,6 +115,17 @@ export const DefaultDecisionType = { */ export type DefaultDecisionType = (typeof DefaultDecisionType)[keyof typeof DefaultDecisionType]; +export const EnablementRules = { + MultiFactorAuthentication: "MultiFactorAuthentication", + Justification: "Justification", + Ticketing: "Ticketing", +} as const; + +/** + * The type of enablement rule + */ +export type EnablementRules = (typeof EnablementRules)[keyof typeof EnablementRules]; + export const EnforcementMode = { /** * The policy effect is enforced during resource creation or update. @@ -111,6 +142,13 @@ export const EnforcementMode = { */ export type EnforcementMode = (typeof EnforcementMode)[keyof typeof EnforcementMode]; +export const ExcludedPrincipalTypes = { + ServicePrincipalsAsTarget: "ServicePrincipalsAsTarget", + ServicePrincipalsAsRequestor: "ServicePrincipalsAsRequestor", +} as const; + +export type ExcludedPrincipalTypes = (typeof ExcludedPrincipalTypes)[keyof typeof ExcludedPrincipalTypes]; + export const ExemptionCategory = { /** * This category of exemptions usually means the scope is not applicable for the policy. @@ -138,6 +176,26 @@ export const LockLevel = { */ export type LockLevel = (typeof LockLevel)[keyof typeof LockLevel]; +export const NotificationDeliveryMechanism = { + Email: "Email", +} as const; + +/** + * The type of notification. + */ +export type NotificationDeliveryMechanism = (typeof NotificationDeliveryMechanism)[keyof typeof NotificationDeliveryMechanism]; + +export const NotificationLevel = { + None: "None", + Critical: "Critical", + All: "All", +} as const; + +/** + * The notification level. + */ +export type NotificationLevel = (typeof NotificationLevel)[keyof typeof NotificationLevel]; + export const OverrideKind = { /** * It will override the policy effect type. @@ -150,6 +208,17 @@ export const OverrideKind = { */ export type OverrideKind = (typeof OverrideKind)[keyof typeof OverrideKind]; +export const PIMOnlyMode = { + Disabled: "Disabled", + Enabled: "Enabled", + ReportOnly: "ReportOnly", +} as const; + +/** + * Determines whether the setting is enabled, disabled or report only. + */ +export type PIMOnlyMode = (typeof PIMOnlyMode)[keyof typeof PIMOnlyMode]; + export const ParameterType = { String: "String", Array: "Array", @@ -197,6 +266,17 @@ export const PublicNetworkAccessOptions = { export type PublicNetworkAccessOptions = (typeof PublicNetworkAccessOptions)[keyof typeof PublicNetworkAccessOptions]; +export const RecipientType = { + Requestor: "Requestor", + Approver: "Approver", + Admin: "Admin", +} as const; + +/** + * The recipient type. + */ +export type RecipientType = (typeof RecipientType)[keyof typeof RecipientType]; + export const ResourceIdentityType = { /** * Indicates that a system assigned identity is associated with the resource. @@ -217,6 +297,20 @@ export const ResourceIdentityType = { */ export type ResourceIdentityType = (typeof ResourceIdentityType)[keyof typeof ResourceIdentityType]; +export const RoleManagementPolicyRuleType = { + RoleManagementPolicyApprovalRule: "RoleManagementPolicyApprovalRule", + RoleManagementPolicyAuthenticationContextRule: "RoleManagementPolicyAuthenticationContextRule", + RoleManagementPolicyEnablementRule: "RoleManagementPolicyEnablementRule", + RoleManagementPolicyExpirationRule: "RoleManagementPolicyExpirationRule", + RoleManagementPolicyNotificationRule: "RoleManagementPolicyNotificationRule", + RoleManagementPolicyPimOnlyModeRule: "RoleManagementPolicyPimOnlyModeRule", +} as const; + +/** + * The type of rule + */ +export type RoleManagementPolicyRuleType = (typeof RoleManagementPolicyRuleType)[keyof typeof RoleManagementPolicyRuleType]; + export const SelectorKind = { /** * The selector kind to filter policies by the resource location. @@ -240,3 +334,14 @@ export const SelectorKind = { * The selector kind. */ export type SelectorKind = (typeof SelectorKind)[keyof typeof SelectorKind]; + +export const UserType = { + User: "User", + Group: "Group", + ServicePrincipal: "ServicePrincipal", +} as const; + +/** + * The type of user. + */ +export type UserType = (typeof UserType)[keyof typeof UserType]; diff --git a/sdk/nodejs/types/enums/authorization/v20201001/index.ts b/sdk/nodejs/types/enums/authorization/v20201001/index.ts new file mode 100644 index 000000000000..486d206566c5 --- /dev/null +++ b/sdk/nodejs/types/enums/authorization/v20201001/index.ts @@ -0,0 +1,80 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + + +export const ApprovalMode = { + SingleStage: "SingleStage", + Serial: "Serial", + Parallel: "Parallel", + NoApproval: "NoApproval", +} as const; + +/** + * The type of rule + */ +export type ApprovalMode = (typeof ApprovalMode)[keyof typeof ApprovalMode]; + +export const EnablementRules = { + MultiFactorAuthentication: "MultiFactorAuthentication", + Justification: "Justification", + Ticketing: "Ticketing", +} as const; + +/** + * The type of enablement rule + */ +export type EnablementRules = (typeof EnablementRules)[keyof typeof EnablementRules]; + +export const NotificationDeliveryMechanism = { + Email: "Email", +} as const; + +/** + * The type of notification. + */ +export type NotificationDeliveryMechanism = (typeof NotificationDeliveryMechanism)[keyof typeof NotificationDeliveryMechanism]; + +export const NotificationLevel = { + None: "None", + Critical: "Critical", + All: "All", +} as const; + +/** + * The notification level. + */ +export type NotificationLevel = (typeof NotificationLevel)[keyof typeof NotificationLevel]; + +export const RecipientType = { + Requestor: "Requestor", + Approver: "Approver", + Admin: "Admin", +} as const; + +/** + * The recipient type. + */ +export type RecipientType = (typeof RecipientType)[keyof typeof RecipientType]; + +export const RoleManagementPolicyRuleType = { + RoleManagementPolicyApprovalRule: "RoleManagementPolicyApprovalRule", + RoleManagementPolicyAuthenticationContextRule: "RoleManagementPolicyAuthenticationContextRule", + RoleManagementPolicyEnablementRule: "RoleManagementPolicyEnablementRule", + RoleManagementPolicyExpirationRule: "RoleManagementPolicyExpirationRule", + RoleManagementPolicyNotificationRule: "RoleManagementPolicyNotificationRule", +} as const; + +/** + * The type of rule + */ +export type RoleManagementPolicyRuleType = (typeof RoleManagementPolicyRuleType)[keyof typeof RoleManagementPolicyRuleType]; + +export const UserType = { + User: "User", + Group: "Group", +} as const; + +/** + * The type of user. + */ +export type UserType = (typeof UserType)[keyof typeof UserType]; diff --git a/sdk/nodejs/types/enums/authorization/v20201001preview/index.ts b/sdk/nodejs/types/enums/authorization/v20201001preview/index.ts new file mode 100644 index 000000000000..486d206566c5 --- /dev/null +++ b/sdk/nodejs/types/enums/authorization/v20201001preview/index.ts @@ -0,0 +1,80 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + + +export const ApprovalMode = { + SingleStage: "SingleStage", + Serial: "Serial", + Parallel: "Parallel", + NoApproval: "NoApproval", +} as const; + +/** + * The type of rule + */ +export type ApprovalMode = (typeof ApprovalMode)[keyof typeof ApprovalMode]; + +export const EnablementRules = { + MultiFactorAuthentication: "MultiFactorAuthentication", + Justification: "Justification", + Ticketing: "Ticketing", +} as const; + +/** + * The type of enablement rule + */ +export type EnablementRules = (typeof EnablementRules)[keyof typeof EnablementRules]; + +export const NotificationDeliveryMechanism = { + Email: "Email", +} as const; + +/** + * The type of notification. + */ +export type NotificationDeliveryMechanism = (typeof NotificationDeliveryMechanism)[keyof typeof NotificationDeliveryMechanism]; + +export const NotificationLevel = { + None: "None", + Critical: "Critical", + All: "All", +} as const; + +/** + * The notification level. + */ +export type NotificationLevel = (typeof NotificationLevel)[keyof typeof NotificationLevel]; + +export const RecipientType = { + Requestor: "Requestor", + Approver: "Approver", + Admin: "Admin", +} as const; + +/** + * The recipient type. + */ +export type RecipientType = (typeof RecipientType)[keyof typeof RecipientType]; + +export const RoleManagementPolicyRuleType = { + RoleManagementPolicyApprovalRule: "RoleManagementPolicyApprovalRule", + RoleManagementPolicyAuthenticationContextRule: "RoleManagementPolicyAuthenticationContextRule", + RoleManagementPolicyEnablementRule: "RoleManagementPolicyEnablementRule", + RoleManagementPolicyExpirationRule: "RoleManagementPolicyExpirationRule", + RoleManagementPolicyNotificationRule: "RoleManagementPolicyNotificationRule", +} as const; + +/** + * The type of rule + */ +export type RoleManagementPolicyRuleType = (typeof RoleManagementPolicyRuleType)[keyof typeof RoleManagementPolicyRuleType]; + +export const UserType = { + User: "User", + Group: "Group", +} as const; + +/** + * The type of user. + */ +export type UserType = (typeof UserType)[keyof typeof UserType]; diff --git a/sdk/nodejs/types/enums/authorization/v20240201preview/index.ts b/sdk/nodejs/types/enums/authorization/v20240201preview/index.ts new file mode 100644 index 000000000000..cf6e0f18f0ce --- /dev/null +++ b/sdk/nodejs/types/enums/authorization/v20240201preview/index.ts @@ -0,0 +1,100 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + + +export const ApprovalMode = { + SingleStage: "SingleStage", + Serial: "Serial", + Parallel: "Parallel", + NoApproval: "NoApproval", +} as const; + +/** + * The type of rule + */ +export type ApprovalMode = (typeof ApprovalMode)[keyof typeof ApprovalMode]; + +export const EnablementRules = { + MultiFactorAuthentication: "MultiFactorAuthentication", + Justification: "Justification", + Ticketing: "Ticketing", +} as const; + +/** + * The type of enablement rule + */ +export type EnablementRules = (typeof EnablementRules)[keyof typeof EnablementRules]; + +export const ExcludedPrincipalTypes = { + ServicePrincipalsAsTarget: "ServicePrincipalsAsTarget", + ServicePrincipalsAsRequestor: "ServicePrincipalsAsRequestor", +} as const; + +export type ExcludedPrincipalTypes = (typeof ExcludedPrincipalTypes)[keyof typeof ExcludedPrincipalTypes]; + +export const NotificationDeliveryMechanism = { + Email: "Email", +} as const; + +/** + * The type of notification. + */ +export type NotificationDeliveryMechanism = (typeof NotificationDeliveryMechanism)[keyof typeof NotificationDeliveryMechanism]; + +export const NotificationLevel = { + None: "None", + Critical: "Critical", + All: "All", +} as const; + +/** + * The notification level. + */ +export type NotificationLevel = (typeof NotificationLevel)[keyof typeof NotificationLevel]; + +export const PIMOnlyMode = { + Disabled: "Disabled", + Enabled: "Enabled", + ReportOnly: "ReportOnly", +} as const; + +/** + * Determines whether the setting is enabled, disabled or report only. + */ +export type PIMOnlyMode = (typeof PIMOnlyMode)[keyof typeof PIMOnlyMode]; + +export const RecipientType = { + Requestor: "Requestor", + Approver: "Approver", + Admin: "Admin", +} as const; + +/** + * The recipient type. + */ +export type RecipientType = (typeof RecipientType)[keyof typeof RecipientType]; + +export const RoleManagementPolicyRuleType = { + RoleManagementPolicyApprovalRule: "RoleManagementPolicyApprovalRule", + RoleManagementPolicyAuthenticationContextRule: "RoleManagementPolicyAuthenticationContextRule", + RoleManagementPolicyEnablementRule: "RoleManagementPolicyEnablementRule", + RoleManagementPolicyExpirationRule: "RoleManagementPolicyExpirationRule", + RoleManagementPolicyNotificationRule: "RoleManagementPolicyNotificationRule", + RoleManagementPolicyPimOnlyModeRule: "RoleManagementPolicyPimOnlyModeRule", +} as const; + +/** + * The type of rule + */ +export type RoleManagementPolicyRuleType = (typeof RoleManagementPolicyRuleType)[keyof typeof RoleManagementPolicyRuleType]; + +export const UserType = { + User: "User", + Group: "Group", + ServicePrincipal: "ServicePrincipal", +} as const; + +/** + * The type of user. + */ +export type UserType = (typeof UserType)[keyof typeof UserType]; diff --git a/sdk/nodejs/types/enums/authorization/v20240901preview/index.ts b/sdk/nodejs/types/enums/authorization/v20240901preview/index.ts new file mode 100644 index 000000000000..cf6e0f18f0ce --- /dev/null +++ b/sdk/nodejs/types/enums/authorization/v20240901preview/index.ts @@ -0,0 +1,100 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + + +export const ApprovalMode = { + SingleStage: "SingleStage", + Serial: "Serial", + Parallel: "Parallel", + NoApproval: "NoApproval", +} as const; + +/** + * The type of rule + */ +export type ApprovalMode = (typeof ApprovalMode)[keyof typeof ApprovalMode]; + +export const EnablementRules = { + MultiFactorAuthentication: "MultiFactorAuthentication", + Justification: "Justification", + Ticketing: "Ticketing", +} as const; + +/** + * The type of enablement rule + */ +export type EnablementRules = (typeof EnablementRules)[keyof typeof EnablementRules]; + +export const ExcludedPrincipalTypes = { + ServicePrincipalsAsTarget: "ServicePrincipalsAsTarget", + ServicePrincipalsAsRequestor: "ServicePrincipalsAsRequestor", +} as const; + +export type ExcludedPrincipalTypes = (typeof ExcludedPrincipalTypes)[keyof typeof ExcludedPrincipalTypes]; + +export const NotificationDeliveryMechanism = { + Email: "Email", +} as const; + +/** + * The type of notification. + */ +export type NotificationDeliveryMechanism = (typeof NotificationDeliveryMechanism)[keyof typeof NotificationDeliveryMechanism]; + +export const NotificationLevel = { + None: "None", + Critical: "Critical", + All: "All", +} as const; + +/** + * The notification level. + */ +export type NotificationLevel = (typeof NotificationLevel)[keyof typeof NotificationLevel]; + +export const PIMOnlyMode = { + Disabled: "Disabled", + Enabled: "Enabled", + ReportOnly: "ReportOnly", +} as const; + +/** + * Determines whether the setting is enabled, disabled or report only. + */ +export type PIMOnlyMode = (typeof PIMOnlyMode)[keyof typeof PIMOnlyMode]; + +export const RecipientType = { + Requestor: "Requestor", + Approver: "Approver", + Admin: "Admin", +} as const; + +/** + * The recipient type. + */ +export type RecipientType = (typeof RecipientType)[keyof typeof RecipientType]; + +export const RoleManagementPolicyRuleType = { + RoleManagementPolicyApprovalRule: "RoleManagementPolicyApprovalRule", + RoleManagementPolicyAuthenticationContextRule: "RoleManagementPolicyAuthenticationContextRule", + RoleManagementPolicyEnablementRule: "RoleManagementPolicyEnablementRule", + RoleManagementPolicyExpirationRule: "RoleManagementPolicyExpirationRule", + RoleManagementPolicyNotificationRule: "RoleManagementPolicyNotificationRule", + RoleManagementPolicyPimOnlyModeRule: "RoleManagementPolicyPimOnlyModeRule", +} as const; + +/** + * The type of rule + */ +export type RoleManagementPolicyRuleType = (typeof RoleManagementPolicyRuleType)[keyof typeof RoleManagementPolicyRuleType]; + +export const UserType = { + User: "User", + Group: "Group", + ServicePrincipal: "ServicePrincipal", +} as const; + +/** + * The type of user. + */ +export type UserType = (typeof UserType)[keyof typeof UserType]; diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts index ffe701a6807c..463aa17a2629 100644 --- a/sdk/nodejs/types/input.ts +++ b/sdk/nodejs/types/input.ts @@ -53757,6 +53757,62 @@ export namespace authorization { includeInheritedAccess?: pulumi.Input; } + /** + * The approval settings. + */ + export interface ApprovalSettingsArgs { + /** + * The type of rule + */ + approvalMode?: pulumi.Input; + /** + * The approval stages of the request. + */ + approvalStages?: pulumi.Input[]>; + /** + * Determines whether approval is required or not. + */ + isApprovalRequired?: pulumi.Input; + /** + * Determines whether approval is required for assignment extension. + */ + isApprovalRequiredForExtension?: pulumi.Input; + /** + * Determine whether requestor justification is required. + */ + isRequestorJustificationRequired?: pulumi.Input; + } + + /** + * The approval stage. + */ + export interface ApprovalStageArgs { + /** + * The time in days when approval request would be timed out + */ + approvalStageTimeOutInDays?: pulumi.Input; + /** + * The escalation approver of the request. + */ + escalationApprovers?: pulumi.Input[]>; + /** + * The time in minutes when the approval request would be escalated if the primary approver does not approve + */ + escalationTimeInMinutes?: pulumi.Input; + /** + * Determines whether approver need to provide justification for his decision. + */ + isApproverJustificationRequired?: pulumi.Input; + /** + * The value determine whether escalation feature is enabled. + */ + isEscalationEnabled?: pulumi.Input; + /** + * The primary approver of the request. + */ + primaryApprovers?: pulumi.Input[]>; + } + /** * Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity. */ @@ -53813,6 +53869,24 @@ export namespace authorization { value?: pulumi.Input; } + /** + * The PIM Only Mode settings. + */ + export interface PIMOnlyModeSettingsArgs { + /** + * The list of excluded assignment types allowed. + */ + excludedAssignmentTypes?: pulumi.Input[]>; + /** + * The list of excluded entities that the rule does not apply to. + */ + excludes?: pulumi.Input[]>; + /** + * Determines whether the setting is enabled, disabled or report only. + */ + mode?: pulumi.Input; + } + /** * The definition of a parameter that can be provided to the policy. */ @@ -53991,6 +54065,202 @@ export namespace authorization { selectors?: pulumi.Input[]>; } + /** + * The role management policy approval rule. + */ + export interface RoleManagementPolicyApprovalRuleArgs { + /** + * The id of the rule. + */ + id?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyApprovalRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyApprovalRule">; + /** + * The approval setting + */ + setting?: pulumi.Input; + /** + * The target of the current rule. + */ + target?: pulumi.Input; + } + + /** + * The role management policy authentication context rule. + */ + export interface RoleManagementPolicyAuthenticationContextRuleArgs { + /** + * The claim value. + */ + claimValue?: pulumi.Input; + /** + * The id of the rule. + */ + id?: pulumi.Input; + /** + * The value indicating if rule is enabled. + */ + isEnabled?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyAuthenticationContextRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; + } + + /** + * The role management policy enablement rule. + */ + export interface RoleManagementPolicyEnablementRuleArgs { + /** + * The list of enabled rules. + */ + enabledRules?: pulumi.Input[]>; + /** + * The id of the rule. + */ + id?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyEnablementRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyEnablementRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; + } + + /** + * The role management policy expiration rule. + */ + export interface RoleManagementPolicyExpirationRuleArgs { + /** + * The members not restricted by expiration rule. + */ + exceptionMembers?: pulumi.Input[]>; + /** + * The id of the rule. + */ + id?: pulumi.Input; + /** + * The value indicating whether expiration is required. + */ + isExpirationRequired?: pulumi.Input; + /** + * The maximum duration of expiration in timespan. + */ + maximumDuration?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyExpirationRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyExpirationRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; + } + + /** + * The role management policy notification rule. + */ + export interface RoleManagementPolicyNotificationRuleArgs { + /** + * The id of the rule. + */ + id?: pulumi.Input; + /** + * Determines if the notification will be sent to the recipient type specified in the policy rule. + */ + isDefaultRecipientsEnabled?: pulumi.Input; + /** + * The notification level. + */ + notificationLevel?: pulumi.Input; + /** + * The list of notification recipients. + */ + notificationRecipients?: pulumi.Input[]>; + /** + * The type of notification. + */ + notificationType?: pulumi.Input; + /** + * The recipient type. + */ + recipientType?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyNotificationRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyNotificationRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; + } + + /** + * The role management policy PIM only mode rule. + */ + export interface RoleManagementPolicyPimOnlyModeRuleArgs { + /** + * The id of the rule. + */ + id?: pulumi.Input; + /** + * The PIM Only Mode settings + */ + pimOnlyModeSettings?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyPimOnlyModeRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; + } + + /** + * The role management policy rule target. + */ + export interface RoleManagementPolicyRuleTargetArgs { + /** + * The caller of the setting. + */ + caller?: pulumi.Input; + /** + * The list of enforced settings. + */ + enforcedSettings?: pulumi.Input[]>; + /** + * The list of inheritable settings. + */ + inheritableSettings?: pulumi.Input[]>; + /** + * The assignment level to which rule is applied. + */ + level?: pulumi.Input; + /** + * The type of operation. + */ + operations?: pulumi.Input[]>; + /** + * The list of target objects. + */ + targetObjects?: pulumi.Input[]>; + } + /** * The selector expression. */ @@ -54009,6 +54279,46 @@ export namespace authorization { notIn?: pulumi.Input[]>; } + /** + * The detail of a user. + */ + export interface UserSetArgs { + /** + * The description of the user. + */ + description?: pulumi.Input; + /** + * The object id of the user. + */ + id?: pulumi.Input; + /** + * The value indicating whether the user is a backup fallback approver + */ + isBackup?: pulumi.Input; + /** + * The type of user. + */ + userType?: pulumi.Input; + } + + /** + * The detail of a subject. + */ + export interface UsersOrServicePrincipalSetArgs { + /** + * The display Name of the entity. + */ + displayName?: pulumi.Input; + /** + * The object id of the entity. + */ + id?: pulumi.Input; + /** + * The type of user. + */ + type?: pulumi.Input; + } + export namespace v20190601 { /** * Identity for the resource. @@ -54109,328 +54419,1440 @@ export namespace authorization { } export namespace v20201001 { - } - - export namespace v20201001preview { - } - - export namespace v20210601 { /** - * The definition of a parameter that can be provided to the policy. + * The approval settings. */ - export interface ParameterDefinitionsValueArgs { + export interface ApprovalSettingsArgs { /** - * The allowed values for the parameter. + * The type of rule */ - allowedValues?: pulumi.Input; + approvalMode?: pulumi.Input; /** - * The default value for the parameter if no value is provided. + * The approval stages of the request. */ - defaultValue?: any; + approvalStages?: pulumi.Input[]>; /** - * General metadata for the parameter. + * Determines whether approval is required or not. */ - metadata?: pulumi.Input; + isApprovalRequired?: pulumi.Input; /** - * The data type of the parameter. + * Determines whether approval is required for assignment extension. */ - type?: pulumi.Input; + isApprovalRequiredForExtension?: pulumi.Input; + /** + * Determine whether requestor justification is required. + */ + isRequestorJustificationRequired?: pulumi.Input; } /** - * General metadata for the parameter. + * The approval stage. */ - export interface ParameterDefinitionsValueMetadataArgs { + export interface ApprovalStageArgs { /** - * Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope. + * The time in days when approval request would be timed out */ - assignPermissions?: pulumi.Input; + approvalStageTimeOutInDays?: pulumi.Input; /** - * The description of the parameter. + * The escalation approver of the request. */ - description?: pulumi.Input; + escalationApprovers?: pulumi.Input[]>; /** - * The display name for the parameter. + * The time in minutes when the approval request would be escalated if the primary approver does not approve */ - displayName?: pulumi.Input; + escalationTimeInMinutes?: pulumi.Input; /** - * Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from. + * Determines whether approver need to provide justification for his decision. */ - strongType?: pulumi.Input; + isApproverJustificationRequired?: pulumi.Input; + /** + * The value determine whether escalation feature is enabled. + */ + isEscalationEnabled?: pulumi.Input; + /** + * The primary approver of the request. + */ + primaryApprovers?: pulumi.Input[]>; } /** - * The value of a parameter. + * The role management policy approval rule. */ - export interface ParameterValuesValueArgs { + export interface RoleManagementPolicyApprovalRuleArgs { /** - * The value of the parameter. + * The id of the rule. */ - value?: any; + id?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyApprovalRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyApprovalRule">; + /** + * The approval setting + */ + setting?: pulumi.Input; + /** + * The target of the current rule. + */ + target?: pulumi.Input; } /** - * The policy definition group. + * The role management policy authentication context rule. */ - export interface PolicyDefinitionGroupArgs { + export interface RoleManagementPolicyAuthenticationContextRuleArgs { /** - * A resource ID of a resource that contains additional metadata about the group. + * The claim value. */ - additionalMetadataId?: pulumi.Input; + claimValue?: pulumi.Input; /** - * The group's category. + * The id of the rule. */ - category?: pulumi.Input; + id?: pulumi.Input; /** - * The group's description. + * The value indicating if rule is enabled. */ - description?: pulumi.Input; + isEnabled?: pulumi.Input; /** - * The group's display name. + * The type of rule + * Expected value is 'RoleManagementPolicyAuthenticationContextRule'. */ - displayName?: pulumi.Input; + ruleType: pulumi.Input<"RoleManagementPolicyAuthenticationContextRule">; /** - * The name of the group. + * The target of the current rule. */ - name: pulumi.Input; + target?: pulumi.Input; } /** - * The policy definition reference. + * The role management policy enablement rule. */ - export interface PolicyDefinitionReferenceArgs { + export interface RoleManagementPolicyEnablementRuleArgs { /** - * The name of the groups that this policy definition reference belongs to. + * The list of enabled rules. */ - groupNames?: pulumi.Input[]>; + enabledRules?: pulumi.Input[]>; /** - * The parameter values for the referenced policy rule. The keys are the parameter names. + * The id of the rule. */ - parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; + id?: pulumi.Input; /** - * The ID of the policy definition or policy set definition. + * The type of rule + * Expected value is 'RoleManagementPolicyEnablementRule'. */ - policyDefinitionId: pulumi.Input; + ruleType: pulumi.Input<"RoleManagementPolicyEnablementRule">; /** - * A unique id (within the policy set definition) for this policy definition reference. + * The target of the current rule. */ - policyDefinitionReferenceId?: pulumi.Input; + target?: pulumi.Input; } - } - - export namespace v20211201preview { /** - * Access Review History Definition Instance. + * The role management policy expiration rule. */ - export interface AccessReviewHistoryInstanceArgs { + export interface RoleManagementPolicyExpirationRuleArgs { /** - * The display name for the parent history definition. + * The id of the rule. */ - displayName?: pulumi.Input; + id?: pulumi.Input; /** - * Date time when history data report expires and the associated data is deleted. + * The value indicating whether expiration is required. + */ + isExpirationRequired?: pulumi.Input; + /** + * The maximum duration of expiration in timespan. + */ + maximumDuration?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyExpirationRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyExpirationRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; + } + + /** + * The role management policy notification rule. + */ + export interface RoleManagementPolicyNotificationRuleArgs { + /** + * The id of the rule. + */ + id?: pulumi.Input; + /** + * Determines if the notification will be sent to the recipient type specified in the policy rule. + */ + isDefaultRecipientsEnabled?: pulumi.Input; + /** + * The notification level. + */ + notificationLevel?: pulumi.Input; + /** + * The list of notification recipients. + */ + notificationRecipients?: pulumi.Input[]>; + /** + * The type of notification. + */ + notificationType?: pulumi.Input; + /** + * The recipient type. + */ + recipientType?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyNotificationRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyNotificationRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; + } + + /** + * The role management policy rule target. + */ + export interface RoleManagementPolicyRuleTargetArgs { + /** + * The caller of the setting. + */ + caller?: pulumi.Input; + /** + * The list of enforced settings. + */ + enforcedSettings?: pulumi.Input[]>; + /** + * The list of inheritable settings. + */ + inheritableSettings?: pulumi.Input[]>; + /** + * The assignment level to which rule is applied. + */ + level?: pulumi.Input; + /** + * The type of operation. + */ + operations?: pulumi.Input[]>; + /** + * The list of target objects. + */ + targetObjects?: pulumi.Input[]>; + } + + /** + * The detail of a user. + */ + export interface UserSetArgs { + /** + * The description of the user. + */ + description?: pulumi.Input; + /** + * The object id of the user. + */ + id?: pulumi.Input; + /** + * The value indicating whether the user is a backup fallback approver + */ + isBackup?: pulumi.Input; + /** + * The type of user. + */ + userType?: pulumi.Input; + } + + } + + export namespace v20201001preview { + /** + * The approval settings. + */ + export interface ApprovalSettingsArgs { + /** + * The type of rule + */ + approvalMode?: pulumi.Input; + /** + * The approval stages of the request. + */ + approvalStages?: pulumi.Input[]>; + /** + * Determines whether approval is required or not. + */ + isApprovalRequired?: pulumi.Input; + /** + * Determines whether approval is required for assignment extension. + */ + isApprovalRequiredForExtension?: pulumi.Input; + /** + * Determine whether requestor justification is required. + */ + isRequestorJustificationRequired?: pulumi.Input; + } + + /** + * The approval stage. + */ + export interface ApprovalStageArgs { + /** + * The time in days when approval request would be timed out + */ + approvalStageTimeOutInDays?: pulumi.Input; + /** + * The escalation approver of the request. + */ + escalationApprovers?: pulumi.Input[]>; + /** + * The time in minutes when the approval request would be escalated if the primary approver does not approve + */ + escalationTimeInMinutes?: pulumi.Input; + /** + * Determines whether approver need to provide justification for his decision. + */ + isApproverJustificationRequired?: pulumi.Input; + /** + * The value determine whether escalation feature is enabled. + */ + isEscalationEnabled?: pulumi.Input; + /** + * The primary approver of the request. + */ + primaryApprovers?: pulumi.Input[]>; + } + + /** + * The role management policy approval rule. + */ + export interface RoleManagementPolicyApprovalRuleArgs { + /** + * The id of the rule. + */ + id?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyApprovalRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyApprovalRule">; + /** + * The approval setting + */ + setting?: pulumi.Input; + /** + * The target of the current rule. + */ + target?: pulumi.Input; + } + + /** + * The role management policy authentication context rule. + */ + export interface RoleManagementPolicyAuthenticationContextRuleArgs { + /** + * The claim value. + */ + claimValue?: pulumi.Input; + /** + * The id of the rule. + */ + id?: pulumi.Input; + /** + * The value indicating if rule is enabled. + */ + isEnabled?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyAuthenticationContextRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; + } + + /** + * The role management policy rule. + */ + export interface RoleManagementPolicyEnablementRuleArgs { + /** + * The list of enabled rules. + */ + enabledRules?: pulumi.Input[]>; + /** + * The id of the rule. + */ + id?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyEnablementRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyEnablementRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; + } + + /** + * The role management policy expiration rule. + */ + export interface RoleManagementPolicyExpirationRuleArgs { + /** + * The id of the rule. + */ + id?: pulumi.Input; + /** + * The value indicating whether expiration is required. + */ + isExpirationRequired?: pulumi.Input; + /** + * The maximum duration of expiration in timespan. + */ + maximumDuration?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyExpirationRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyExpirationRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; + } + + /** + * The role management policy notification rule. + */ + export interface RoleManagementPolicyNotificationRuleArgs { + /** + * The id of the rule. + */ + id?: pulumi.Input; + /** + * Determines if the notification will be sent to the recipient type specified in the policy rule. + */ + isDefaultRecipientsEnabled?: pulumi.Input; + /** + * The notification level. + */ + notificationLevel?: pulumi.Input; + /** + * The list of notification recipients. + */ + notificationRecipients?: pulumi.Input[]>; + /** + * The type of notification. + */ + notificationType?: pulumi.Input; + /** + * The recipient type. + */ + recipientType?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyNotificationRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyNotificationRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; + } + + /** + * The role management policy rule target. + */ + export interface RoleManagementPolicyRuleTargetArgs { + /** + * The caller of the setting. + */ + caller?: pulumi.Input; + /** + * The list of enforced settings. + */ + enforcedSettings?: pulumi.Input[]>; + /** + * The list of inheritable settings. + */ + inheritableSettings?: pulumi.Input[]>; + /** + * The assignment level to which rule is applied. + */ + level?: pulumi.Input; + /** + * The type of operation. + */ + operations?: pulumi.Input[]>; + /** + * The list of target objects. + */ + targetObjects?: pulumi.Input[]>; + } + + /** + * The detail of a user. + */ + export interface UserSetArgs { + /** + * The description of the user. + */ + description?: pulumi.Input; + /** + * The object id of the user. + */ + id?: pulumi.Input; + /** + * The value indicating whether the user is a backup fallback approver + */ + isBackup?: pulumi.Input; + /** + * The type of user. + */ + userType?: pulumi.Input; + } + + } + + export namespace v20210601 { + /** + * The definition of a parameter that can be provided to the policy. + */ + export interface ParameterDefinitionsValueArgs { + /** + * The allowed values for the parameter. + */ + allowedValues?: pulumi.Input; + /** + * The default value for the parameter if no value is provided. + */ + defaultValue?: any; + /** + * General metadata for the parameter. + */ + metadata?: pulumi.Input; + /** + * The data type of the parameter. + */ + type?: pulumi.Input; + } + + /** + * General metadata for the parameter. + */ + export interface ParameterDefinitionsValueMetadataArgs { + /** + * Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope. + */ + assignPermissions?: pulumi.Input; + /** + * The description of the parameter. + */ + description?: pulumi.Input; + /** + * The display name for the parameter. + */ + displayName?: pulumi.Input; + /** + * Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from. + */ + strongType?: pulumi.Input; + } + + /** + * The value of a parameter. + */ + export interface ParameterValuesValueArgs { + /** + * The value of the parameter. + */ + value?: any; + } + + /** + * The policy definition group. + */ + export interface PolicyDefinitionGroupArgs { + /** + * A resource ID of a resource that contains additional metadata about the group. + */ + additionalMetadataId?: pulumi.Input; + /** + * The group's category. + */ + category?: pulumi.Input; + /** + * The group's description. + */ + description?: pulumi.Input; + /** + * The group's display name. + */ + displayName?: pulumi.Input; + /** + * The name of the group. + */ + name: pulumi.Input; + } + + /** + * The policy definition reference. + */ + export interface PolicyDefinitionReferenceArgs { + /** + * The name of the groups that this policy definition reference belongs to. + */ + groupNames?: pulumi.Input[]>; + /** + * The parameter values for the referenced policy rule. The keys are the parameter names. + */ + parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * The ID of the policy definition or policy set definition. + */ + policyDefinitionId: pulumi.Input; + /** + * A unique id (within the policy set definition) for this policy definition reference. + */ + policyDefinitionReferenceId?: pulumi.Input; + } + + } + + export namespace v20211201preview { + /** + * Access Review History Definition Instance. + */ + export interface AccessReviewHistoryInstanceArgs { + /** + * The display name for the parent history definition. + */ + displayName?: pulumi.Input; + /** + * Date time when history data report expires and the associated data is deleted. */ expiration?: pulumi.Input; /** - * Date time when the history data report is scheduled to be generated. + * Date time when the history data report is scheduled to be generated. + */ + fulfilledDateTime?: pulumi.Input; + /** + * Date time used when selecting review data, all reviews included in data end on or before this date. For use only with one-time/non-recurring reports. + */ + reviewHistoryPeriodEndDateTime?: pulumi.Input; + /** + * Date time used when selecting review data, all reviews included in data start on or after this date. For use only with one-time/non-recurring reports. + */ + reviewHistoryPeriodStartDateTime?: pulumi.Input; + /** + * Date time when the history data report is scheduled to be generated. + */ + runDateTime?: pulumi.Input; + } + + /** + * Access Review Instance. + */ + export interface AccessReviewInstanceArgs { + /** + * This is the collection of backup reviewers. + */ + backupReviewers?: pulumi.Input[]>; + /** + * The DateTime when the review instance is scheduled to end. + */ + endDateTime?: pulumi.Input; + /** + * This is the collection of reviewers. + */ + reviewers?: pulumi.Input[]>; + /** + * The DateTime when the review instance is scheduled to be start. + */ + startDateTime?: pulumi.Input; + } + + /** + * Descriptor for what needs to be reviewed + */ + export interface AccessReviewReviewerArgs { + /** + * The id of the reviewer(user/servicePrincipal) + */ + principalId?: pulumi.Input; + } + + /** + * Descriptor for what needs to be reviewed + */ + export interface AccessReviewScopeArgs { + /** + * This is used to indicate the resource id(s) to exclude + */ + excludeResourceId?: pulumi.Input; + /** + * This is used to indicate the role definition id(s) to exclude + */ + excludeRoleDefinitionId?: pulumi.Input; + /** + * Flag to indicate whether to expand nested memberships or not. + */ + expandNestedMemberships?: pulumi.Input; + /** + * Duration users are inactive for. The value should be in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations).This code can be used to convert TimeSpan to a valid interval string: XmlConvert.ToString(new TimeSpan(hours, minutes, seconds)) + */ + inactiveDuration?: pulumi.Input; + /** + * Flag to indicate whether to expand nested memberships or not. + */ + includeAccessBelowResource?: pulumi.Input; + /** + * Flag to indicate whether to expand nested memberships or not. + */ + includeInheritedAccess?: pulumi.Input; + } + + } + + export namespace v20220501preview { + /** + * Role definition permissions. + */ + export interface PermissionArgs { + /** + * Allowed actions. + */ + actions?: pulumi.Input[]>; + /** + * Allowed Data actions. + */ + dataActions?: pulumi.Input[]>; + /** + * Denied actions. + */ + notActions?: pulumi.Input[]>; + /** + * Denied Data actions. + */ + notDataActions?: pulumi.Input[]>; + } + + } + + export namespace v20220601 { + /** + * Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity. + */ + export interface IdentityArgs { + /** + * The identity type. This is the only required field when adding a system or user assigned identity to a resource. + */ + type?: pulumi.Input; + /** + * The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + */ + userAssignedIdentities?: pulumi.Input[]>; + } + + /** + * A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. + */ + export interface NonComplianceMessageArgs { + /** + * A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. + */ + message: pulumi.Input; + /** + * The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. + */ + policyDefinitionReferenceId?: pulumi.Input; + } + + /** + * The policy property value override. + */ + export interface OverrideArgs { + /** + * The override kind. + */ + kind?: pulumi.Input; + /** + * The list of the selector expressions. + */ + selectors?: pulumi.Input[]>; + /** + * The value to override the policy property. + */ + value?: pulumi.Input; + } + + /** + * The value of a parameter. + */ + export interface ParameterValuesValueArgs { + /** + * The value of the parameter. + */ + value?: any; + } + + /** + * The resource selector to filter policies by resource properties. + */ + export interface ResourceSelectorArgs { + /** + * The name of the resource selector. + */ + name?: pulumi.Input; + /** + * The list of the selector expressions. + */ + selectors?: pulumi.Input[]>; + } + + /** + * The selector expression. + */ + export interface SelectorArgs { + /** + * The list of values to filter in. + */ + in?: pulumi.Input[]>; + /** + * The selector kind. + */ + kind?: pulumi.Input; + /** + * The list of values to filter out. + */ + notIn?: pulumi.Input[]>; + } + + } + + export namespace v20220701preview { + /** + * The resource selector to filter policies by resource properties. + */ + export interface ResourceSelectorArgs { + /** + * The name of the resource selector. + */ + name?: pulumi.Input; + /** + * The list of the selector expressions. + */ + selectors?: pulumi.Input[]>; + } + + /** + * The selector expression. + */ + export interface SelectorArgs { + /** + * The list of values to filter in. + */ + in?: pulumi.Input[]>; + /** + * The selector kind. + */ + kind?: pulumi.Input; + /** + * The list of values to filter out. + */ + notIn?: pulumi.Input[]>; + } + + } + + export namespace v20220801preview { + /** + * The variable column. + */ + export interface PolicyVariableColumnArgs { + /** + * The name of this policy variable column. + */ + columnName: pulumi.Input; + } + + /** + * The name value tuple for this variable value column. + */ + export interface PolicyVariableValueColumnValueArgs { + /** + * Column name for the variable value + */ + columnName: pulumi.Input; + /** + * Column value for the variable value; this can be an integer, double, boolean, null or a string. + */ + columnValue: any; + } + + } + + export namespace v20230401 { + /** + * Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity. + */ + export interface IdentityArgs { + /** + * The identity type. This is the only required field when adding a system or user assigned identity to a resource. + */ + type?: pulumi.Input; + /** + * The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + */ + userAssignedIdentities?: pulumi.Input[]>; + } + + /** + * A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. + */ + export interface NonComplianceMessageArgs { + /** + * A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. + */ + message: pulumi.Input; + /** + * The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. + */ + policyDefinitionReferenceId?: pulumi.Input; + } + + /** + * The policy property value override. + */ + export interface OverrideArgs { + /** + * The override kind. + */ + kind?: pulumi.Input; + /** + * The list of the selector expressions. + */ + selectors?: pulumi.Input[]>; + /** + * The value to override the policy property. + */ + value?: pulumi.Input; + } + + /** + * The definition of a parameter that can be provided to the policy. + */ + export interface ParameterDefinitionsValueArgs { + /** + * The allowed values for the parameter. + */ + allowedValues?: pulumi.Input; + /** + * The default value for the parameter if no value is provided. + */ + defaultValue?: any; + /** + * General metadata for the parameter. + */ + metadata?: pulumi.Input; + /** + * Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/. + */ + schema?: any; + /** + * The data type of the parameter. + */ + type?: pulumi.Input; + } + + /** + * General metadata for the parameter. + */ + export interface ParameterDefinitionsValueMetadataArgs { + /** + * Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope. + */ + assignPermissions?: pulumi.Input; + /** + * The description of the parameter. + */ + description?: pulumi.Input; + /** + * The display name for the parameter. + */ + displayName?: pulumi.Input; + /** + * Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from. + */ + strongType?: pulumi.Input; + } + + /** + * The value of a parameter. + */ + export interface ParameterValuesValueArgs { + /** + * The value of the parameter. + */ + value?: any; + } + + /** + * The policy definition group. + */ + export interface PolicyDefinitionGroupArgs { + /** + * A resource ID of a resource that contains additional metadata about the group. + */ + additionalMetadataId?: pulumi.Input; + /** + * The group's category. + */ + category?: pulumi.Input; + /** + * The group's description. + */ + description?: pulumi.Input; + /** + * The group's display name. + */ + displayName?: pulumi.Input; + /** + * The name of the group. + */ + name: pulumi.Input; + } + + /** + * The policy definition reference. + */ + export interface PolicyDefinitionReferenceArgs { + /** + * The version of the policy definition to use. + */ + definitionVersion?: pulumi.Input; + /** + * The name of the groups that this policy definition reference belongs to. */ - fulfilledDateTime?: pulumi.Input; + groupNames?: pulumi.Input[]>; /** - * Date time used when selecting review data, all reviews included in data end on or before this date. For use only with one-time/non-recurring reports. + * The parameter values for the referenced policy rule. The keys are the parameter names. */ - reviewHistoryPeriodEndDateTime?: pulumi.Input; + parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** - * Date time used when selecting review data, all reviews included in data start on or after this date. For use only with one-time/non-recurring reports. + * The ID of the policy definition or policy set definition. */ - reviewHistoryPeriodStartDateTime?: pulumi.Input; + policyDefinitionId: pulumi.Input; /** - * Date time when the history data report is scheduled to be generated. + * A unique id (within the policy set definition) for this policy definition reference. */ - runDateTime?: pulumi.Input; + policyDefinitionReferenceId?: pulumi.Input; } /** - * Access Review Instance. + * The resource selector to filter policies by resource properties. */ - export interface AccessReviewInstanceArgs { + export interface ResourceSelectorArgs { /** - * This is the collection of backup reviewers. + * The name of the resource selector. */ - backupReviewers?: pulumi.Input[]>; + name?: pulumi.Input; /** - * The DateTime when the review instance is scheduled to end. + * The list of the selector expressions. */ - endDateTime?: pulumi.Input; + selectors?: pulumi.Input[]>; + } + + /** + * The selector expression. + */ + export interface SelectorArgs { /** - * This is the collection of reviewers. + * The list of values to filter in. */ - reviewers?: pulumi.Input[]>; + in?: pulumi.Input[]>; /** - * The DateTime when the review instance is scheduled to be start. + * The selector kind. */ - startDateTime?: pulumi.Input; + kind?: pulumi.Input; + /** + * The list of values to filter out. + */ + notIn?: pulumi.Input[]>; } + } + + export namespace v20240201preview { /** - * Descriptor for what needs to be reviewed + * The approval settings. */ - export interface AccessReviewReviewerArgs { + export interface ApprovalSettingsArgs { /** - * The id of the reviewer(user/servicePrincipal) + * The type of rule */ - principalId?: pulumi.Input; + approvalMode?: pulumi.Input; + /** + * The approval stages of the request. + */ + approvalStages?: pulumi.Input[]>; + /** + * Determines whether approval is required or not. + */ + isApprovalRequired?: pulumi.Input; + /** + * Determines whether approval is required for assignment extension. + */ + isApprovalRequiredForExtension?: pulumi.Input; + /** + * Determine whether requestor justification is required. + */ + isRequestorJustificationRequired?: pulumi.Input; } /** - * Descriptor for what needs to be reviewed + * The approval stage. */ - export interface AccessReviewScopeArgs { + export interface ApprovalStageArgs { /** - * This is used to indicate the resource id(s) to exclude + * The time in days when approval request would be timed out */ - excludeResourceId?: pulumi.Input; + approvalStageTimeOutInDays?: pulumi.Input; /** - * This is used to indicate the role definition id(s) to exclude + * The escalation approver of the request. */ - excludeRoleDefinitionId?: pulumi.Input; + escalationApprovers?: pulumi.Input[]>; /** - * Flag to indicate whether to expand nested memberships or not. + * The time in minutes when the approval request would be escalated if the primary approver does not approve */ - expandNestedMemberships?: pulumi.Input; + escalationTimeInMinutes?: pulumi.Input; /** - * Duration users are inactive for. The value should be in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations).This code can be used to convert TimeSpan to a valid interval string: XmlConvert.ToString(new TimeSpan(hours, minutes, seconds)) + * Determines whether approver need to provide justification for his decision. */ - inactiveDuration?: pulumi.Input; + isApproverJustificationRequired?: pulumi.Input; /** - * Flag to indicate whether to expand nested memberships or not. + * The value determine whether escalation feature is enabled. */ - includeAccessBelowResource?: pulumi.Input; + isEscalationEnabled?: pulumi.Input; /** - * Flag to indicate whether to expand nested memberships or not. + * The primary approver of the request. */ - includeInheritedAccess?: pulumi.Input; + primaryApprovers?: pulumi.Input[]>; } - } + /** + * The PIM Only Mode settings. + */ + export interface PIMOnlyModeSettingsArgs { + /** + * The list of excluded assignment types allowed. + */ + excludedAssignmentTypes?: pulumi.Input[]>; + /** + * The list of excluded entities that the rule does not apply to. + */ + excludes?: pulumi.Input[]>; + /** + * Determines whether the setting is enabled, disabled or report only. + */ + mode?: pulumi.Input; + } - export namespace v20220501preview { /** - * Role definition permissions. + * The role management policy approval rule. */ - export interface PermissionArgs { + export interface RoleManagementPolicyApprovalRuleArgs { /** - * Allowed actions. + * The id of the rule. */ - actions?: pulumi.Input[]>; + id?: pulumi.Input; /** - * Allowed Data actions. + * The type of rule + * Expected value is 'RoleManagementPolicyApprovalRule'. */ - dataActions?: pulumi.Input[]>; + ruleType: pulumi.Input<"RoleManagementPolicyApprovalRule">; /** - * Denied actions. + * The approval setting */ - notActions?: pulumi.Input[]>; + setting?: pulumi.Input; /** - * Denied Data actions. + * The target of the current rule. */ - notDataActions?: pulumi.Input[]>; + target?: pulumi.Input; } - } + /** + * The role management policy authentication context rule. + */ + export interface RoleManagementPolicyAuthenticationContextRuleArgs { + /** + * The claim value. + */ + claimValue?: pulumi.Input; + /** + * The id of the rule. + */ + id?: pulumi.Input; + /** + * The value indicating if rule is enabled. + */ + isEnabled?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyAuthenticationContextRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; + } - export namespace v20220601 { /** - * Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity. + * The role management policy enablement rule. */ - export interface IdentityArgs { + export interface RoleManagementPolicyEnablementRuleArgs { /** - * The identity type. This is the only required field when adding a system or user assigned identity to a resource. + * The list of enabled rules. */ - type?: pulumi.Input; + enabledRules?: pulumi.Input[]>; /** - * The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + * The id of the rule. */ - userAssignedIdentities?: pulumi.Input[]>; + id?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyEnablementRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyEnablementRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; } /** - * A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. + * The role management policy expiration rule. */ - export interface NonComplianceMessageArgs { + export interface RoleManagementPolicyExpirationRuleArgs { /** - * A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. + * The id of the rule. */ - message: pulumi.Input; + id?: pulumi.Input; /** - * The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. + * The value indicating whether expiration is required. */ - policyDefinitionReferenceId?: pulumi.Input; + isExpirationRequired?: pulumi.Input; + /** + * The maximum duration of expiration in timespan. + */ + maximumDuration?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyExpirationRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyExpirationRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; } /** - * The policy property value override. + * The role management policy notification rule. */ - export interface OverrideArgs { + export interface RoleManagementPolicyNotificationRuleArgs { /** - * The override kind. + * The id of the rule. */ - kind?: pulumi.Input; + id?: pulumi.Input; /** - * The list of the selector expressions. + * Determines if the notification will be sent to the recipient type specified in the policy rule. */ - selectors?: pulumi.Input[]>; + isDefaultRecipientsEnabled?: pulumi.Input; /** - * The value to override the policy property. + * The notification level. */ - value?: pulumi.Input; + notificationLevel?: pulumi.Input; + /** + * The list of notification recipients. + */ + notificationRecipients?: pulumi.Input[]>; + /** + * The type of notification. + */ + notificationType?: pulumi.Input; + /** + * The recipient type. + */ + recipientType?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyNotificationRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyNotificationRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; } /** - * The value of a parameter. + * The role management policy PIM only mode rule. */ - export interface ParameterValuesValueArgs { + export interface RoleManagementPolicyPimOnlyModeRuleArgs { /** - * The value of the parameter. + * The id of the rule. */ - value?: any; + id?: pulumi.Input; + /** + * The PIM Only Mode settings + */ + pimOnlyModeSettings?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyPimOnlyModeRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; } /** - * The resource selector to filter policies by resource properties. + * The role management policy rule target. */ - export interface ResourceSelectorArgs { + export interface RoleManagementPolicyRuleTargetArgs { /** - * The name of the resource selector. + * The caller of the setting. */ - name?: pulumi.Input; + caller?: pulumi.Input; /** - * The list of the selector expressions. + * The list of enforced settings. */ - selectors?: pulumi.Input[]>; + enforcedSettings?: pulumi.Input[]>; + /** + * The list of inheritable settings. + */ + inheritableSettings?: pulumi.Input[]>; + /** + * The assignment level to which rule is applied. + */ + level?: pulumi.Input; + /** + * The type of operation. + */ + operations?: pulumi.Input[]>; + /** + * The list of target objects. + */ + targetObjects?: pulumi.Input[]>; } /** - * The selector expression. + * The detail of a user. */ - export interface SelectorArgs { + export interface UserSetArgs { /** - * The list of values to filter in. + * The description of the user. */ - in?: pulumi.Input[]>; + description?: pulumi.Input; /** - * The selector kind. + * The object id of the user. */ - kind?: pulumi.Input; + id?: pulumi.Input; /** - * The list of values to filter out. + * The value indicating whether the user is a backup fallback approver + */ + isBackup?: pulumi.Input; + /** + * The type of user. + */ + userType?: pulumi.Input; + } + + /** + * The detail of a subject. + */ + export interface UsersOrServicePrincipalSetArgs { + /** + * The display Name of the entity. + */ + displayName?: pulumi.Input; + /** + * The object id of the entity. + */ + id?: pulumi.Input; + /** + * The type of user. + */ + type?: pulumi.Input; + } + + } + + export namespace v20240401 { + /** + * Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity. + */ + export interface IdentityArgs { + /** + * The identity type. This is the only required field when adding a system or user assigned identity to a resource. + */ + type?: pulumi.Input; + /** + * The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + */ + userAssignedIdentities?: pulumi.Input[]>; + } + + /** + * A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. + */ + export interface NonComplianceMessageArgs { + /** + * A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. + */ + message: pulumi.Input; + /** + * The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. + */ + policyDefinitionReferenceId?: pulumi.Input; + } + + /** + * The policy property value override. + */ + export interface OverrideArgs { + /** + * The override kind. + */ + kind?: pulumi.Input; + /** + * The list of the selector expressions. + */ + selectors?: pulumi.Input[]>; + /** + * The value to override the policy property. */ - notIn?: pulumi.Input[]>; + value?: pulumi.Input; } - } + /** + * The value of a parameter. + */ + export interface ParameterValuesValueArgs { + /** + * The value of the parameter. + */ + value?: any; + } - export namespace v20220701preview { /** * The resource selector to filter policies by resource properties. */ @@ -54442,7 +55864,7 @@ export namespace authorization { /** * The list of the selector expressions. */ - selectors?: pulumi.Input[]>; + selectors?: pulumi.Input[]>; } /** @@ -54456,7 +55878,7 @@ export namespace authorization { /** * The selector kind. */ - kind?: pulumi.Input; + kind?: pulumi.Input; /** * The list of values to filter out. */ @@ -54465,34 +55887,7 @@ export namespace authorization { } - export namespace v20220801preview { - /** - * The variable column. - */ - export interface PolicyVariableColumnArgs { - /** - * The name of this policy variable column. - */ - columnName: pulumi.Input; - } - - /** - * The name value tuple for this variable value column. - */ - export interface PolicyVariableValueColumnValueArgs { - /** - * Column name for the variable value - */ - columnName: pulumi.Input; - /** - * Column value for the variable value; this can be an integer, double, boolean, null or a string. - */ - columnValue: any; - } - - } - - export namespace v20230401 { + export namespace v20240501 { /** * Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity. */ @@ -54500,7 +55895,7 @@ export namespace authorization { /** * The identity type. This is the only required field when adding a system or user assigned identity to a resource. */ - type?: pulumi.Input; + type?: pulumi.Input; /** * The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. */ @@ -54528,11 +55923,11 @@ export namespace authorization { /** * The override kind. */ - kind?: pulumi.Input; + kind?: pulumi.Input; /** * The list of the selector expressions. */ - selectors?: pulumi.Input[]>; + selectors?: pulumi.Input[]>; /** * The value to override the policy property. */ @@ -54554,7 +55949,7 @@ export namespace authorization { /** * General metadata for the parameter. */ - metadata?: pulumi.Input; + metadata?: pulumi.Input; /** * Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/. */ @@ -54562,7 +55957,7 @@ export namespace authorization { /** * The data type of the parameter. */ - type?: pulumi.Input; + type?: pulumi.Input; } /** @@ -54638,7 +56033,7 @@ export namespace authorization { /** * The parameter values for the referenced policy rule. The keys are the parameter names. */ - parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; + parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The ID of the policy definition or policy set definition. */ @@ -54660,7 +56055,7 @@ export namespace authorization { /** * The list of the selector expressions. */ - selectors?: pulumi.Input[]>; + selectors?: pulumi.Input[]>; } /** @@ -54674,7 +56069,7 @@ export namespace authorization { /** * The selector kind. */ - kind?: pulumi.Input; + kind?: pulumi.Input; /** * The list of values to filter out. */ @@ -54683,293 +56078,318 @@ export namespace authorization { } - export namespace v20240201preview { - } - - export namespace v20240401 { + export namespace v20240901preview { /** - * Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity. + * The approval settings. */ - export interface IdentityArgs { + export interface ApprovalSettingsArgs { /** - * The identity type. This is the only required field when adding a system or user assigned identity to a resource. + * The type of rule */ - type?: pulumi.Input; + approvalMode?: pulumi.Input; /** - * The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + * The approval stages of the request. */ - userAssignedIdentities?: pulumi.Input[]>; - } - - /** - * A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. - */ - export interface NonComplianceMessageArgs { + approvalStages?: pulumi.Input[]>; /** - * A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. + * Determines whether approval is required or not. */ - message: pulumi.Input; + isApprovalRequired?: pulumi.Input; /** - * The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. + * Determines whether approval is required for assignment extension. */ - policyDefinitionReferenceId?: pulumi.Input; + isApprovalRequiredForExtension?: pulumi.Input; + /** + * Determine whether requestor justification is required. + */ + isRequestorJustificationRequired?: pulumi.Input; } /** - * The policy property value override. + * The approval stage. */ - export interface OverrideArgs { + export interface ApprovalStageArgs { /** - * The override kind. + * The time in days when approval request would be timed out */ - kind?: pulumi.Input; + approvalStageTimeOutInDays?: pulumi.Input; /** - * The list of the selector expressions. + * The escalation approver of the request. */ - selectors?: pulumi.Input[]>; + escalationApprovers?: pulumi.Input[]>; /** - * The value to override the policy property. + * The time in minutes when the approval request would be escalated if the primary approver does not approve */ - value?: pulumi.Input; - } - - /** - * The value of a parameter. - */ - export interface ParameterValuesValueArgs { + escalationTimeInMinutes?: pulumi.Input; /** - * The value of the parameter. + * Determines whether approver need to provide justification for his decision. */ - value?: any; - } - - /** - * The resource selector to filter policies by resource properties. - */ - export interface ResourceSelectorArgs { + isApproverJustificationRequired?: pulumi.Input; /** - * The name of the resource selector. + * The value determine whether escalation feature is enabled. */ - name?: pulumi.Input; + isEscalationEnabled?: pulumi.Input; /** - * The list of the selector expressions. + * The primary approver of the request. */ - selectors?: pulumi.Input[]>; + primaryApprovers?: pulumi.Input[]>; } /** - * The selector expression. + * The PIM Only Mode settings. */ - export interface SelectorArgs { + export interface PIMOnlyModeSettingsArgs { /** - * The list of values to filter in. + * The list of excluded assignment types allowed. */ - in?: pulumi.Input[]>; + excludedAssignmentTypes?: pulumi.Input[]>; /** - * The selector kind. + * The list of excluded entities that the rule does not apply to. */ - kind?: pulumi.Input; + excludes?: pulumi.Input[]>; /** - * The list of values to filter out. + * Determines whether the setting is enabled, disabled or report only. */ - notIn?: pulumi.Input[]>; + mode?: pulumi.Input; } - } - - export namespace v20240501 { /** - * Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity. + * The role management policy approval rule. */ - export interface IdentityArgs { + export interface RoleManagementPolicyApprovalRuleArgs { /** - * The identity type. This is the only required field when adding a system or user assigned identity to a resource. + * The id of the rule. */ - type?: pulumi.Input; + id?: pulumi.Input; /** - * The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + * The type of rule + * Expected value is 'RoleManagementPolicyApprovalRule'. */ - userAssignedIdentities?: pulumi.Input[]>; + ruleType: pulumi.Input<"RoleManagementPolicyApprovalRule">; + /** + * The approval setting + */ + setting?: pulumi.Input; + /** + * The target of the current rule. + */ + target?: pulumi.Input; } /** - * A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. + * The role management policy authentication context rule. */ - export interface NonComplianceMessageArgs { + export interface RoleManagementPolicyAuthenticationContextRuleArgs { /** - * A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. + * The claim value. */ - message: pulumi.Input; + claimValue?: pulumi.Input; /** - * The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. + * The id of the rule. */ - policyDefinitionReferenceId?: pulumi.Input; + id?: pulumi.Input; + /** + * The value indicating if rule is enabled. + */ + isEnabled?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyAuthenticationContextRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; } /** - * The policy property value override. + * The role management policy enablement rule. */ - export interface OverrideArgs { + export interface RoleManagementPolicyEnablementRuleArgs { /** - * The override kind. + * The list of enabled rules. */ - kind?: pulumi.Input; + enabledRules?: pulumi.Input[]>; /** - * The list of the selector expressions. + * The id of the rule. */ - selectors?: pulumi.Input[]>; + id?: pulumi.Input; /** - * The value to override the policy property. + * The type of rule + * Expected value is 'RoleManagementPolicyEnablementRule'. */ - value?: pulumi.Input; + ruleType: pulumi.Input<"RoleManagementPolicyEnablementRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; } /** - * The definition of a parameter that can be provided to the policy. + * The role management policy expiration rule. */ - export interface ParameterDefinitionsValueArgs { + export interface RoleManagementPolicyExpirationRuleArgs { /** - * The allowed values for the parameter. + * The members not restricted by expiration rule. */ - allowedValues?: pulumi.Input; + exceptionMembers?: pulumi.Input[]>; /** - * The default value for the parameter if no value is provided. + * The id of the rule. */ - defaultValue?: any; + id?: pulumi.Input; /** - * General metadata for the parameter. + * The value indicating whether expiration is required. */ - metadata?: pulumi.Input; + isExpirationRequired?: pulumi.Input; /** - * Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/. + * The maximum duration of expiration in timespan. */ - schema?: any; + maximumDuration?: pulumi.Input; /** - * The data type of the parameter. + * The type of rule + * Expected value is 'RoleManagementPolicyExpirationRule'. */ - type?: pulumi.Input; + ruleType: pulumi.Input<"RoleManagementPolicyExpirationRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; } /** - * General metadata for the parameter. + * The role management policy notification rule. */ - export interface ParameterDefinitionsValueMetadataArgs { + export interface RoleManagementPolicyNotificationRuleArgs { /** - * Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope. + * The id of the rule. */ - assignPermissions?: pulumi.Input; + id?: pulumi.Input; /** - * The description of the parameter. + * Determines if the notification will be sent to the recipient type specified in the policy rule. */ - description?: pulumi.Input; + isDefaultRecipientsEnabled?: pulumi.Input; /** - * The display name for the parameter. + * The notification level. */ - displayName?: pulumi.Input; + notificationLevel?: pulumi.Input; /** - * Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from. + * The list of notification recipients. */ - strongType?: pulumi.Input; - } - - /** - * The value of a parameter. - */ - export interface ParameterValuesValueArgs { + notificationRecipients?: pulumi.Input[]>; /** - * The value of the parameter. + * The type of notification. */ - value?: any; + notificationType?: pulumi.Input; + /** + * The recipient type. + */ + recipientType?: pulumi.Input; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyNotificationRule'. + */ + ruleType: pulumi.Input<"RoleManagementPolicyNotificationRule">; + /** + * The target of the current rule. + */ + target?: pulumi.Input; } /** - * The policy definition group. + * The role management policy PIM only mode rule. */ - export interface PolicyDefinitionGroupArgs { - /** - * A resource ID of a resource that contains additional metadata about the group. - */ - additionalMetadataId?: pulumi.Input; + export interface RoleManagementPolicyPimOnlyModeRuleArgs { /** - * The group's category. + * The id of the rule. */ - category?: pulumi.Input; + id?: pulumi.Input; /** - * The group's description. + * The PIM Only Mode settings */ - description?: pulumi.Input; + pimOnlyModeSettings?: pulumi.Input; /** - * The group's display name. + * The type of rule + * Expected value is 'RoleManagementPolicyPimOnlyModeRule'. */ - displayName?: pulumi.Input; + ruleType: pulumi.Input<"RoleManagementPolicyPimOnlyModeRule">; /** - * The name of the group. + * The target of the current rule. */ - name: pulumi.Input; + target?: pulumi.Input; } /** - * The policy definition reference. + * The role management policy rule target. */ - export interface PolicyDefinitionReferenceArgs { + export interface RoleManagementPolicyRuleTargetArgs { /** - * The version of the policy definition to use. + * The caller of the setting. */ - definitionVersion?: pulumi.Input; + caller?: pulumi.Input; /** - * The name of the groups that this policy definition reference belongs to. + * The list of enforced settings. */ - groupNames?: pulumi.Input[]>; + enforcedSettings?: pulumi.Input[]>; /** - * The parameter values for the referenced policy rule. The keys are the parameter names. + * The list of inheritable settings. */ - parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; + inheritableSettings?: pulumi.Input[]>; /** - * The ID of the policy definition or policy set definition. + * The assignment level to which rule is applied. */ - policyDefinitionId: pulumi.Input; + level?: pulumi.Input; /** - * A unique id (within the policy set definition) for this policy definition reference. + * The type of operation. */ - policyDefinitionReferenceId?: pulumi.Input; + operations?: pulumi.Input[]>; + /** + * The list of target objects. + */ + targetObjects?: pulumi.Input[]>; } /** - * The resource selector to filter policies by resource properties. + * The detail of a user. */ - export interface ResourceSelectorArgs { + export interface UserSetArgs { /** - * The name of the resource selector. + * The description of the user. */ - name?: pulumi.Input; + description?: pulumi.Input; /** - * The list of the selector expressions. + * The object id of the user. */ - selectors?: pulumi.Input[]>; + id?: pulumi.Input; + /** + * The value indicating whether the user is a backup fallback approver + */ + isBackup?: pulumi.Input; + /** + * The type of user. + */ + userType?: pulumi.Input; } /** - * The selector expression. + * The detail of a subject. */ - export interface SelectorArgs { + export interface UsersOrServicePrincipalSetArgs { /** - * The list of values to filter in. + * The display Name of the entity. */ - in?: pulumi.Input[]>; + displayName?: pulumi.Input; /** - * The selector kind. + * The object id of the entity. */ - kind?: pulumi.Input; + id?: pulumi.Input; /** - * The list of values to filter out. + * The type of user. */ - notIn?: pulumi.Input[]>; + type?: pulumi.Input; } } - - export namespace v20240901preview { - } } export namespace automanage { diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts index bb720e243a14..672a7ddf15f5 100644 --- a/sdk/nodejs/types/output.ts +++ b/sdk/nodejs/types/output.ts @@ -65219,6 +65219,24 @@ export namespace authorization { value?: string; } + /** + * The PIM Only Mode settings. + */ + export interface PIMOnlyModeSettingsResponse { + /** + * The list of excluded assignment types allowed. + */ + excludedAssignmentTypes?: string[]; + /** + * The list of excluded entities that the rule does not apply to. + */ + excludes?: outputs.authorization.UsersOrServicePrincipalSetResponse[]; + /** + * Determines whether the setting is enabled, disabled or report only. + */ + mode?: string; + } + /** * The definition of a parameter that can be provided to the policy. */ @@ -65494,6 +65512,34 @@ export namespace authorization { }; } + /** + * Expanded info of resource scope + */ + export interface PolicyPropertiesResponse { + /** + * Details of the resource scope + */ + scope: outputs.authorization.PolicyPropertiesResponseScope; + } + + /** + * Details of the resource scope + */ + export interface PolicyPropertiesResponseScope { + /** + * Display name of the resource + */ + displayName?: string; + /** + * Scope id of the resource + */ + id?: string; + /** + * Type of the resource + */ + type?: string; + } + /** * The policy set definition version. */ @@ -65711,6 +65757,10 @@ export namespace authorization { * The role management policy expiration rule. */ export interface RoleManagementPolicyExpirationRuleResponse { + /** + * The members not restricted by expiration rule. + */ + exceptionMembers?: outputs.authorization.UserSetResponse[]; /** * The id of the rule. */ @@ -65773,6 +65823,29 @@ export namespace authorization { target?: outputs.authorization.RoleManagementPolicyRuleTargetResponse; } + /** + * The role management policy PIM only mode rule. + */ + export interface RoleManagementPolicyPimOnlyModeRuleResponse { + /** + * The id of the rule. + */ + id?: string; + /** + * The PIM Only Mode settings + */ + pimOnlyModeSettings?: outputs.authorization.PIMOnlyModeSettingsResponse; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + */ + ruleType: "RoleManagementPolicyPimOnlyModeRule"; + /** + * The target of the current rule. + */ + target?: outputs.authorization.RoleManagementPolicyRuleTargetResponse; + } + /** * The role management policy rule target. */ @@ -65873,6 +65946,24 @@ export namespace authorization { userType?: string; } + /** + * The detail of a subject. + */ + export interface UsersOrServicePrincipalSetResponse { + /** + * The display Name of the entity. + */ + displayName?: string; + /** + * The object id of the entity. + */ + id?: string; + /** + * The type of user. + */ + type?: string; + } + export namespace v20190601 { /** * Identity for the resource. @@ -66165,6 +66256,34 @@ export namespace authorization { type?: string; } + /** + * Expanded info of resource scope + */ + export interface PolicyPropertiesResponse { + /** + * Details of the resource scope + */ + scope: outputs.authorization.v20201001.PolicyPropertiesResponseScope; + } + + /** + * Details of the resource scope + */ + export interface PolicyPropertiesResponseScope { + /** + * Display name of the resource + */ + displayName?: string; + /** + * Scope id of the resource + */ + id?: string; + /** + * Type of the resource + */ + type?: string; + } + /** * The name of the entity last modified it */ @@ -66381,6 +66500,62 @@ export namespace authorization { } export namespace v20201001preview { + /** + * The approval settings. + */ + export interface ApprovalSettingsResponse { + /** + * The type of rule + */ + approvalMode?: string; + /** + * The approval stages of the request. + */ + approvalStages?: outputs.authorization.v20201001preview.ApprovalStageResponse[]; + /** + * Determines whether approval is required or not. + */ + isApprovalRequired?: boolean; + /** + * Determines whether approval is required for assignment extension. + */ + isApprovalRequiredForExtension?: boolean; + /** + * Determine whether requestor justification is required. + */ + isRequestorJustificationRequired?: boolean; + } + + /** + * The approval stage. + */ + export interface ApprovalStageResponse { + /** + * The time in days when approval request would be timed out + */ + approvalStageTimeOutInDays?: number; + /** + * The escalation approver of the request. + */ + escalationApprovers?: outputs.authorization.v20201001preview.UserSetResponse[]; + /** + * The time in minutes when the approval request would be escalated if the primary approver does not approve + */ + escalationTimeInMinutes?: number; + /** + * Determines whether approver need to provide justification for his decision. + */ + isApproverJustificationRequired?: boolean; + /** + * The value determine whether escalation feature is enabled. + */ + isEscalationEnabled?: boolean; + /** + * The primary approver of the request. + */ + primaryApprovers?: outputs.authorization.v20201001preview.UserSetResponse[]; + } + export interface PolicyAssignmentPropertiesResponse { /** * Details of the policy @@ -66450,6 +66625,31 @@ export namespace authorization { type?: string; } + export interface PolicyPropertiesResponse { + /** + * Details of the resource scope + */ + scope: outputs.authorization.v20201001preview.PolicyPropertiesResponseScope; + } + + /** + * Details of the resource scope + */ + export interface PolicyPropertiesResponseScope { + /** + * Display name of the resource + */ + displayName?: string; + /** + * Scope id of the resource + */ + id?: string; + /** + * Type of the resource + */ + type?: string; + } + /** * The name of the entity last modified it */ @@ -66472,6 +66672,197 @@ export namespace authorization { type?: string; } + /** + * The role management policy approval rule. + */ + export interface RoleManagementPolicyApprovalRuleResponse { + /** + * The id of the rule. + */ + id?: string; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyApprovalRule'. + */ + ruleType: "RoleManagementPolicyApprovalRule"; + /** + * The approval setting + */ + setting?: outputs.authorization.v20201001preview.ApprovalSettingsResponse; + /** + * The target of the current rule. + */ + target?: outputs.authorization.v20201001preview.RoleManagementPolicyRuleTargetResponse; + } + + /** + * The role management policy authentication context rule. + */ + export interface RoleManagementPolicyAuthenticationContextRuleResponse { + /** + * The claim value. + */ + claimValue?: string; + /** + * The id of the rule. + */ + id?: string; + /** + * The value indicating if rule is enabled. + */ + isEnabled?: boolean; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + */ + ruleType: "RoleManagementPolicyAuthenticationContextRule"; + /** + * The target of the current rule. + */ + target?: outputs.authorization.v20201001preview.RoleManagementPolicyRuleTargetResponse; + } + + /** + * The role management policy rule. + */ + export interface RoleManagementPolicyEnablementRuleResponse { + /** + * The list of enabled rules. + */ + enabledRules?: string[]; + /** + * The id of the rule. + */ + id?: string; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyEnablementRule'. + */ + ruleType: "RoleManagementPolicyEnablementRule"; + /** + * The target of the current rule. + */ + target?: outputs.authorization.v20201001preview.RoleManagementPolicyRuleTargetResponse; + } + + /** + * The role management policy expiration rule. + */ + export interface RoleManagementPolicyExpirationRuleResponse { + /** + * The id of the rule. + */ + id?: string; + /** + * The value indicating whether expiration is required. + */ + isExpirationRequired?: boolean; + /** + * The maximum duration of expiration in timespan. + */ + maximumDuration?: string; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyExpirationRule'. + */ + ruleType: "RoleManagementPolicyExpirationRule"; + /** + * The target of the current rule. + */ + target?: outputs.authorization.v20201001preview.RoleManagementPolicyRuleTargetResponse; + } + + /** + * The role management policy notification rule. + */ + export interface RoleManagementPolicyNotificationRuleResponse { + /** + * The id of the rule. + */ + id?: string; + /** + * Determines if the notification will be sent to the recipient type specified in the policy rule. + */ + isDefaultRecipientsEnabled?: boolean; + /** + * The notification level. + */ + notificationLevel?: string; + /** + * The list of notification recipients. + */ + notificationRecipients?: string[]; + /** + * The type of notification. + */ + notificationType?: string; + /** + * The recipient type. + */ + recipientType?: string; + /** + * The type of rule + * Expected value is 'RoleManagementPolicyNotificationRule'. + */ + ruleType: "RoleManagementPolicyNotificationRule"; + /** + * The target of the current rule. + */ + target?: outputs.authorization.v20201001preview.RoleManagementPolicyRuleTargetResponse; + } + + /** + * The role management policy rule target. + */ + export interface RoleManagementPolicyRuleTargetResponse { + /** + * The caller of the setting. + */ + caller?: string; + /** + * The list of enforced settings. + */ + enforcedSettings?: string[]; + /** + * The list of inheritable settings. + */ + inheritableSettings?: string[]; + /** + * The assignment level to which rule is applied. + */ + level?: string; + /** + * The type of operation. + */ + operations?: string[]; + /** + * The list of target objects. + */ + targetObjects?: string[]; + } + + /** + * The detail of a user. + */ + export interface UserSetResponse { + /** + * The description of the user. + */ + description?: string; + /** + * The object id of the user. + */ + id?: string; + /** + * The value indicating whether the user is a backup fallback approver + */ + isBackup?: boolean; + /** + * The type of user. + */ + userType?: string; + } + } export namespace v20210601 { @@ -67563,6 +67954,34 @@ export namespace authorization { type?: string; } + /** + * Expanded info of resource scope + */ + export interface PolicyPropertiesResponse { + /** + * Details of the resource scope + */ + scope: outputs.authorization.v20240201preview.PolicyPropertiesResponseScope; + } + + /** + * Details of the resource scope + */ + export interface PolicyPropertiesResponseScope { + /** + * Display name of the resource + */ + displayName?: string; + /** + * Scope id of the resource + */ + id?: string; + /** + * Type of the resource + */ + type?: string; + } + /** * The name of the entity last modified it */ @@ -68463,6 +68882,34 @@ export namespace authorization { type?: string; } + /** + * Expanded info of resource scope + */ + export interface PolicyPropertiesResponse { + /** + * Details of the resource scope + */ + scope: outputs.authorization.v20240901preview.PolicyPropertiesResponseScope; + } + + /** + * Details of the resource scope + */ + export interface PolicyPropertiesResponseScope { + /** + * Display name of the resource + */ + displayName?: string; + /** + * Scope id of the resource + */ + id?: string; + /** + * Type of the resource + */ + type?: string; + } + /** * The name of the entity last modified it */ diff --git a/sdk/python/pulumi_azure_native/__init__.py b/sdk/python/pulumi_azure_native/__init__.py index 1235ecc1c025..0b25da0ec9fa 100644 --- a/sdk/python/pulumi_azure_native/__init__.py +++ b/sdk/python/pulumi_azure_native/__init__.py @@ -2396,6 +2396,7 @@ "azure-native:authorization:ResourceManagementPrivateLink": "ResourceManagementPrivateLink", "azure-native:authorization:RoleAssignment": "RoleAssignment", "azure-native:authorization:RoleDefinition": "RoleDefinition", + "azure-native:authorization:RoleManagementPolicy": "RoleManagementPolicy", "azure-native:authorization:RoleManagementPolicyAssignment": "RoleManagementPolicyAssignment", "azure-native:authorization:ScopeAccessReviewHistoryDefinitionById": "ScopeAccessReviewHistoryDefinitionById", "azure-native:authorization:ScopeAccessReviewScheduleDefinitionById": "ScopeAccessReviewScheduleDefinitionById", @@ -2476,6 +2477,7 @@ "mod": "authorization/v20201001", "fqn": "pulumi_azure_native.authorization.v20201001", "classes": { + "azure-native:authorization/v20201001:RoleManagementPolicy": "RoleManagementPolicy", "azure-native:authorization/v20201001:RoleManagementPolicyAssignment": "RoleManagementPolicyAssignment" } }, @@ -2484,6 +2486,7 @@ "mod": "authorization/v20201001preview", "fqn": "pulumi_azure_native.authorization.v20201001preview", "classes": { + "azure-native:authorization/v20201001preview:RoleManagementPolicy": "RoleManagementPolicy", "azure-native:authorization/v20201001preview:RoleManagementPolicyAssignment": "RoleManagementPolicyAssignment" } }, @@ -2573,6 +2576,7 @@ "mod": "authorization/v20240201preview", "fqn": "pulumi_azure_native.authorization.v20240201preview", "classes": { + "azure-native:authorization/v20240201preview:RoleManagementPolicy": "RoleManagementPolicy", "azure-native:authorization/v20240201preview:RoleManagementPolicyAssignment": "RoleManagementPolicyAssignment" } }, @@ -2605,6 +2609,7 @@ "mod": "authorization/v20240901preview", "fqn": "pulumi_azure_native.authorization.v20240901preview", "classes": { + "azure-native:authorization/v20240901preview:RoleManagementPolicy": "RoleManagementPolicy", "azure-native:authorization/v20240901preview:RoleManagementPolicyAssignment": "RoleManagementPolicyAssignment" } }, diff --git a/sdk/python/pulumi_azure_native/authorization/__init__.py b/sdk/python/pulumi_azure_native/authorization/__init__.py index d8780073f5a6..78c22af5a54e 100644 --- a/sdk/python/pulumi_azure_native/authorization/__init__.py +++ b/sdk/python/pulumi_azure_native/authorization/__init__.py @@ -30,6 +30,7 @@ from .get_resource_management_private_link import * from .get_role_assignment import * from .get_role_definition import * +from .get_role_management_policy import * from .get_role_management_policy_assignment import * from .get_scope_access_review_history_definition_by_id import * from .get_scope_access_review_schedule_definition_by_id import * @@ -61,6 +62,7 @@ from .resource_management_private_link import * from .role_assignment import * from .role_definition import * +from .role_management_policy import * from .role_management_policy_assignment import * from .scope_access_review_history_definition_by_id import * from .scope_access_review_schedule_definition_by_id import * diff --git a/sdk/python/pulumi_azure_native/authorization/_enums.py b/sdk/python/pulumi_azure_native/authorization/_enums.py index 0b3c1469b1c0..08f31d65c549 100644 --- a/sdk/python/pulumi_azure_native/authorization/_enums.py +++ b/sdk/python/pulumi_azure_native/authorization/_enums.py @@ -8,18 +8,27 @@ 'AccessReviewRecurrencePatternType', 'AccessReviewRecurrenceRangeType', 'AccessReviewResult', + 'ApprovalMode', 'AssignmentScopeValidation', 'DefaultDecisionType', + 'EnablementRules', 'EnforcementMode', + 'ExcludedPrincipalTypes', 'ExemptionCategory', 'LockLevel', + 'NotificationDeliveryMechanism', + 'NotificationLevel', 'OverrideKind', + 'PIMOnlyMode', 'ParameterType', 'PolicyType', 'PrincipalType', 'PublicNetworkAccessOptions', + 'RecipientType', 'ResourceIdentityType', + 'RoleManagementPolicyRuleType', 'SelectorKind', + 'UserType', ] @@ -51,6 +60,16 @@ class AccessReviewResult(str, Enum): NOT_NOTIFIED = "NotNotified" +class ApprovalMode(str, Enum): + """ + The type of rule + """ + SINGLE_STAGE = "SingleStage" + SERIAL = "Serial" + PARALLEL = "Parallel" + NO_APPROVAL = "NoApproval" + + class AssignmentScopeValidation(str, Enum): """ The option whether validate the exemption is at or under the assignment scope. @@ -74,6 +93,15 @@ class DefaultDecisionType(str, Enum): RECOMMENDATION = "Recommendation" +class EnablementRules(str, Enum): + """ + The type of enablement rule + """ + MULTI_FACTOR_AUTHENTICATION = "MultiFactorAuthentication" + JUSTIFICATION = "Justification" + TICKETING = "Ticketing" + + class EnforcementMode(str, Enum): """ The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. @@ -88,6 +116,11 @@ class EnforcementMode(str, Enum): """ +class ExcludedPrincipalTypes(str, Enum): + SERVICE_PRINCIPALS_AS_TARGET = "ServicePrincipalsAsTarget" + SERVICE_PRINCIPALS_AS_REQUESTOR = "ServicePrincipalsAsRequestor" + + class ExemptionCategory(str, Enum): """ The policy exemption category. Possible values are Waiver and Mitigated. @@ -111,6 +144,22 @@ class LockLevel(str, Enum): READ_ONLY = "ReadOnly" +class NotificationDeliveryMechanism(str, Enum): + """ + The type of notification. + """ + EMAIL = "Email" + + +class NotificationLevel(str, Enum): + """ + The notification level. + """ + NONE = "None" + CRITICAL = "Critical" + ALL = "All" + + class OverrideKind(str, Enum): """ The override kind. @@ -121,6 +170,15 @@ class OverrideKind(str, Enum): """ +class PIMOnlyMode(str, Enum): + """ + Determines whether the setting is enabled, disabled or report only. + """ + DISABLED = "Disabled" + ENABLED = "Enabled" + REPORT_ONLY = "ReportOnly" + + class ParameterType(str, Enum): """ The data type of the parameter. @@ -160,6 +218,15 @@ class PublicNetworkAccessOptions(str, Enum): DISABLED = "Disabled" +class RecipientType(str, Enum): + """ + The recipient type. + """ + REQUESTOR = "Requestor" + APPROVER = "Approver" + ADMIN = "Admin" + + class ResourceIdentityType(str, Enum): """ The identity type. This is the only required field when adding a system or user assigned identity to a resource. @@ -178,6 +245,18 @@ class ResourceIdentityType(str, Enum): """ +class RoleManagementPolicyRuleType(str, Enum): + """ + The type of rule + """ + ROLE_MANAGEMENT_POLICY_APPROVAL_RULE = "RoleManagementPolicyApprovalRule" + ROLE_MANAGEMENT_POLICY_AUTHENTICATION_CONTEXT_RULE = "RoleManagementPolicyAuthenticationContextRule" + ROLE_MANAGEMENT_POLICY_ENABLEMENT_RULE = "RoleManagementPolicyEnablementRule" + ROLE_MANAGEMENT_POLICY_EXPIRATION_RULE = "RoleManagementPolicyExpirationRule" + ROLE_MANAGEMENT_POLICY_NOTIFICATION_RULE = "RoleManagementPolicyNotificationRule" + ROLE_MANAGEMENT_POLICY_PIM_ONLY_MODE_RULE = "RoleManagementPolicyPimOnlyModeRule" + + class SelectorKind(str, Enum): """ The selector kind. @@ -198,3 +277,12 @@ class SelectorKind(str, Enum): """ The selector kind to filter policies by the policy definition reference ID. """ + + +class UserType(str, Enum): + """ + The type of user. + """ + USER = "User" + GROUP = "Group" + SERVICE_PRINCIPAL = "ServicePrincipal" diff --git a/sdk/python/pulumi_azure_native/authorization/_inputs.py b/sdk/python/pulumi_azure_native/authorization/_inputs.py index b365e3d5ca1c..4f67a8e65182 100644 --- a/sdk/python/pulumi_azure_native/authorization/_inputs.py +++ b/sdk/python/pulumi_azure_native/authorization/_inputs.py @@ -24,6 +24,10 @@ 'AccessReviewReviewerArgsDict', 'AccessReviewScopeArgs', 'AccessReviewScopeArgsDict', + 'ApprovalSettingsArgs', + 'ApprovalSettingsArgsDict', + 'ApprovalStageArgs', + 'ApprovalStageArgsDict', 'IdentityArgs', 'IdentityArgsDict', 'ManagementLockOwnerArgs', @@ -32,6 +36,8 @@ 'NonComplianceMessageArgsDict', 'OverrideArgs', 'OverrideArgsDict', + 'PIMOnlyModeSettingsArgs', + 'PIMOnlyModeSettingsArgsDict', 'ParameterDefinitionsValueMetadataArgs', 'ParameterDefinitionsValueMetadataArgsDict', 'ParameterDefinitionsValueArgs', @@ -52,8 +58,26 @@ 'PrivateLinkAssociationPropertiesArgsDict', 'ResourceSelectorArgs', 'ResourceSelectorArgsDict', + 'RoleManagementPolicyApprovalRuleArgs', + 'RoleManagementPolicyApprovalRuleArgsDict', + 'RoleManagementPolicyAuthenticationContextRuleArgs', + 'RoleManagementPolicyAuthenticationContextRuleArgsDict', + 'RoleManagementPolicyEnablementRuleArgs', + 'RoleManagementPolicyEnablementRuleArgsDict', + 'RoleManagementPolicyExpirationRuleArgs', + 'RoleManagementPolicyExpirationRuleArgsDict', + 'RoleManagementPolicyNotificationRuleArgs', + 'RoleManagementPolicyNotificationRuleArgsDict', + 'RoleManagementPolicyPimOnlyModeRuleArgs', + 'RoleManagementPolicyPimOnlyModeRuleArgsDict', + 'RoleManagementPolicyRuleTargetArgs', + 'RoleManagementPolicyRuleTargetArgsDict', 'SelectorArgs', 'SelectorArgsDict', + 'UserSetArgs', + 'UserSetArgsDict', + 'UsersOrServicePrincipalSetArgs', + 'UsersOrServicePrincipalSetArgsDict', ] MYPY = False @@ -462,6 +486,258 @@ def include_inherited_access(self, value: Optional[pulumi.Input[bool]]): pulumi.set(self, "include_inherited_access", value) +if not MYPY: + class ApprovalSettingsArgsDict(TypedDict): + """ + The approval settings. + """ + approval_mode: NotRequired[pulumi.Input[Union[str, 'ApprovalMode']]] + """ + The type of rule + """ + approval_stages: NotRequired[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgsDict']]]] + """ + The approval stages of the request. + """ + is_approval_required: NotRequired[pulumi.Input[bool]] + """ + Determines whether approval is required or not. + """ + is_approval_required_for_extension: NotRequired[pulumi.Input[bool]] + """ + Determines whether approval is required for assignment extension. + """ + is_requestor_justification_required: NotRequired[pulumi.Input[bool]] + """ + Determine whether requestor justification is required. + """ +elif False: + ApprovalSettingsArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ApprovalSettingsArgs: + def __init__(__self__, *, + approval_mode: Optional[pulumi.Input[Union[str, 'ApprovalMode']]] = None, + approval_stages: Optional[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]]] = None, + is_approval_required: Optional[pulumi.Input[bool]] = None, + is_approval_required_for_extension: Optional[pulumi.Input[bool]] = None, + is_requestor_justification_required: Optional[pulumi.Input[bool]] = None): + """ + The approval settings. + :param pulumi.Input[Union[str, 'ApprovalMode']] approval_mode: The type of rule + :param pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]] approval_stages: The approval stages of the request. + :param pulumi.Input[bool] is_approval_required: Determines whether approval is required or not. + :param pulumi.Input[bool] is_approval_required_for_extension: Determines whether approval is required for assignment extension. + :param pulumi.Input[bool] is_requestor_justification_required: Determine whether requestor justification is required. + """ + if approval_mode is not None: + pulumi.set(__self__, "approval_mode", approval_mode) + if approval_stages is not None: + pulumi.set(__self__, "approval_stages", approval_stages) + if is_approval_required is not None: + pulumi.set(__self__, "is_approval_required", is_approval_required) + if is_approval_required_for_extension is not None: + pulumi.set(__self__, "is_approval_required_for_extension", is_approval_required_for_extension) + if is_requestor_justification_required is not None: + pulumi.set(__self__, "is_requestor_justification_required", is_requestor_justification_required) + + @property + @pulumi.getter(name="approvalMode") + def approval_mode(self) -> Optional[pulumi.Input[Union[str, 'ApprovalMode']]]: + """ + The type of rule + """ + return pulumi.get(self, "approval_mode") + + @approval_mode.setter + def approval_mode(self, value: Optional[pulumi.Input[Union[str, 'ApprovalMode']]]): + pulumi.set(self, "approval_mode", value) + + @property + @pulumi.getter(name="approvalStages") + def approval_stages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]]]: + """ + The approval stages of the request. + """ + return pulumi.get(self, "approval_stages") + + @approval_stages.setter + def approval_stages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]]]): + pulumi.set(self, "approval_stages", value) + + @property + @pulumi.getter(name="isApprovalRequired") + def is_approval_required(self) -> Optional[pulumi.Input[bool]]: + """ + Determines whether approval is required or not. + """ + return pulumi.get(self, "is_approval_required") + + @is_approval_required.setter + def is_approval_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_approval_required", value) + + @property + @pulumi.getter(name="isApprovalRequiredForExtension") + def is_approval_required_for_extension(self) -> Optional[pulumi.Input[bool]]: + """ + Determines whether approval is required for assignment extension. + """ + return pulumi.get(self, "is_approval_required_for_extension") + + @is_approval_required_for_extension.setter + def is_approval_required_for_extension(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_approval_required_for_extension", value) + + @property + @pulumi.getter(name="isRequestorJustificationRequired") + def is_requestor_justification_required(self) -> Optional[pulumi.Input[bool]]: + """ + Determine whether requestor justification is required. + """ + return pulumi.get(self, "is_requestor_justification_required") + + @is_requestor_justification_required.setter + def is_requestor_justification_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_requestor_justification_required", value) + + +if not MYPY: + class ApprovalStageArgsDict(TypedDict): + """ + The approval stage. + """ + approval_stage_time_out_in_days: NotRequired[pulumi.Input[int]] + """ + The time in days when approval request would be timed out + """ + escalation_approvers: NotRequired[pulumi.Input[Sequence[pulumi.Input['UserSetArgsDict']]]] + """ + The escalation approver of the request. + """ + escalation_time_in_minutes: NotRequired[pulumi.Input[int]] + """ + The time in minutes when the approval request would be escalated if the primary approver does not approve + """ + is_approver_justification_required: NotRequired[pulumi.Input[bool]] + """ + Determines whether approver need to provide justification for his decision. + """ + is_escalation_enabled: NotRequired[pulumi.Input[bool]] + """ + The value determine whether escalation feature is enabled. + """ + primary_approvers: NotRequired[pulumi.Input[Sequence[pulumi.Input['UserSetArgsDict']]]] + """ + The primary approver of the request. + """ +elif False: + ApprovalStageArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ApprovalStageArgs: + def __init__(__self__, *, + approval_stage_time_out_in_days: Optional[pulumi.Input[int]] = None, + escalation_approvers: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]] = None, + escalation_time_in_minutes: Optional[pulumi.Input[int]] = None, + is_approver_justification_required: Optional[pulumi.Input[bool]] = None, + is_escalation_enabled: Optional[pulumi.Input[bool]] = None, + primary_approvers: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]] = None): + """ + The approval stage. + :param pulumi.Input[int] approval_stage_time_out_in_days: The time in days when approval request would be timed out + :param pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]] escalation_approvers: The escalation approver of the request. + :param pulumi.Input[int] escalation_time_in_minutes: The time in minutes when the approval request would be escalated if the primary approver does not approve + :param pulumi.Input[bool] is_approver_justification_required: Determines whether approver need to provide justification for his decision. + :param pulumi.Input[bool] is_escalation_enabled: The value determine whether escalation feature is enabled. + :param pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]] primary_approvers: The primary approver of the request. + """ + if approval_stage_time_out_in_days is not None: + pulumi.set(__self__, "approval_stage_time_out_in_days", approval_stage_time_out_in_days) + if escalation_approvers is not None: + pulumi.set(__self__, "escalation_approvers", escalation_approvers) + if escalation_time_in_minutes is not None: + pulumi.set(__self__, "escalation_time_in_minutes", escalation_time_in_minutes) + if is_approver_justification_required is not None: + pulumi.set(__self__, "is_approver_justification_required", is_approver_justification_required) + if is_escalation_enabled is not None: + pulumi.set(__self__, "is_escalation_enabled", is_escalation_enabled) + if primary_approvers is not None: + pulumi.set(__self__, "primary_approvers", primary_approvers) + + @property + @pulumi.getter(name="approvalStageTimeOutInDays") + def approval_stage_time_out_in_days(self) -> Optional[pulumi.Input[int]]: + """ + The time in days when approval request would be timed out + """ + return pulumi.get(self, "approval_stage_time_out_in_days") + + @approval_stage_time_out_in_days.setter + def approval_stage_time_out_in_days(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "approval_stage_time_out_in_days", value) + + @property + @pulumi.getter(name="escalationApprovers") + def escalation_approvers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]: + """ + The escalation approver of the request. + """ + return pulumi.get(self, "escalation_approvers") + + @escalation_approvers.setter + def escalation_approvers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]): + pulumi.set(self, "escalation_approvers", value) + + @property + @pulumi.getter(name="escalationTimeInMinutes") + def escalation_time_in_minutes(self) -> Optional[pulumi.Input[int]]: + """ + The time in minutes when the approval request would be escalated if the primary approver does not approve + """ + return pulumi.get(self, "escalation_time_in_minutes") + + @escalation_time_in_minutes.setter + def escalation_time_in_minutes(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "escalation_time_in_minutes", value) + + @property + @pulumi.getter(name="isApproverJustificationRequired") + def is_approver_justification_required(self) -> Optional[pulumi.Input[bool]]: + """ + Determines whether approver need to provide justification for his decision. + """ + return pulumi.get(self, "is_approver_justification_required") + + @is_approver_justification_required.setter + def is_approver_justification_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_approver_justification_required", value) + + @property + @pulumi.getter(name="isEscalationEnabled") + def is_escalation_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + The value determine whether escalation feature is enabled. + """ + return pulumi.get(self, "is_escalation_enabled") + + @is_escalation_enabled.setter + def is_escalation_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_escalation_enabled", value) + + @property + @pulumi.getter(name="primaryApprovers") + def primary_approvers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]: + """ + The primary approver of the request. + """ + return pulumi.get(self, "primary_approvers") + + @primary_approvers.setter + def primary_approvers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]): + pulumi.set(self, "primary_approvers", value) + + if not MYPY: class IdentityArgsDict(TypedDict): """ @@ -685,6 +961,82 @@ def value(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "value", value) +if not MYPY: + class PIMOnlyModeSettingsArgsDict(TypedDict): + """ + The PIM Only Mode settings. + """ + excluded_assignment_types: NotRequired[pulumi.Input[Sequence[pulumi.Input[Union[str, 'ExcludedPrincipalTypes']]]]] + """ + The list of excluded assignment types allowed. + """ + excludes: NotRequired[pulumi.Input[Sequence[pulumi.Input['UsersOrServicePrincipalSetArgsDict']]]] + """ + The list of excluded entities that the rule does not apply to. + """ + mode: NotRequired[pulumi.Input[Union[str, 'PIMOnlyMode']]] + """ + Determines whether the setting is enabled, disabled or report only. + """ +elif False: + PIMOnlyModeSettingsArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class PIMOnlyModeSettingsArgs: + def __init__(__self__, *, + excluded_assignment_types: Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'ExcludedPrincipalTypes']]]]] = None, + excludes: Optional[pulumi.Input[Sequence[pulumi.Input['UsersOrServicePrincipalSetArgs']]]] = None, + mode: Optional[pulumi.Input[Union[str, 'PIMOnlyMode']]] = None): + """ + The PIM Only Mode settings. + :param pulumi.Input[Sequence[pulumi.Input[Union[str, 'ExcludedPrincipalTypes']]]] excluded_assignment_types: The list of excluded assignment types allowed. + :param pulumi.Input[Sequence[pulumi.Input['UsersOrServicePrincipalSetArgs']]] excludes: The list of excluded entities that the rule does not apply to. + :param pulumi.Input[Union[str, 'PIMOnlyMode']] mode: Determines whether the setting is enabled, disabled or report only. + """ + if excluded_assignment_types is not None: + pulumi.set(__self__, "excluded_assignment_types", excluded_assignment_types) + if excludes is not None: + pulumi.set(__self__, "excludes", excludes) + if mode is not None: + pulumi.set(__self__, "mode", mode) + + @property + @pulumi.getter(name="excludedAssignmentTypes") + def excluded_assignment_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'ExcludedPrincipalTypes']]]]]: + """ + The list of excluded assignment types allowed. + """ + return pulumi.get(self, "excluded_assignment_types") + + @excluded_assignment_types.setter + def excluded_assignment_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'ExcludedPrincipalTypes']]]]]): + pulumi.set(self, "excluded_assignment_types", value) + + @property + @pulumi.getter + def excludes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UsersOrServicePrincipalSetArgs']]]]: + """ + The list of excluded entities that the rule does not apply to. + """ + return pulumi.get(self, "excludes") + + @excludes.setter + def excludes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['UsersOrServicePrincipalSetArgs']]]]): + pulumi.set(self, "excludes", value) + + @property + @pulumi.getter + def mode(self) -> Optional[pulumi.Input[Union[str, 'PIMOnlyMode']]]: + """ + Determines whether the setting is enabled, disabled or report only. + """ + return pulumi.get(self, "mode") + + @mode.setter + def mode(self, value: Optional[pulumi.Input[Union[str, 'PIMOnlyMode']]]): + pulumi.set(self, "mode", value) + + if not MYPY: class ParameterDefinitionsValueMetadataArgsDict(TypedDict): """ @@ -1450,78 +1802,1114 @@ def selectors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['Selector if not MYPY: - class SelectorArgsDict(TypedDict): + class RoleManagementPolicyApprovalRuleArgsDict(TypedDict): """ - The selector expression. + The role management policy approval rule. """ - in_: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + rule_type: pulumi.Input[str] """ - The list of values to filter in. + The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. """ - kind: NotRequired[pulumi.Input[Union[str, 'SelectorKind']]] + id: NotRequired[pulumi.Input[str]] """ - The selector kind. + The id of the rule. """ - not_in: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + setting: NotRequired[pulumi.Input['ApprovalSettingsArgsDict']] """ - The list of values to filter out. + The approval setting + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. """ elif False: - SelectorArgsDict: TypeAlias = Mapping[str, Any] + RoleManagementPolicyApprovalRuleArgsDict: TypeAlias = Mapping[str, Any] @pulumi.input_type -class SelectorArgs: +class RoleManagementPolicyApprovalRuleArgs: def __init__(__self__, *, - in_: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - kind: Optional[pulumi.Input[Union[str, 'SelectorKind']]] = None, - not_in: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + rule_type: pulumi.Input[str], + id: Optional[pulumi.Input[str]] = None, + setting: Optional[pulumi.Input['ApprovalSettingsArgs']] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy approval rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input['ApprovalSettingsArgs'] setting: The approval setting + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyApprovalRule') + if id is not None: + pulumi.set(__self__, "id", id) + if setting is not None: + pulumi.set(__self__, "setting", setting) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: """ - The selector expression. - :param pulumi.Input[Sequence[pulumi.Input[str]]] in_: The list of values to filter in. - :param pulumi.Input[Union[str, 'SelectorKind']] kind: The selector kind. - :param pulumi.Input[Sequence[pulumi.Input[str]]] not_in: The list of values to filter out. + The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. """ - if in_ is not None: - pulumi.set(__self__, "in_", in_) - if kind is not None: - pulumi.set(__self__, "kind", kind) - if not_in is not None: - pulumi.set(__self__, "not_in", not_in) + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) @property - @pulumi.getter(name="in") - def in_(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: """ - The list of values to filter in. + The id of the rule. """ - return pulumi.get(self, "in_") + return pulumi.get(self, "id") - @in_.setter - def in_(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "in_", value) + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) @property @pulumi.getter - def kind(self) -> Optional[pulumi.Input[Union[str, 'SelectorKind']]]: + def setting(self) -> Optional[pulumi.Input['ApprovalSettingsArgs']]: """ - The selector kind. + The approval setting """ - return pulumi.get(self, "kind") + return pulumi.get(self, "setting") - @kind.setter - def kind(self, value: Optional[pulumi.Input[Union[str, 'SelectorKind']]]): - pulumi.set(self, "kind", value) + @setting.setter + def setting(self, value: Optional[pulumi.Input['ApprovalSettingsArgs']]): + pulumi.set(self, "setting", value) @property - @pulumi.getter(name="notIn") - def not_in(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: """ - The list of values to filter out. + The target of the current rule. """ - return pulumi.get(self, "not_in") + return pulumi.get(self, "target") - @not_in.setter - def not_in(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "not_in", value) + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyAuthenticationContextRuleArgsDict(TypedDict): + """ + The role management policy authentication context rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + """ + claim_value: NotRequired[pulumi.Input[str]] + """ + The claim value. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + is_enabled: NotRequired[pulumi.Input[bool]] + """ + The value indicating if rule is enabled. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyAuthenticationContextRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyAuthenticationContextRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + claim_value: Optional[pulumi.Input[str]] = None, + id: Optional[pulumi.Input[str]] = None, + is_enabled: Optional[pulumi.Input[bool]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy authentication context rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + :param pulumi.Input[str] claim_value: The claim value. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input[bool] is_enabled: The value indicating if rule is enabled. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyAuthenticationContextRule') + if claim_value is not None: + pulumi.set(__self__, "claim_value", claim_value) + if id is not None: + pulumi.set(__self__, "id", id) + if is_enabled is not None: + pulumi.set(__self__, "is_enabled", is_enabled) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter(name="claimValue") + def claim_value(self) -> Optional[pulumi.Input[str]]: + """ + The claim value. + """ + return pulumi.get(self, "claim_value") + + @claim_value.setter + def claim_value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "claim_value", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isEnabled") + def is_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + The value indicating if rule is enabled. + """ + return pulumi.get(self, "is_enabled") + + @is_enabled.setter + def is_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_enabled", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyEnablementRuleArgsDict(TypedDict): + """ + The role management policy enablement rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + """ + enabled_rules: NotRequired[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]] + """ + The list of enabled rules. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyEnablementRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyEnablementRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + enabled_rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]] = None, + id: Optional[pulumi.Input[str]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy enablement rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + :param pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]] enabled_rules: The list of enabled rules. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyEnablementRule') + if enabled_rules is not None: + pulumi.set(__self__, "enabled_rules", enabled_rules) + if id is not None: + pulumi.set(__self__, "id", id) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter(name="enabledRules") + def enabled_rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]]: + """ + The list of enabled rules. + """ + return pulumi.get(self, "enabled_rules") + + @enabled_rules.setter + def enabled_rules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]]): + pulumi.set(self, "enabled_rules", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyExpirationRuleArgsDict(TypedDict): + """ + The role management policy expiration rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + """ + exception_members: NotRequired[pulumi.Input[Sequence[pulumi.Input['UserSetArgsDict']]]] + """ + The members not restricted by expiration rule. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + is_expiration_required: NotRequired[pulumi.Input[bool]] + """ + The value indicating whether expiration is required. + """ + maximum_duration: NotRequired[pulumi.Input[str]] + """ + The maximum duration of expiration in timespan. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyExpirationRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyExpirationRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + exception_members: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]] = None, + id: Optional[pulumi.Input[str]] = None, + is_expiration_required: Optional[pulumi.Input[bool]] = None, + maximum_duration: Optional[pulumi.Input[str]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy expiration rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + :param pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]] exception_members: The members not restricted by expiration rule. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input[bool] is_expiration_required: The value indicating whether expiration is required. + :param pulumi.Input[str] maximum_duration: The maximum duration of expiration in timespan. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyExpirationRule') + if exception_members is not None: + pulumi.set(__self__, "exception_members", exception_members) + if id is not None: + pulumi.set(__self__, "id", id) + if is_expiration_required is not None: + pulumi.set(__self__, "is_expiration_required", is_expiration_required) + if maximum_duration is not None: + pulumi.set(__self__, "maximum_duration", maximum_duration) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter(name="exceptionMembers") + def exception_members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]: + """ + The members not restricted by expiration rule. + """ + return pulumi.get(self, "exception_members") + + @exception_members.setter + def exception_members(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]): + pulumi.set(self, "exception_members", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isExpirationRequired") + def is_expiration_required(self) -> Optional[pulumi.Input[bool]]: + """ + The value indicating whether expiration is required. + """ + return pulumi.get(self, "is_expiration_required") + + @is_expiration_required.setter + def is_expiration_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_expiration_required", value) + + @property + @pulumi.getter(name="maximumDuration") + def maximum_duration(self) -> Optional[pulumi.Input[str]]: + """ + The maximum duration of expiration in timespan. + """ + return pulumi.get(self, "maximum_duration") + + @maximum_duration.setter + def maximum_duration(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "maximum_duration", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyNotificationRuleArgsDict(TypedDict): + """ + The role management policy notification rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + is_default_recipients_enabled: NotRequired[pulumi.Input[bool]] + """ + Determines if the notification will be sent to the recipient type specified in the policy rule. + """ + notification_level: NotRequired[pulumi.Input[Union[str, 'NotificationLevel']]] + """ + The notification level. + """ + notification_recipients: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of notification recipients. + """ + notification_type: NotRequired[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]] + """ + The type of notification. + """ + recipient_type: NotRequired[pulumi.Input[Union[str, 'RecipientType']]] + """ + The recipient type. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyNotificationRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyNotificationRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + id: Optional[pulumi.Input[str]] = None, + is_default_recipients_enabled: Optional[pulumi.Input[bool]] = None, + notification_level: Optional[pulumi.Input[Union[str, 'NotificationLevel']]] = None, + notification_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + notification_type: Optional[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]] = None, + recipient_type: Optional[pulumi.Input[Union[str, 'RecipientType']]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy notification rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input[bool] is_default_recipients_enabled: Determines if the notification will be sent to the recipient type specified in the policy rule. + :param pulumi.Input[Union[str, 'NotificationLevel']] notification_level: The notification level. + :param pulumi.Input[Sequence[pulumi.Input[str]]] notification_recipients: The list of notification recipients. + :param pulumi.Input[Union[str, 'NotificationDeliveryMechanism']] notification_type: The type of notification. + :param pulumi.Input[Union[str, 'RecipientType']] recipient_type: The recipient type. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyNotificationRule') + if id is not None: + pulumi.set(__self__, "id", id) + if is_default_recipients_enabled is not None: + pulumi.set(__self__, "is_default_recipients_enabled", is_default_recipients_enabled) + if notification_level is not None: + pulumi.set(__self__, "notification_level", notification_level) + if notification_recipients is not None: + pulumi.set(__self__, "notification_recipients", notification_recipients) + if notification_type is not None: + pulumi.set(__self__, "notification_type", notification_type) + if recipient_type is not None: + pulumi.set(__self__, "recipient_type", recipient_type) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isDefaultRecipientsEnabled") + def is_default_recipients_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Determines if the notification will be sent to the recipient type specified in the policy rule. + """ + return pulumi.get(self, "is_default_recipients_enabled") + + @is_default_recipients_enabled.setter + def is_default_recipients_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_default_recipients_enabled", value) + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> Optional[pulumi.Input[Union[str, 'NotificationLevel']]]: + """ + The notification level. + """ + return pulumi.get(self, "notification_level") + + @notification_level.setter + def notification_level(self, value: Optional[pulumi.Input[Union[str, 'NotificationLevel']]]): + pulumi.set(self, "notification_level", value) + + @property + @pulumi.getter(name="notificationRecipients") + def notification_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of notification recipients. + """ + return pulumi.get(self, "notification_recipients") + + @notification_recipients.setter + def notification_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "notification_recipients", value) + + @property + @pulumi.getter(name="notificationType") + def notification_type(self) -> Optional[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]]: + """ + The type of notification. + """ + return pulumi.get(self, "notification_type") + + @notification_type.setter + def notification_type(self, value: Optional[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]]): + pulumi.set(self, "notification_type", value) + + @property + @pulumi.getter(name="recipientType") + def recipient_type(self) -> Optional[pulumi.Input[Union[str, 'RecipientType']]]: + """ + The recipient type. + """ + return pulumi.get(self, "recipient_type") + + @recipient_type.setter + def recipient_type(self, value: Optional[pulumi.Input[Union[str, 'RecipientType']]]): + pulumi.set(self, "recipient_type", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyPimOnlyModeRuleArgsDict(TypedDict): + """ + The role management policy PIM only mode rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + pim_only_mode_settings: NotRequired[pulumi.Input['PIMOnlyModeSettingsArgsDict']] + """ + The PIM Only Mode settings + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyPimOnlyModeRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyPimOnlyModeRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + id: Optional[pulumi.Input[str]] = None, + pim_only_mode_settings: Optional[pulumi.Input['PIMOnlyModeSettingsArgs']] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy PIM only mode rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input['PIMOnlyModeSettingsArgs'] pim_only_mode_settings: The PIM Only Mode settings + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyPimOnlyModeRule') + if id is not None: + pulumi.set(__self__, "id", id) + if pim_only_mode_settings is not None: + pulumi.set(__self__, "pim_only_mode_settings", pim_only_mode_settings) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="pimOnlyModeSettings") + def pim_only_mode_settings(self) -> Optional[pulumi.Input['PIMOnlyModeSettingsArgs']]: + """ + The PIM Only Mode settings + """ + return pulumi.get(self, "pim_only_mode_settings") + + @pim_only_mode_settings.setter + def pim_only_mode_settings(self, value: Optional[pulumi.Input['PIMOnlyModeSettingsArgs']]): + pulumi.set(self, "pim_only_mode_settings", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyRuleTargetArgsDict(TypedDict): + """ + The role management policy rule target. + """ + caller: NotRequired[pulumi.Input[str]] + """ + The caller of the setting. + """ + enforced_settings: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of enforced settings. + """ + inheritable_settings: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of inheritable settings. + """ + level: NotRequired[pulumi.Input[str]] + """ + The assignment level to which rule is applied. + """ + operations: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The type of operation. + """ + target_objects: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of target objects. + """ +elif False: + RoleManagementPolicyRuleTargetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyRuleTargetArgs: + def __init__(__self__, *, + caller: Optional[pulumi.Input[str]] = None, + enforced_settings: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + inheritable_settings: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + level: Optional[pulumi.Input[str]] = None, + operations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + target_objects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + The role management policy rule target. + :param pulumi.Input[str] caller: The caller of the setting. + :param pulumi.Input[Sequence[pulumi.Input[str]]] enforced_settings: The list of enforced settings. + :param pulumi.Input[Sequence[pulumi.Input[str]]] inheritable_settings: The list of inheritable settings. + :param pulumi.Input[str] level: The assignment level to which rule is applied. + :param pulumi.Input[Sequence[pulumi.Input[str]]] operations: The type of operation. + :param pulumi.Input[Sequence[pulumi.Input[str]]] target_objects: The list of target objects. + """ + if caller is not None: + pulumi.set(__self__, "caller", caller) + if enforced_settings is not None: + pulumi.set(__self__, "enforced_settings", enforced_settings) + if inheritable_settings is not None: + pulumi.set(__self__, "inheritable_settings", inheritable_settings) + if level is not None: + pulumi.set(__self__, "level", level) + if operations is not None: + pulumi.set(__self__, "operations", operations) + if target_objects is not None: + pulumi.set(__self__, "target_objects", target_objects) + + @property + @pulumi.getter + def caller(self) -> Optional[pulumi.Input[str]]: + """ + The caller of the setting. + """ + return pulumi.get(self, "caller") + + @caller.setter + def caller(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "caller", value) + + @property + @pulumi.getter(name="enforcedSettings") + def enforced_settings(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of enforced settings. + """ + return pulumi.get(self, "enforced_settings") + + @enforced_settings.setter + def enforced_settings(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "enforced_settings", value) + + @property + @pulumi.getter(name="inheritableSettings") + def inheritable_settings(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of inheritable settings. + """ + return pulumi.get(self, "inheritable_settings") + + @inheritable_settings.setter + def inheritable_settings(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "inheritable_settings", value) + + @property + @pulumi.getter + def level(self) -> Optional[pulumi.Input[str]]: + """ + The assignment level to which rule is applied. + """ + return pulumi.get(self, "level") + + @level.setter + def level(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "level", value) + + @property + @pulumi.getter + def operations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The type of operation. + """ + return pulumi.get(self, "operations") + + @operations.setter + def operations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "operations", value) + + @property + @pulumi.getter(name="targetObjects") + def target_objects(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of target objects. + """ + return pulumi.get(self, "target_objects") + + @target_objects.setter + def target_objects(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "target_objects", value) + + +if not MYPY: + class SelectorArgsDict(TypedDict): + """ + The selector expression. + """ + in_: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of values to filter in. + """ + kind: NotRequired[pulumi.Input[Union[str, 'SelectorKind']]] + """ + The selector kind. + """ + not_in: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of values to filter out. + """ +elif False: + SelectorArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class SelectorArgs: + def __init__(__self__, *, + in_: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + kind: Optional[pulumi.Input[Union[str, 'SelectorKind']]] = None, + not_in: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + The selector expression. + :param pulumi.Input[Sequence[pulumi.Input[str]]] in_: The list of values to filter in. + :param pulumi.Input[Union[str, 'SelectorKind']] kind: The selector kind. + :param pulumi.Input[Sequence[pulumi.Input[str]]] not_in: The list of values to filter out. + """ + if in_ is not None: + pulumi.set(__self__, "in_", in_) + if kind is not None: + pulumi.set(__self__, "kind", kind) + if not_in is not None: + pulumi.set(__self__, "not_in", not_in) + + @property + @pulumi.getter(name="in") + def in_(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of values to filter in. + """ + return pulumi.get(self, "in_") + + @in_.setter + def in_(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "in_", value) + + @property + @pulumi.getter + def kind(self) -> Optional[pulumi.Input[Union[str, 'SelectorKind']]]: + """ + The selector kind. + """ + return pulumi.get(self, "kind") + + @kind.setter + def kind(self, value: Optional[pulumi.Input[Union[str, 'SelectorKind']]]): + pulumi.set(self, "kind", value) + + @property + @pulumi.getter(name="notIn") + def not_in(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of values to filter out. + """ + return pulumi.get(self, "not_in") + + @not_in.setter + def not_in(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "not_in", value) + + +if not MYPY: + class UserSetArgsDict(TypedDict): + """ + The detail of a user. + """ + description: NotRequired[pulumi.Input[str]] + """ + The description of the user. + """ + id: NotRequired[pulumi.Input[str]] + """ + The object id of the user. + """ + is_backup: NotRequired[pulumi.Input[bool]] + """ + The value indicating whether the user is a backup fallback approver + """ + user_type: NotRequired[pulumi.Input[Union[str, 'UserType']]] + """ + The type of user. + """ +elif False: + UserSetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class UserSetArgs: + def __init__(__self__, *, + description: Optional[pulumi.Input[str]] = None, + id: Optional[pulumi.Input[str]] = None, + is_backup: Optional[pulumi.Input[bool]] = None, + user_type: Optional[pulumi.Input[Union[str, 'UserType']]] = None): + """ + The detail of a user. + :param pulumi.Input[str] description: The description of the user. + :param pulumi.Input[str] id: The object id of the user. + :param pulumi.Input[bool] is_backup: The value indicating whether the user is a backup fallback approver + :param pulumi.Input[Union[str, 'UserType']] user_type: The type of user. + """ + if description is not None: + pulumi.set(__self__, "description", description) + if id is not None: + pulumi.set(__self__, "id", id) + if is_backup is not None: + pulumi.set(__self__, "is_backup", is_backup) + if user_type is not None: + pulumi.set(__self__, "user_type", user_type) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + The description of the user. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The object id of the user. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isBackup") + def is_backup(self) -> Optional[pulumi.Input[bool]]: + """ + The value indicating whether the user is a backup fallback approver + """ + return pulumi.get(self, "is_backup") + + @is_backup.setter + def is_backup(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_backup", value) + + @property + @pulumi.getter(name="userType") + def user_type(self) -> Optional[pulumi.Input[Union[str, 'UserType']]]: + """ + The type of user. + """ + return pulumi.get(self, "user_type") + + @user_type.setter + def user_type(self, value: Optional[pulumi.Input[Union[str, 'UserType']]]): + pulumi.set(self, "user_type", value) + + +if not MYPY: + class UsersOrServicePrincipalSetArgsDict(TypedDict): + """ + The detail of a subject. + """ + display_name: NotRequired[pulumi.Input[str]] + """ + The display Name of the entity. + """ + id: NotRequired[pulumi.Input[str]] + """ + The object id of the entity. + """ + type: NotRequired[pulumi.Input[Union[str, 'UserType']]] + """ + The type of user. + """ +elif False: + UsersOrServicePrincipalSetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class UsersOrServicePrincipalSetArgs: + def __init__(__self__, *, + display_name: Optional[pulumi.Input[str]] = None, + id: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[Union[str, 'UserType']]] = None): + """ + The detail of a subject. + :param pulumi.Input[str] display_name: The display Name of the entity. + :param pulumi.Input[str] id: The object id of the entity. + :param pulumi.Input[Union[str, 'UserType']] type: The type of user. + """ + if display_name is not None: + pulumi.set(__self__, "display_name", display_name) + if id is not None: + pulumi.set(__self__, "id", id) + if type is not None: + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[pulumi.Input[str]]: + """ + The display Name of the entity. + """ + return pulumi.get(self, "display_name") + + @display_name.setter + def display_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display_name", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The object id of the entity. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[Union[str, 'UserType']]]: + """ + The type of user. + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[Union[str, 'UserType']]]): + pulumi.set(self, "type", value) diff --git a/sdk/python/pulumi_azure_native/authorization/get_role_management_policy.py b/sdk/python/pulumi_azure_native/authorization/get_role_management_policy.py new file mode 100644 index 000000000000..c35103a01398 --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/get_role_management_policy.py @@ -0,0 +1,247 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities +from . import outputs + +__all__ = [ + 'GetRoleManagementPolicyResult', + 'AwaitableGetRoleManagementPolicyResult', + 'get_role_management_policy', + 'get_role_management_policy_output', +] + +@pulumi.output_type +class GetRoleManagementPolicyResult: + """ + Role management policy + """ + def __init__(__self__, description=None, display_name=None, effective_rules=None, id=None, is_organization_default=None, last_modified_by=None, last_modified_date_time=None, name=None, policy_properties=None, rules=None, scope=None, type=None): + if description and not isinstance(description, str): + raise TypeError("Expected argument 'description' to be a str") + pulumi.set(__self__, "description", description) + if display_name and not isinstance(display_name, str): + raise TypeError("Expected argument 'display_name' to be a str") + pulumi.set(__self__, "display_name", display_name) + if effective_rules and not isinstance(effective_rules, list): + raise TypeError("Expected argument 'effective_rules' to be a list") + pulumi.set(__self__, "effective_rules", effective_rules) + if id and not isinstance(id, str): + raise TypeError("Expected argument 'id' to be a str") + pulumi.set(__self__, "id", id) + if is_organization_default and not isinstance(is_organization_default, bool): + raise TypeError("Expected argument 'is_organization_default' to be a bool") + pulumi.set(__self__, "is_organization_default", is_organization_default) + if last_modified_by and not isinstance(last_modified_by, dict): + raise TypeError("Expected argument 'last_modified_by' to be a dict") + pulumi.set(__self__, "last_modified_by", last_modified_by) + if last_modified_date_time and not isinstance(last_modified_date_time, str): + raise TypeError("Expected argument 'last_modified_date_time' to be a str") + pulumi.set(__self__, "last_modified_date_time", last_modified_date_time) + if name and not isinstance(name, str): + raise TypeError("Expected argument 'name' to be a str") + pulumi.set(__self__, "name", name) + if policy_properties and not isinstance(policy_properties, dict): + raise TypeError("Expected argument 'policy_properties' to be a dict") + pulumi.set(__self__, "policy_properties", policy_properties) + if rules and not isinstance(rules, list): + raise TypeError("Expected argument 'rules' to be a list") + pulumi.set(__self__, "rules", rules) + if scope and not isinstance(scope, str): + raise TypeError("Expected argument 'scope' to be a str") + pulumi.set(__self__, "scope", scope) + if type and not isinstance(type, str): + raise TypeError("Expected argument 'type' to be a str") + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter + def description(self) -> Optional[str]: + """ + The role management policy description. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[str]: + """ + The role management policy display name. + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter(name="effectiveRules") + def effective_rules(self) -> Sequence[Any]: + """ + The readonly computed rule applied to the policy. + """ + return pulumi.get(self, "effective_rules") + + @property + @pulumi.getter + def id(self) -> str: + """ + The role management policy Id. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter(name="isOrganizationDefault") + def is_organization_default(self) -> Optional[bool]: + """ + The role management policy is default policy. + """ + return pulumi.get(self, "is_organization_default") + + @property + @pulumi.getter(name="lastModifiedBy") + def last_modified_by(self) -> 'outputs.PrincipalResponse': + """ + The name of the entity last modified it + """ + return pulumi.get(self, "last_modified_by") + + @property + @pulumi.getter(name="lastModifiedDateTime") + def last_modified_date_time(self) -> str: + """ + The last modified date time. + """ + return pulumi.get(self, "last_modified_date_time") + + @property + @pulumi.getter + def name(self) -> str: + """ + The role management policy name. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="policyProperties") + def policy_properties(self) -> 'outputs.PolicyPropertiesResponse': + """ + Additional properties of scope + """ + return pulumi.get(self, "policy_properties") + + @property + @pulumi.getter + def rules(self) -> Optional[Sequence[Any]]: + """ + The rule applied to the policy. + """ + return pulumi.get(self, "rules") + + @property + @pulumi.getter + def scope(self) -> Optional[str]: + """ + The role management policy scope. + """ + return pulumi.get(self, "scope") + + @property + @pulumi.getter + def type(self) -> str: + """ + The role management policy type. + """ + return pulumi.get(self, "type") + + +class AwaitableGetRoleManagementPolicyResult(GetRoleManagementPolicyResult): + # pylint: disable=using-constant-test + def __await__(self): + if False: + yield self + return GetRoleManagementPolicyResult( + description=self.description, + display_name=self.display_name, + effective_rules=self.effective_rules, + id=self.id, + is_organization_default=self.is_organization_default, + last_modified_by=self.last_modified_by, + last_modified_date_time=self.last_modified_date_time, + name=self.name, + policy_properties=self.policy_properties, + rules=self.rules, + scope=self.scope, + type=self.type) + + +def get_role_management_policy(role_management_policy_name: Optional[str] = None, + scope: Optional[str] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetRoleManagementPolicyResult: + """ + Get the specified role management policy for a resource scope + Azure REST API version: 2024-09-01-preview. + + Other available API versions: 2020-10-01, 2020-10-01-preview, 2024-02-01-preview. + + + :param str role_management_policy_name: The name (guid) of the role management policy to get. + :param str scope: The scope of the role management policy. + """ + __args__ = dict() + __args__['roleManagementPolicyName'] = role_management_policy_name + __args__['scope'] = scope + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke('azure-native:authorization:getRoleManagementPolicy', __args__, opts=opts, typ=GetRoleManagementPolicyResult).value + + return AwaitableGetRoleManagementPolicyResult( + description=pulumi.get(__ret__, 'description'), + display_name=pulumi.get(__ret__, 'display_name'), + effective_rules=pulumi.get(__ret__, 'effective_rules'), + id=pulumi.get(__ret__, 'id'), + is_organization_default=pulumi.get(__ret__, 'is_organization_default'), + last_modified_by=pulumi.get(__ret__, 'last_modified_by'), + last_modified_date_time=pulumi.get(__ret__, 'last_modified_date_time'), + name=pulumi.get(__ret__, 'name'), + policy_properties=pulumi.get(__ret__, 'policy_properties'), + rules=pulumi.get(__ret__, 'rules'), + scope=pulumi.get(__ret__, 'scope'), + type=pulumi.get(__ret__, 'type')) +def get_role_management_policy_output(role_management_policy_name: Optional[pulumi.Input[str]] = None, + scope: Optional[pulumi.Input[str]] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRoleManagementPolicyResult]: + """ + Get the specified role management policy for a resource scope + Azure REST API version: 2024-09-01-preview. + + Other available API versions: 2020-10-01, 2020-10-01-preview, 2024-02-01-preview. + + + :param str role_management_policy_name: The name (guid) of the role management policy to get. + :param str scope: The scope of the role management policy. + """ + __args__ = dict() + __args__['roleManagementPolicyName'] = role_management_policy_name + __args__['scope'] = scope + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke_output('azure-native:authorization:getRoleManagementPolicy', __args__, opts=opts, typ=GetRoleManagementPolicyResult) + return __ret__.apply(lambda __response__: GetRoleManagementPolicyResult( + description=pulumi.get(__response__, 'description'), + display_name=pulumi.get(__response__, 'display_name'), + effective_rules=pulumi.get(__response__, 'effective_rules'), + id=pulumi.get(__response__, 'id'), + is_organization_default=pulumi.get(__response__, 'is_organization_default'), + last_modified_by=pulumi.get(__response__, 'last_modified_by'), + last_modified_date_time=pulumi.get(__response__, 'last_modified_date_time'), + name=pulumi.get(__response__, 'name'), + policy_properties=pulumi.get(__response__, 'policy_properties'), + rules=pulumi.get(__response__, 'rules'), + scope=pulumi.get(__response__, 'scope'), + type=pulumi.get(__response__, 'type'))) diff --git a/sdk/python/pulumi_azure_native/authorization/outputs.py b/sdk/python/pulumi_azure_native/authorization/outputs.py index 00113ae80759..f460a134fac7 100644 --- a/sdk/python/pulumi_azure_native/authorization/outputs.py +++ b/sdk/python/pulumi_azure_native/authorization/outputs.py @@ -28,6 +28,7 @@ 'ManagementLockOwnerResponse', 'NonComplianceMessageResponse', 'OverrideResponse', + 'PIMOnlyModeSettingsResponse', 'ParameterDefinitionsValueResponse', 'ParameterDefinitionsValueResponseMetadata', 'ParameterValuesValueResponse', @@ -39,6 +40,8 @@ 'PolicyDefinitionGroupResponse', 'PolicyDefinitionReferenceResponse', 'PolicyDefinitionVersionResponse', + 'PolicyPropertiesResponse', + 'PolicyPropertiesResponseScope', 'PolicySetDefinitionVersionResponse', 'PolicyVariableColumnResponse', 'PolicyVariableValueColumnValueResponse', @@ -51,10 +54,12 @@ 'RoleManagementPolicyEnablementRuleResponse', 'RoleManagementPolicyExpirationRuleResponse', 'RoleManagementPolicyNotificationRuleResponse', + 'RoleManagementPolicyPimOnlyModeRuleResponse', 'RoleManagementPolicyRuleTargetResponse', 'SelectorResponse', 'SystemDataResponse', 'UserSetResponse', + 'UsersOrServicePrincipalSetResponse', ] @pulumi.output_type @@ -1044,6 +1049,70 @@ def value(self) -> Optional[str]: return pulumi.get(self, "value") +@pulumi.output_type +class PIMOnlyModeSettingsResponse(dict): + """ + The PIM Only Mode settings. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "excludedAssignmentTypes": + suggest = "excluded_assignment_types" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in PIMOnlyModeSettingsResponse. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + PIMOnlyModeSettingsResponse.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + PIMOnlyModeSettingsResponse.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + excluded_assignment_types: Optional[Sequence[str]] = None, + excludes: Optional[Sequence['outputs.UsersOrServicePrincipalSetResponse']] = None, + mode: Optional[str] = None): + """ + The PIM Only Mode settings. + :param Sequence[str] excluded_assignment_types: The list of excluded assignment types allowed. + :param Sequence['UsersOrServicePrincipalSetResponse'] excludes: The list of excluded entities that the rule does not apply to. + :param str mode: Determines whether the setting is enabled, disabled or report only. + """ + if excluded_assignment_types is not None: + pulumi.set(__self__, "excluded_assignment_types", excluded_assignment_types) + if excludes is not None: + pulumi.set(__self__, "excludes", excludes) + if mode is not None: + pulumi.set(__self__, "mode", mode) + + @property + @pulumi.getter(name="excludedAssignmentTypes") + def excluded_assignment_types(self) -> Optional[Sequence[str]]: + """ + The list of excluded assignment types allowed. + """ + return pulumi.get(self, "excluded_assignment_types") + + @property + @pulumi.getter + def excludes(self) -> Optional[Sequence['outputs.UsersOrServicePrincipalSetResponse']]: + """ + The list of excluded entities that the rule does not apply to. + """ + return pulumi.get(self, "excludes") + + @property + @pulumi.getter + def mode(self) -> Optional[str]: + """ + Determines whether the setting is enabled, disabled or report only. + """ + return pulumi.get(self, "mode") + + @pulumi.output_type class ParameterDefinitionsValueResponse(dict): """ @@ -1933,6 +2002,92 @@ def version(self) -> Optional[str]: return pulumi.get(self, "version") +@pulumi.output_type +class PolicyPropertiesResponse(dict): + """ + Expanded info of resource scope + """ + def __init__(__self__, *, + scope: 'outputs.PolicyPropertiesResponseScope'): + """ + Expanded info of resource scope + :param 'PolicyPropertiesResponseScope' scope: Details of the resource scope + """ + pulumi.set(__self__, "scope", scope) + + @property + @pulumi.getter + def scope(self) -> 'outputs.PolicyPropertiesResponseScope': + """ + Details of the resource scope + """ + return pulumi.get(self, "scope") + + +@pulumi.output_type +class PolicyPropertiesResponseScope(dict): + """ + Details of the resource scope + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "displayName": + suggest = "display_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in PolicyPropertiesResponseScope. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + PolicyPropertiesResponseScope.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + PolicyPropertiesResponseScope.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + display_name: Optional[str] = None, + id: Optional[str] = None, + type: Optional[str] = None): + """ + Details of the resource scope + :param str display_name: Display name of the resource + :param str id: Scope id of the resource + :param str type: Type of the resource + """ + if display_name is not None: + pulumi.set(__self__, "display_name", display_name) + if id is not None: + pulumi.set(__self__, "id", id) + if type is not None: + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[str]: + """ + Display name of the resource + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter + def id(self) -> Optional[str]: + """ + Scope id of the resource + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter + def type(self) -> Optional[str]: + """ + Type of the resource + """ + return pulumi.get(self, "type") + + @pulumi.output_type class PolicySetDefinitionVersionResponse(dict): """ @@ -2656,6 +2811,8 @@ def __key_warning(key: str): suggest = None if key == "ruleType": suggest = "rule_type" + elif key == "exceptionMembers": + suggest = "exception_members" elif key == "isExpirationRequired": suggest = "is_expiration_required" elif key == "maximumDuration": @@ -2674,6 +2831,7 @@ def get(self, key: str, default = None) -> Any: def __init__(__self__, *, rule_type: str, + exception_members: Optional[Sequence['outputs.UserSetResponse']] = None, id: Optional[str] = None, is_expiration_required: Optional[bool] = None, maximum_duration: Optional[str] = None, @@ -2682,12 +2840,15 @@ def __init__(__self__, *, The role management policy expiration rule. :param str rule_type: The type of rule Expected value is 'RoleManagementPolicyExpirationRule'. + :param Sequence['UserSetResponse'] exception_members: The members not restricted by expiration rule. :param str id: The id of the rule. :param bool is_expiration_required: The value indicating whether expiration is required. :param str maximum_duration: The maximum duration of expiration in timespan. :param 'RoleManagementPolicyRuleTargetResponse' target: The target of the current rule. """ pulumi.set(__self__, "rule_type", 'RoleManagementPolicyExpirationRule') + if exception_members is not None: + pulumi.set(__self__, "exception_members", exception_members) if id is not None: pulumi.set(__self__, "id", id) if is_expiration_required is not None: @@ -2706,6 +2867,14 @@ def rule_type(self) -> str: """ return pulumi.get(self, "rule_type") + @property + @pulumi.getter(name="exceptionMembers") + def exception_members(self) -> Optional[Sequence['outputs.UserSetResponse']]: + """ + The members not restricted by expiration rule. + """ + return pulumi.get(self, "exception_members") + @property @pulumi.getter def id(self) -> Optional[str]: @@ -2874,6 +3043,85 @@ def target(self) -> Optional['outputs.RoleManagementPolicyRuleTargetResponse']: return pulumi.get(self, "target") +@pulumi.output_type +class RoleManagementPolicyPimOnlyModeRuleResponse(dict): + """ + The role management policy PIM only mode rule. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "ruleType": + suggest = "rule_type" + elif key == "pimOnlyModeSettings": + suggest = "pim_only_mode_settings" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in RoleManagementPolicyPimOnlyModeRuleResponse. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + RoleManagementPolicyPimOnlyModeRuleResponse.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + RoleManagementPolicyPimOnlyModeRuleResponse.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + rule_type: str, + id: Optional[str] = None, + pim_only_mode_settings: Optional['outputs.PIMOnlyModeSettingsResponse'] = None, + target: Optional['outputs.RoleManagementPolicyRuleTargetResponse'] = None): + """ + The role management policy PIM only mode rule. + :param str rule_type: The type of rule + Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + :param str id: The id of the rule. + :param 'PIMOnlyModeSettingsResponse' pim_only_mode_settings: The PIM Only Mode settings + :param 'RoleManagementPolicyRuleTargetResponse' target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyPimOnlyModeRule') + if id is not None: + pulumi.set(__self__, "id", id) + if pim_only_mode_settings is not None: + pulumi.set(__self__, "pim_only_mode_settings", pim_only_mode_settings) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> str: + """ + The type of rule + Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + """ + return pulumi.get(self, "rule_type") + + @property + @pulumi.getter + def id(self) -> Optional[str]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter(name="pimOnlyModeSettings") + def pim_only_mode_settings(self) -> Optional['outputs.PIMOnlyModeSettingsResponse']: + """ + The PIM Only Mode settings + """ + return pulumi.get(self, "pim_only_mode_settings") + + @property + @pulumi.getter + def target(self) -> Optional['outputs.RoleManagementPolicyRuleTargetResponse']: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @pulumi.output_type class RoleManagementPolicyRuleTargetResponse(dict): """ @@ -3232,3 +3480,67 @@ def user_type(self) -> Optional[str]: return pulumi.get(self, "user_type") +@pulumi.output_type +class UsersOrServicePrincipalSetResponse(dict): + """ + The detail of a subject. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "displayName": + suggest = "display_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in UsersOrServicePrincipalSetResponse. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + UsersOrServicePrincipalSetResponse.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + UsersOrServicePrincipalSetResponse.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + display_name: Optional[str] = None, + id: Optional[str] = None, + type: Optional[str] = None): + """ + The detail of a subject. + :param str display_name: The display Name of the entity. + :param str id: The object id of the entity. + :param str type: The type of user. + """ + if display_name is not None: + pulumi.set(__self__, "display_name", display_name) + if id is not None: + pulumi.set(__self__, "id", id) + if type is not None: + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[str]: + """ + The display Name of the entity. + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter + def id(self) -> Optional[str]: + """ + The object id of the entity. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter + def type(self) -> Optional[str]: + """ + The type of user. + """ + return pulumi.get(self, "type") + + diff --git a/sdk/python/pulumi_azure_native/authorization/role_management_policy.py b/sdk/python/pulumi_azure_native/authorization/role_management_policy.py new file mode 100644 index 000000000000..c17c3acd4cac --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/role_management_policy.py @@ -0,0 +1,332 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities +from . import outputs +from ._enums import * +from ._inputs import * + +__all__ = ['RoleManagementPolicyArgs', 'RoleManagementPolicy'] + +@pulumi.input_type +class RoleManagementPolicyArgs: + def __init__(__self__, *, + scope: pulumi.Input[str], + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + is_organization_default: Optional[pulumi.Input[bool]] = None, + role_management_policy_name: Optional[pulumi.Input[str]] = None, + rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgs']]]]] = None): + """ + The set of arguments for constructing a RoleManagementPolicy resource. + :param pulumi.Input[str] scope: The role management policy scope. + :param pulumi.Input[str] description: The role management policy description. + :param pulumi.Input[str] display_name: The role management policy display name. + :param pulumi.Input[bool] is_organization_default: The role management policy is default policy. + :param pulumi.Input[str] role_management_policy_name: The name (guid) of the role management policy to upsert. + :param pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgs']]]] rules: The rule applied to the policy. + """ + pulumi.set(__self__, "scope", scope) + if description is not None: + pulumi.set(__self__, "description", description) + if display_name is not None: + pulumi.set(__self__, "display_name", display_name) + if is_organization_default is not None: + pulumi.set(__self__, "is_organization_default", is_organization_default) + if role_management_policy_name is not None: + pulumi.set(__self__, "role_management_policy_name", role_management_policy_name) + if rules is not None: + pulumi.set(__self__, "rules", rules) + + @property + @pulumi.getter + def scope(self) -> pulumi.Input[str]: + """ + The role management policy scope. + """ + return pulumi.get(self, "scope") + + @scope.setter + def scope(self, value: pulumi.Input[str]): + pulumi.set(self, "scope", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + The role management policy description. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[pulumi.Input[str]]: + """ + The role management policy display name. + """ + return pulumi.get(self, "display_name") + + @display_name.setter + def display_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display_name", value) + + @property + @pulumi.getter(name="isOrganizationDefault") + def is_organization_default(self) -> Optional[pulumi.Input[bool]]: + """ + The role management policy is default policy. + """ + return pulumi.get(self, "is_organization_default") + + @is_organization_default.setter + def is_organization_default(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_organization_default", value) + + @property + @pulumi.getter(name="roleManagementPolicyName") + def role_management_policy_name(self) -> Optional[pulumi.Input[str]]: + """ + The name (guid) of the role management policy to upsert. + """ + return pulumi.get(self, "role_management_policy_name") + + @role_management_policy_name.setter + def role_management_policy_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "role_management_policy_name", value) + + @property + @pulumi.getter + def rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgs']]]]]: + """ + The rule applied to the policy. + """ + return pulumi.get(self, "rules") + + @rules.setter + def rules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgs']]]]]): + pulumi.set(self, "rules", value) + + +class RoleManagementPolicy(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + is_organization_default: Optional[pulumi.Input[bool]] = None, + role_management_policy_name: Optional[pulumi.Input[str]] = None, + rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyApprovalRuleArgsDict'], Union['RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgsDict'], Union['RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyEnablementRuleArgsDict'], Union['RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyExpirationRuleArgsDict'], Union['RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyNotificationRuleArgsDict'], Union['RoleManagementPolicyPimOnlyModeRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgsDict']]]]]] = None, + scope: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Role management policy + Azure REST API version: 2024-09-01-preview. + + Other available API versions: 2020-10-01, 2020-10-01-preview, 2024-02-01-preview. + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] description: The role management policy description. + :param pulumi.Input[str] display_name: The role management policy display name. + :param pulumi.Input[bool] is_organization_default: The role management policy is default policy. + :param pulumi.Input[str] role_management_policy_name: The name (guid) of the role management policy to upsert. + :param pulumi.Input[Sequence[pulumi.Input[Union[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyApprovalRuleArgsDict'], Union['RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgsDict'], Union['RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyEnablementRuleArgsDict'], Union['RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyExpirationRuleArgsDict'], Union['RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyNotificationRuleArgsDict'], Union['RoleManagementPolicyPimOnlyModeRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgsDict']]]]] rules: The rule applied to the policy. + :param pulumi.Input[str] scope: The role management policy scope. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: RoleManagementPolicyArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Role management policy + Azure REST API version: 2024-09-01-preview. + + Other available API versions: 2020-10-01, 2020-10-01-preview, 2024-02-01-preview. + + :param str resource_name: The name of the resource. + :param RoleManagementPolicyArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(RoleManagementPolicyArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + is_organization_default: Optional[pulumi.Input[bool]] = None, + role_management_policy_name: Optional[pulumi.Input[str]] = None, + rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyApprovalRuleArgsDict'], Union['RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgsDict'], Union['RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyEnablementRuleArgsDict'], Union['RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyExpirationRuleArgsDict'], Union['RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyNotificationRuleArgsDict'], Union['RoleManagementPolicyPimOnlyModeRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgsDict']]]]]] = None, + scope: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = RoleManagementPolicyArgs.__new__(RoleManagementPolicyArgs) + + __props__.__dict__["description"] = description + __props__.__dict__["display_name"] = display_name + __props__.__dict__["is_organization_default"] = is_organization_default + __props__.__dict__["role_management_policy_name"] = role_management_policy_name + __props__.__dict__["rules"] = rules + if scope is None and not opts.urn: + raise TypeError("Missing required property 'scope'") + __props__.__dict__["scope"] = scope + __props__.__dict__["effective_rules"] = None + __props__.__dict__["last_modified_by"] = None + __props__.__dict__["last_modified_date_time"] = None + __props__.__dict__["name"] = None + __props__.__dict__["policy_properties"] = None + __props__.__dict__["type"] = None + alias_opts = pulumi.ResourceOptions(aliases=[pulumi.Alias(type_="azure-native:authorization/v20201001:RoleManagementPolicy"), pulumi.Alias(type_="azure-native:authorization/v20201001preview:RoleManagementPolicy"), pulumi.Alias(type_="azure-native:authorization/v20240201preview:RoleManagementPolicy"), pulumi.Alias(type_="azure-native:authorization/v20240901preview:RoleManagementPolicy")]) + opts = pulumi.ResourceOptions.merge(opts, alias_opts) + super(RoleManagementPolicy, __self__).__init__( + 'azure-native:authorization:RoleManagementPolicy', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None) -> 'RoleManagementPolicy': + """ + Get an existing RoleManagementPolicy resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = RoleManagementPolicyArgs.__new__(RoleManagementPolicyArgs) + + __props__.__dict__["description"] = None + __props__.__dict__["display_name"] = None + __props__.__dict__["effective_rules"] = None + __props__.__dict__["is_organization_default"] = None + __props__.__dict__["last_modified_by"] = None + __props__.__dict__["last_modified_date_time"] = None + __props__.__dict__["name"] = None + __props__.__dict__["policy_properties"] = None + __props__.__dict__["rules"] = None + __props__.__dict__["scope"] = None + __props__.__dict__["type"] = None + return RoleManagementPolicy(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def description(self) -> pulumi.Output[Optional[str]]: + """ + The role management policy description. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> pulumi.Output[Optional[str]]: + """ + The role management policy display name. + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter(name="effectiveRules") + def effective_rules(self) -> pulumi.Output[Sequence[Any]]: + """ + The readonly computed rule applied to the policy. + """ + return pulumi.get(self, "effective_rules") + + @property + @pulumi.getter(name="isOrganizationDefault") + def is_organization_default(self) -> pulumi.Output[Optional[bool]]: + """ + The role management policy is default policy. + """ + return pulumi.get(self, "is_organization_default") + + @property + @pulumi.getter(name="lastModifiedBy") + def last_modified_by(self) -> pulumi.Output['outputs.PrincipalResponse']: + """ + The name of the entity last modified it + """ + return pulumi.get(self, "last_modified_by") + + @property + @pulumi.getter(name="lastModifiedDateTime") + def last_modified_date_time(self) -> pulumi.Output[str]: + """ + The last modified date time. + """ + return pulumi.get(self, "last_modified_date_time") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + The role management policy name. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="policyProperties") + def policy_properties(self) -> pulumi.Output['outputs.PolicyPropertiesResponse']: + """ + Additional properties of scope + """ + return pulumi.get(self, "policy_properties") + + @property + @pulumi.getter + def rules(self) -> pulumi.Output[Optional[Sequence[Any]]]: + """ + The rule applied to the policy. + """ + return pulumi.get(self, "rules") + + @property + @pulumi.getter + def scope(self) -> pulumi.Output[Optional[str]]: + """ + The role management policy scope. + """ + return pulumi.get(self, "scope") + + @property + @pulumi.getter + def type(self) -> pulumi.Output[str]: + """ + The role management policy type. + """ + return pulumi.get(self, "type") + diff --git a/sdk/python/pulumi_azure_native/authorization/v20201001/__init__.py b/sdk/python/pulumi_azure_native/authorization/v20201001/__init__.py index 764078306785..c9d9f0f2f5ee 100644 --- a/sdk/python/pulumi_azure_native/authorization/v20201001/__init__.py +++ b/sdk/python/pulumi_azure_native/authorization/v20201001/__init__.py @@ -5,6 +5,10 @@ from ... import _utilities import typing # Export this package's modules as members: +from ._enums import * +from .get_role_management_policy import * from .get_role_management_policy_assignment import * +from .role_management_policy import * from .role_management_policy_assignment import * +from ._inputs import * from . import outputs diff --git a/sdk/python/pulumi_azure_native/authorization/v20201001/_enums.py b/sdk/python/pulumi_azure_native/authorization/v20201001/_enums.py new file mode 100644 index 000000000000..2b41faf3d574 --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/v20201001/_enums.py @@ -0,0 +1,78 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +from enum import Enum + +__all__ = [ + 'ApprovalMode', + 'EnablementRules', + 'NotificationDeliveryMechanism', + 'NotificationLevel', + 'RecipientType', + 'RoleManagementPolicyRuleType', + 'UserType', +] + + +class ApprovalMode(str, Enum): + """ + The type of rule + """ + SINGLE_STAGE = "SingleStage" + SERIAL = "Serial" + PARALLEL = "Parallel" + NO_APPROVAL = "NoApproval" + + +class EnablementRules(str, Enum): + """ + The type of enablement rule + """ + MULTI_FACTOR_AUTHENTICATION = "MultiFactorAuthentication" + JUSTIFICATION = "Justification" + TICKETING = "Ticketing" + + +class NotificationDeliveryMechanism(str, Enum): + """ + The type of notification. + """ + EMAIL = "Email" + + +class NotificationLevel(str, Enum): + """ + The notification level. + """ + NONE = "None" + CRITICAL = "Critical" + ALL = "All" + + +class RecipientType(str, Enum): + """ + The recipient type. + """ + REQUESTOR = "Requestor" + APPROVER = "Approver" + ADMIN = "Admin" + + +class RoleManagementPolicyRuleType(str, Enum): + """ + The type of rule + """ + ROLE_MANAGEMENT_POLICY_APPROVAL_RULE = "RoleManagementPolicyApprovalRule" + ROLE_MANAGEMENT_POLICY_AUTHENTICATION_CONTEXT_RULE = "RoleManagementPolicyAuthenticationContextRule" + ROLE_MANAGEMENT_POLICY_ENABLEMENT_RULE = "RoleManagementPolicyEnablementRule" + ROLE_MANAGEMENT_POLICY_EXPIRATION_RULE = "RoleManagementPolicyExpirationRule" + ROLE_MANAGEMENT_POLICY_NOTIFICATION_RULE = "RoleManagementPolicyNotificationRule" + + +class UserType(str, Enum): + """ + The type of user. + """ + USER = "User" + GROUP = "Group" diff --git a/sdk/python/pulumi_azure_native/authorization/v20201001/_inputs.py b/sdk/python/pulumi_azure_native/authorization/v20201001/_inputs.py new file mode 100644 index 000000000000..b1326bc99d5e --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/v20201001/_inputs.py @@ -0,0 +1,1134 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from ... import _utilities +from ._enums import * + +__all__ = [ + 'ApprovalSettingsArgs', + 'ApprovalSettingsArgsDict', + 'ApprovalStageArgs', + 'ApprovalStageArgsDict', + 'RoleManagementPolicyApprovalRuleArgs', + 'RoleManagementPolicyApprovalRuleArgsDict', + 'RoleManagementPolicyAuthenticationContextRuleArgs', + 'RoleManagementPolicyAuthenticationContextRuleArgsDict', + 'RoleManagementPolicyEnablementRuleArgs', + 'RoleManagementPolicyEnablementRuleArgsDict', + 'RoleManagementPolicyExpirationRuleArgs', + 'RoleManagementPolicyExpirationRuleArgsDict', + 'RoleManagementPolicyNotificationRuleArgs', + 'RoleManagementPolicyNotificationRuleArgsDict', + 'RoleManagementPolicyRuleTargetArgs', + 'RoleManagementPolicyRuleTargetArgsDict', + 'UserSetArgs', + 'UserSetArgsDict', +] + +MYPY = False + +if not MYPY: + class ApprovalSettingsArgsDict(TypedDict): + """ + The approval settings. + """ + approval_mode: NotRequired[pulumi.Input[Union[str, 'ApprovalMode']]] + """ + The type of rule + """ + approval_stages: NotRequired[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgsDict']]]] + """ + The approval stages of the request. + """ + is_approval_required: NotRequired[pulumi.Input[bool]] + """ + Determines whether approval is required or not. + """ + is_approval_required_for_extension: NotRequired[pulumi.Input[bool]] + """ + Determines whether approval is required for assignment extension. + """ + is_requestor_justification_required: NotRequired[pulumi.Input[bool]] + """ + Determine whether requestor justification is required. + """ +elif False: + ApprovalSettingsArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ApprovalSettingsArgs: + def __init__(__self__, *, + approval_mode: Optional[pulumi.Input[Union[str, 'ApprovalMode']]] = None, + approval_stages: Optional[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]]] = None, + is_approval_required: Optional[pulumi.Input[bool]] = None, + is_approval_required_for_extension: Optional[pulumi.Input[bool]] = None, + is_requestor_justification_required: Optional[pulumi.Input[bool]] = None): + """ + The approval settings. + :param pulumi.Input[Union[str, 'ApprovalMode']] approval_mode: The type of rule + :param pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]] approval_stages: The approval stages of the request. + :param pulumi.Input[bool] is_approval_required: Determines whether approval is required or not. + :param pulumi.Input[bool] is_approval_required_for_extension: Determines whether approval is required for assignment extension. + :param pulumi.Input[bool] is_requestor_justification_required: Determine whether requestor justification is required. + """ + if approval_mode is not None: + pulumi.set(__self__, "approval_mode", approval_mode) + if approval_stages is not None: + pulumi.set(__self__, "approval_stages", approval_stages) + if is_approval_required is not None: + pulumi.set(__self__, "is_approval_required", is_approval_required) + if is_approval_required_for_extension is not None: + pulumi.set(__self__, "is_approval_required_for_extension", is_approval_required_for_extension) + if is_requestor_justification_required is not None: + pulumi.set(__self__, "is_requestor_justification_required", is_requestor_justification_required) + + @property + @pulumi.getter(name="approvalMode") + def approval_mode(self) -> Optional[pulumi.Input[Union[str, 'ApprovalMode']]]: + """ + The type of rule + """ + return pulumi.get(self, "approval_mode") + + @approval_mode.setter + def approval_mode(self, value: Optional[pulumi.Input[Union[str, 'ApprovalMode']]]): + pulumi.set(self, "approval_mode", value) + + @property + @pulumi.getter(name="approvalStages") + def approval_stages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]]]: + """ + The approval stages of the request. + """ + return pulumi.get(self, "approval_stages") + + @approval_stages.setter + def approval_stages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]]]): + pulumi.set(self, "approval_stages", value) + + @property + @pulumi.getter(name="isApprovalRequired") + def is_approval_required(self) -> Optional[pulumi.Input[bool]]: + """ + Determines whether approval is required or not. + """ + return pulumi.get(self, "is_approval_required") + + @is_approval_required.setter + def is_approval_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_approval_required", value) + + @property + @pulumi.getter(name="isApprovalRequiredForExtension") + def is_approval_required_for_extension(self) -> Optional[pulumi.Input[bool]]: + """ + Determines whether approval is required for assignment extension. + """ + return pulumi.get(self, "is_approval_required_for_extension") + + @is_approval_required_for_extension.setter + def is_approval_required_for_extension(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_approval_required_for_extension", value) + + @property + @pulumi.getter(name="isRequestorJustificationRequired") + def is_requestor_justification_required(self) -> Optional[pulumi.Input[bool]]: + """ + Determine whether requestor justification is required. + """ + return pulumi.get(self, "is_requestor_justification_required") + + @is_requestor_justification_required.setter + def is_requestor_justification_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_requestor_justification_required", value) + + +if not MYPY: + class ApprovalStageArgsDict(TypedDict): + """ + The approval stage. + """ + approval_stage_time_out_in_days: NotRequired[pulumi.Input[int]] + """ + The time in days when approval request would be timed out + """ + escalation_approvers: NotRequired[pulumi.Input[Sequence[pulumi.Input['UserSetArgsDict']]]] + """ + The escalation approver of the request. + """ + escalation_time_in_minutes: NotRequired[pulumi.Input[int]] + """ + The time in minutes when the approval request would be escalated if the primary approver does not approve + """ + is_approver_justification_required: NotRequired[pulumi.Input[bool]] + """ + Determines whether approver need to provide justification for his decision. + """ + is_escalation_enabled: NotRequired[pulumi.Input[bool]] + """ + The value determine whether escalation feature is enabled. + """ + primary_approvers: NotRequired[pulumi.Input[Sequence[pulumi.Input['UserSetArgsDict']]]] + """ + The primary approver of the request. + """ +elif False: + ApprovalStageArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ApprovalStageArgs: + def __init__(__self__, *, + approval_stage_time_out_in_days: Optional[pulumi.Input[int]] = None, + escalation_approvers: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]] = None, + escalation_time_in_minutes: Optional[pulumi.Input[int]] = None, + is_approver_justification_required: Optional[pulumi.Input[bool]] = None, + is_escalation_enabled: Optional[pulumi.Input[bool]] = None, + primary_approvers: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]] = None): + """ + The approval stage. + :param pulumi.Input[int] approval_stage_time_out_in_days: The time in days when approval request would be timed out + :param pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]] escalation_approvers: The escalation approver of the request. + :param pulumi.Input[int] escalation_time_in_minutes: The time in minutes when the approval request would be escalated if the primary approver does not approve + :param pulumi.Input[bool] is_approver_justification_required: Determines whether approver need to provide justification for his decision. + :param pulumi.Input[bool] is_escalation_enabled: The value determine whether escalation feature is enabled. + :param pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]] primary_approvers: The primary approver of the request. + """ + if approval_stage_time_out_in_days is not None: + pulumi.set(__self__, "approval_stage_time_out_in_days", approval_stage_time_out_in_days) + if escalation_approvers is not None: + pulumi.set(__self__, "escalation_approvers", escalation_approvers) + if escalation_time_in_minutes is not None: + pulumi.set(__self__, "escalation_time_in_minutes", escalation_time_in_minutes) + if is_approver_justification_required is not None: + pulumi.set(__self__, "is_approver_justification_required", is_approver_justification_required) + if is_escalation_enabled is not None: + pulumi.set(__self__, "is_escalation_enabled", is_escalation_enabled) + if primary_approvers is not None: + pulumi.set(__self__, "primary_approvers", primary_approvers) + + @property + @pulumi.getter(name="approvalStageTimeOutInDays") + def approval_stage_time_out_in_days(self) -> Optional[pulumi.Input[int]]: + """ + The time in days when approval request would be timed out + """ + return pulumi.get(self, "approval_stage_time_out_in_days") + + @approval_stage_time_out_in_days.setter + def approval_stage_time_out_in_days(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "approval_stage_time_out_in_days", value) + + @property + @pulumi.getter(name="escalationApprovers") + def escalation_approvers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]: + """ + The escalation approver of the request. + """ + return pulumi.get(self, "escalation_approvers") + + @escalation_approvers.setter + def escalation_approvers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]): + pulumi.set(self, "escalation_approvers", value) + + @property + @pulumi.getter(name="escalationTimeInMinutes") + def escalation_time_in_minutes(self) -> Optional[pulumi.Input[int]]: + """ + The time in minutes when the approval request would be escalated if the primary approver does not approve + """ + return pulumi.get(self, "escalation_time_in_minutes") + + @escalation_time_in_minutes.setter + def escalation_time_in_minutes(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "escalation_time_in_minutes", value) + + @property + @pulumi.getter(name="isApproverJustificationRequired") + def is_approver_justification_required(self) -> Optional[pulumi.Input[bool]]: + """ + Determines whether approver need to provide justification for his decision. + """ + return pulumi.get(self, "is_approver_justification_required") + + @is_approver_justification_required.setter + def is_approver_justification_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_approver_justification_required", value) + + @property + @pulumi.getter(name="isEscalationEnabled") + def is_escalation_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + The value determine whether escalation feature is enabled. + """ + return pulumi.get(self, "is_escalation_enabled") + + @is_escalation_enabled.setter + def is_escalation_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_escalation_enabled", value) + + @property + @pulumi.getter(name="primaryApprovers") + def primary_approvers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]: + """ + The primary approver of the request. + """ + return pulumi.get(self, "primary_approvers") + + @primary_approvers.setter + def primary_approvers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]): + pulumi.set(self, "primary_approvers", value) + + +if not MYPY: + class RoleManagementPolicyApprovalRuleArgsDict(TypedDict): + """ + The role management policy approval rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + setting: NotRequired[pulumi.Input['ApprovalSettingsArgsDict']] + """ + The approval setting + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyApprovalRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyApprovalRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + id: Optional[pulumi.Input[str]] = None, + setting: Optional[pulumi.Input['ApprovalSettingsArgs']] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy approval rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input['ApprovalSettingsArgs'] setting: The approval setting + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyApprovalRule') + if id is not None: + pulumi.set(__self__, "id", id) + if setting is not None: + pulumi.set(__self__, "setting", setting) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter + def setting(self) -> Optional[pulumi.Input['ApprovalSettingsArgs']]: + """ + The approval setting + """ + return pulumi.get(self, "setting") + + @setting.setter + def setting(self, value: Optional[pulumi.Input['ApprovalSettingsArgs']]): + pulumi.set(self, "setting", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyAuthenticationContextRuleArgsDict(TypedDict): + """ + The role management policy authentication context rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + """ + claim_value: NotRequired[pulumi.Input[str]] + """ + The claim value. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + is_enabled: NotRequired[pulumi.Input[bool]] + """ + The value indicating if rule is enabled. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyAuthenticationContextRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyAuthenticationContextRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + claim_value: Optional[pulumi.Input[str]] = None, + id: Optional[pulumi.Input[str]] = None, + is_enabled: Optional[pulumi.Input[bool]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy authentication context rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + :param pulumi.Input[str] claim_value: The claim value. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input[bool] is_enabled: The value indicating if rule is enabled. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyAuthenticationContextRule') + if claim_value is not None: + pulumi.set(__self__, "claim_value", claim_value) + if id is not None: + pulumi.set(__self__, "id", id) + if is_enabled is not None: + pulumi.set(__self__, "is_enabled", is_enabled) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter(name="claimValue") + def claim_value(self) -> Optional[pulumi.Input[str]]: + """ + The claim value. + """ + return pulumi.get(self, "claim_value") + + @claim_value.setter + def claim_value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "claim_value", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isEnabled") + def is_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + The value indicating if rule is enabled. + """ + return pulumi.get(self, "is_enabled") + + @is_enabled.setter + def is_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_enabled", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyEnablementRuleArgsDict(TypedDict): + """ + The role management policy enablement rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + """ + enabled_rules: NotRequired[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]] + """ + The list of enabled rules. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyEnablementRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyEnablementRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + enabled_rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]] = None, + id: Optional[pulumi.Input[str]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy enablement rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + :param pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]] enabled_rules: The list of enabled rules. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyEnablementRule') + if enabled_rules is not None: + pulumi.set(__self__, "enabled_rules", enabled_rules) + if id is not None: + pulumi.set(__self__, "id", id) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter(name="enabledRules") + def enabled_rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]]: + """ + The list of enabled rules. + """ + return pulumi.get(self, "enabled_rules") + + @enabled_rules.setter + def enabled_rules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]]): + pulumi.set(self, "enabled_rules", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyExpirationRuleArgsDict(TypedDict): + """ + The role management policy expiration rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + is_expiration_required: NotRequired[pulumi.Input[bool]] + """ + The value indicating whether expiration is required. + """ + maximum_duration: NotRequired[pulumi.Input[str]] + """ + The maximum duration of expiration in timespan. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyExpirationRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyExpirationRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + id: Optional[pulumi.Input[str]] = None, + is_expiration_required: Optional[pulumi.Input[bool]] = None, + maximum_duration: Optional[pulumi.Input[str]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy expiration rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input[bool] is_expiration_required: The value indicating whether expiration is required. + :param pulumi.Input[str] maximum_duration: The maximum duration of expiration in timespan. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyExpirationRule') + if id is not None: + pulumi.set(__self__, "id", id) + if is_expiration_required is not None: + pulumi.set(__self__, "is_expiration_required", is_expiration_required) + if maximum_duration is not None: + pulumi.set(__self__, "maximum_duration", maximum_duration) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isExpirationRequired") + def is_expiration_required(self) -> Optional[pulumi.Input[bool]]: + """ + The value indicating whether expiration is required. + """ + return pulumi.get(self, "is_expiration_required") + + @is_expiration_required.setter + def is_expiration_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_expiration_required", value) + + @property + @pulumi.getter(name="maximumDuration") + def maximum_duration(self) -> Optional[pulumi.Input[str]]: + """ + The maximum duration of expiration in timespan. + """ + return pulumi.get(self, "maximum_duration") + + @maximum_duration.setter + def maximum_duration(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "maximum_duration", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyNotificationRuleArgsDict(TypedDict): + """ + The role management policy notification rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + is_default_recipients_enabled: NotRequired[pulumi.Input[bool]] + """ + Determines if the notification will be sent to the recipient type specified in the policy rule. + """ + notification_level: NotRequired[pulumi.Input[Union[str, 'NotificationLevel']]] + """ + The notification level. + """ + notification_recipients: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of notification recipients. + """ + notification_type: NotRequired[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]] + """ + The type of notification. + """ + recipient_type: NotRequired[pulumi.Input[Union[str, 'RecipientType']]] + """ + The recipient type. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyNotificationRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyNotificationRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + id: Optional[pulumi.Input[str]] = None, + is_default_recipients_enabled: Optional[pulumi.Input[bool]] = None, + notification_level: Optional[pulumi.Input[Union[str, 'NotificationLevel']]] = None, + notification_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + notification_type: Optional[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]] = None, + recipient_type: Optional[pulumi.Input[Union[str, 'RecipientType']]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy notification rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input[bool] is_default_recipients_enabled: Determines if the notification will be sent to the recipient type specified in the policy rule. + :param pulumi.Input[Union[str, 'NotificationLevel']] notification_level: The notification level. + :param pulumi.Input[Sequence[pulumi.Input[str]]] notification_recipients: The list of notification recipients. + :param pulumi.Input[Union[str, 'NotificationDeliveryMechanism']] notification_type: The type of notification. + :param pulumi.Input[Union[str, 'RecipientType']] recipient_type: The recipient type. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyNotificationRule') + if id is not None: + pulumi.set(__self__, "id", id) + if is_default_recipients_enabled is not None: + pulumi.set(__self__, "is_default_recipients_enabled", is_default_recipients_enabled) + if notification_level is not None: + pulumi.set(__self__, "notification_level", notification_level) + if notification_recipients is not None: + pulumi.set(__self__, "notification_recipients", notification_recipients) + if notification_type is not None: + pulumi.set(__self__, "notification_type", notification_type) + if recipient_type is not None: + pulumi.set(__self__, "recipient_type", recipient_type) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isDefaultRecipientsEnabled") + def is_default_recipients_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Determines if the notification will be sent to the recipient type specified in the policy rule. + """ + return pulumi.get(self, "is_default_recipients_enabled") + + @is_default_recipients_enabled.setter + def is_default_recipients_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_default_recipients_enabled", value) + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> Optional[pulumi.Input[Union[str, 'NotificationLevel']]]: + """ + The notification level. + """ + return pulumi.get(self, "notification_level") + + @notification_level.setter + def notification_level(self, value: Optional[pulumi.Input[Union[str, 'NotificationLevel']]]): + pulumi.set(self, "notification_level", value) + + @property + @pulumi.getter(name="notificationRecipients") + def notification_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of notification recipients. + """ + return pulumi.get(self, "notification_recipients") + + @notification_recipients.setter + def notification_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "notification_recipients", value) + + @property + @pulumi.getter(name="notificationType") + def notification_type(self) -> Optional[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]]: + """ + The type of notification. + """ + return pulumi.get(self, "notification_type") + + @notification_type.setter + def notification_type(self, value: Optional[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]]): + pulumi.set(self, "notification_type", value) + + @property + @pulumi.getter(name="recipientType") + def recipient_type(self) -> Optional[pulumi.Input[Union[str, 'RecipientType']]]: + """ + The recipient type. + """ + return pulumi.get(self, "recipient_type") + + @recipient_type.setter + def recipient_type(self, value: Optional[pulumi.Input[Union[str, 'RecipientType']]]): + pulumi.set(self, "recipient_type", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyRuleTargetArgsDict(TypedDict): + """ + The role management policy rule target. + """ + caller: NotRequired[pulumi.Input[str]] + """ + The caller of the setting. + """ + enforced_settings: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of enforced settings. + """ + inheritable_settings: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of inheritable settings. + """ + level: NotRequired[pulumi.Input[str]] + """ + The assignment level to which rule is applied. + """ + operations: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The type of operation. + """ + target_objects: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of target objects. + """ +elif False: + RoleManagementPolicyRuleTargetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyRuleTargetArgs: + def __init__(__self__, *, + caller: Optional[pulumi.Input[str]] = None, + enforced_settings: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + inheritable_settings: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + level: Optional[pulumi.Input[str]] = None, + operations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + target_objects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + The role management policy rule target. + :param pulumi.Input[str] caller: The caller of the setting. + :param pulumi.Input[Sequence[pulumi.Input[str]]] enforced_settings: The list of enforced settings. + :param pulumi.Input[Sequence[pulumi.Input[str]]] inheritable_settings: The list of inheritable settings. + :param pulumi.Input[str] level: The assignment level to which rule is applied. + :param pulumi.Input[Sequence[pulumi.Input[str]]] operations: The type of operation. + :param pulumi.Input[Sequence[pulumi.Input[str]]] target_objects: The list of target objects. + """ + if caller is not None: + pulumi.set(__self__, "caller", caller) + if enforced_settings is not None: + pulumi.set(__self__, "enforced_settings", enforced_settings) + if inheritable_settings is not None: + pulumi.set(__self__, "inheritable_settings", inheritable_settings) + if level is not None: + pulumi.set(__self__, "level", level) + if operations is not None: + pulumi.set(__self__, "operations", operations) + if target_objects is not None: + pulumi.set(__self__, "target_objects", target_objects) + + @property + @pulumi.getter + def caller(self) -> Optional[pulumi.Input[str]]: + """ + The caller of the setting. + """ + return pulumi.get(self, "caller") + + @caller.setter + def caller(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "caller", value) + + @property + @pulumi.getter(name="enforcedSettings") + def enforced_settings(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of enforced settings. + """ + return pulumi.get(self, "enforced_settings") + + @enforced_settings.setter + def enforced_settings(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "enforced_settings", value) + + @property + @pulumi.getter(name="inheritableSettings") + def inheritable_settings(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of inheritable settings. + """ + return pulumi.get(self, "inheritable_settings") + + @inheritable_settings.setter + def inheritable_settings(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "inheritable_settings", value) + + @property + @pulumi.getter + def level(self) -> Optional[pulumi.Input[str]]: + """ + The assignment level to which rule is applied. + """ + return pulumi.get(self, "level") + + @level.setter + def level(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "level", value) + + @property + @pulumi.getter + def operations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The type of operation. + """ + return pulumi.get(self, "operations") + + @operations.setter + def operations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "operations", value) + + @property + @pulumi.getter(name="targetObjects") + def target_objects(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of target objects. + """ + return pulumi.get(self, "target_objects") + + @target_objects.setter + def target_objects(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "target_objects", value) + + +if not MYPY: + class UserSetArgsDict(TypedDict): + """ + The detail of a user. + """ + description: NotRequired[pulumi.Input[str]] + """ + The description of the user. + """ + id: NotRequired[pulumi.Input[str]] + """ + The object id of the user. + """ + is_backup: NotRequired[pulumi.Input[bool]] + """ + The value indicating whether the user is a backup fallback approver + """ + user_type: NotRequired[pulumi.Input[Union[str, 'UserType']]] + """ + The type of user. + """ +elif False: + UserSetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class UserSetArgs: + def __init__(__self__, *, + description: Optional[pulumi.Input[str]] = None, + id: Optional[pulumi.Input[str]] = None, + is_backup: Optional[pulumi.Input[bool]] = None, + user_type: Optional[pulumi.Input[Union[str, 'UserType']]] = None): + """ + The detail of a user. + :param pulumi.Input[str] description: The description of the user. + :param pulumi.Input[str] id: The object id of the user. + :param pulumi.Input[bool] is_backup: The value indicating whether the user is a backup fallback approver + :param pulumi.Input[Union[str, 'UserType']] user_type: The type of user. + """ + if description is not None: + pulumi.set(__self__, "description", description) + if id is not None: + pulumi.set(__self__, "id", id) + if is_backup is not None: + pulumi.set(__self__, "is_backup", is_backup) + if user_type is not None: + pulumi.set(__self__, "user_type", user_type) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + The description of the user. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The object id of the user. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isBackup") + def is_backup(self) -> Optional[pulumi.Input[bool]]: + """ + The value indicating whether the user is a backup fallback approver + """ + return pulumi.get(self, "is_backup") + + @is_backup.setter + def is_backup(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_backup", value) + + @property + @pulumi.getter(name="userType") + def user_type(self) -> Optional[pulumi.Input[Union[str, 'UserType']]]: + """ + The type of user. + """ + return pulumi.get(self, "user_type") + + @user_type.setter + def user_type(self, value: Optional[pulumi.Input[Union[str, 'UserType']]]): + pulumi.set(self, "user_type", value) + + diff --git a/sdk/python/pulumi_azure_native/authorization/v20201001/get_role_management_policy.py b/sdk/python/pulumi_azure_native/authorization/v20201001/get_role_management_policy.py new file mode 100644 index 000000000000..e6ba5f7d5beb --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/v20201001/get_role_management_policy.py @@ -0,0 +1,241 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from ... import _utilities +from . import outputs + +__all__ = [ + 'GetRoleManagementPolicyResult', + 'AwaitableGetRoleManagementPolicyResult', + 'get_role_management_policy', + 'get_role_management_policy_output', +] + +@pulumi.output_type +class GetRoleManagementPolicyResult: + """ + Role management policy + """ + def __init__(__self__, description=None, display_name=None, effective_rules=None, id=None, is_organization_default=None, last_modified_by=None, last_modified_date_time=None, name=None, policy_properties=None, rules=None, scope=None, type=None): + if description and not isinstance(description, str): + raise TypeError("Expected argument 'description' to be a str") + pulumi.set(__self__, "description", description) + if display_name and not isinstance(display_name, str): + raise TypeError("Expected argument 'display_name' to be a str") + pulumi.set(__self__, "display_name", display_name) + if effective_rules and not isinstance(effective_rules, list): + raise TypeError("Expected argument 'effective_rules' to be a list") + pulumi.set(__self__, "effective_rules", effective_rules) + if id and not isinstance(id, str): + raise TypeError("Expected argument 'id' to be a str") + pulumi.set(__self__, "id", id) + if is_organization_default and not isinstance(is_organization_default, bool): + raise TypeError("Expected argument 'is_organization_default' to be a bool") + pulumi.set(__self__, "is_organization_default", is_organization_default) + if last_modified_by and not isinstance(last_modified_by, dict): + raise TypeError("Expected argument 'last_modified_by' to be a dict") + pulumi.set(__self__, "last_modified_by", last_modified_by) + if last_modified_date_time and not isinstance(last_modified_date_time, str): + raise TypeError("Expected argument 'last_modified_date_time' to be a str") + pulumi.set(__self__, "last_modified_date_time", last_modified_date_time) + if name and not isinstance(name, str): + raise TypeError("Expected argument 'name' to be a str") + pulumi.set(__self__, "name", name) + if policy_properties and not isinstance(policy_properties, dict): + raise TypeError("Expected argument 'policy_properties' to be a dict") + pulumi.set(__self__, "policy_properties", policy_properties) + if rules and not isinstance(rules, list): + raise TypeError("Expected argument 'rules' to be a list") + pulumi.set(__self__, "rules", rules) + if scope and not isinstance(scope, str): + raise TypeError("Expected argument 'scope' to be a str") + pulumi.set(__self__, "scope", scope) + if type and not isinstance(type, str): + raise TypeError("Expected argument 'type' to be a str") + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter + def description(self) -> Optional[str]: + """ + The role management policy description. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[str]: + """ + The role management policy display name. + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter(name="effectiveRules") + def effective_rules(self) -> Sequence[Any]: + """ + The readonly computed rule applied to the policy. + """ + return pulumi.get(self, "effective_rules") + + @property + @pulumi.getter + def id(self) -> str: + """ + The role management policy Id. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter(name="isOrganizationDefault") + def is_organization_default(self) -> Optional[bool]: + """ + The role management policy is default policy. + """ + return pulumi.get(self, "is_organization_default") + + @property + @pulumi.getter(name="lastModifiedBy") + def last_modified_by(self) -> 'outputs.PrincipalResponse': + """ + The name of the entity last modified it + """ + return pulumi.get(self, "last_modified_by") + + @property + @pulumi.getter(name="lastModifiedDateTime") + def last_modified_date_time(self) -> str: + """ + The last modified date time. + """ + return pulumi.get(self, "last_modified_date_time") + + @property + @pulumi.getter + def name(self) -> str: + """ + The role management policy name. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="policyProperties") + def policy_properties(self) -> 'outputs.PolicyPropertiesResponse': + """ + Additional properties of scope + """ + return pulumi.get(self, "policy_properties") + + @property + @pulumi.getter + def rules(self) -> Optional[Sequence[Any]]: + """ + The rule applied to the policy. + """ + return pulumi.get(self, "rules") + + @property + @pulumi.getter + def scope(self) -> Optional[str]: + """ + The role management policy scope. + """ + return pulumi.get(self, "scope") + + @property + @pulumi.getter + def type(self) -> str: + """ + The role management policy type. + """ + return pulumi.get(self, "type") + + +class AwaitableGetRoleManagementPolicyResult(GetRoleManagementPolicyResult): + # pylint: disable=using-constant-test + def __await__(self): + if False: + yield self + return GetRoleManagementPolicyResult( + description=self.description, + display_name=self.display_name, + effective_rules=self.effective_rules, + id=self.id, + is_organization_default=self.is_organization_default, + last_modified_by=self.last_modified_by, + last_modified_date_time=self.last_modified_date_time, + name=self.name, + policy_properties=self.policy_properties, + rules=self.rules, + scope=self.scope, + type=self.type) + + +def get_role_management_policy(role_management_policy_name: Optional[str] = None, + scope: Optional[str] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetRoleManagementPolicyResult: + """ + Get the specified role management policy for a resource scope + + + :param str role_management_policy_name: The name (guid) of the role management policy to get. + :param str scope: The scope of the role management policy. + """ + __args__ = dict() + __args__['roleManagementPolicyName'] = role_management_policy_name + __args__['scope'] = scope + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke('azure-native:authorization/v20201001:getRoleManagementPolicy', __args__, opts=opts, typ=GetRoleManagementPolicyResult).value + + return AwaitableGetRoleManagementPolicyResult( + description=pulumi.get(__ret__, 'description'), + display_name=pulumi.get(__ret__, 'display_name'), + effective_rules=pulumi.get(__ret__, 'effective_rules'), + id=pulumi.get(__ret__, 'id'), + is_organization_default=pulumi.get(__ret__, 'is_organization_default'), + last_modified_by=pulumi.get(__ret__, 'last_modified_by'), + last_modified_date_time=pulumi.get(__ret__, 'last_modified_date_time'), + name=pulumi.get(__ret__, 'name'), + policy_properties=pulumi.get(__ret__, 'policy_properties'), + rules=pulumi.get(__ret__, 'rules'), + scope=pulumi.get(__ret__, 'scope'), + type=pulumi.get(__ret__, 'type')) +def get_role_management_policy_output(role_management_policy_name: Optional[pulumi.Input[str]] = None, + scope: Optional[pulumi.Input[str]] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRoleManagementPolicyResult]: + """ + Get the specified role management policy for a resource scope + + + :param str role_management_policy_name: The name (guid) of the role management policy to get. + :param str scope: The scope of the role management policy. + """ + __args__ = dict() + __args__['roleManagementPolicyName'] = role_management_policy_name + __args__['scope'] = scope + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke_output('azure-native:authorization/v20201001:getRoleManagementPolicy', __args__, opts=opts, typ=GetRoleManagementPolicyResult) + return __ret__.apply(lambda __response__: GetRoleManagementPolicyResult( + description=pulumi.get(__response__, 'description'), + display_name=pulumi.get(__response__, 'display_name'), + effective_rules=pulumi.get(__response__, 'effective_rules'), + id=pulumi.get(__response__, 'id'), + is_organization_default=pulumi.get(__response__, 'is_organization_default'), + last_modified_by=pulumi.get(__response__, 'last_modified_by'), + last_modified_date_time=pulumi.get(__response__, 'last_modified_date_time'), + name=pulumi.get(__response__, 'name'), + policy_properties=pulumi.get(__response__, 'policy_properties'), + rules=pulumi.get(__response__, 'rules'), + scope=pulumi.get(__response__, 'scope'), + type=pulumi.get(__response__, 'type'))) diff --git a/sdk/python/pulumi_azure_native/authorization/v20201001/outputs.py b/sdk/python/pulumi_azure_native/authorization/v20201001/outputs.py index 7ee606fa4da0..3467c8d25ae4 100644 --- a/sdk/python/pulumi_azure_native/authorization/v20201001/outputs.py +++ b/sdk/python/pulumi_azure_native/authorization/v20201001/outputs.py @@ -14,6 +14,7 @@ from typing_extensions import NotRequired, TypedDict, TypeAlias from ... import _utilities from . import outputs +from ._enums import * __all__ = [ 'ApprovalSettingsResponse', @@ -22,6 +23,8 @@ 'PolicyAssignmentPropertiesResponsePolicy', 'PolicyAssignmentPropertiesResponseRoleDefinition', 'PolicyAssignmentPropertiesResponseScope', + 'PolicyPropertiesResponse', + 'PolicyPropertiesResponseScope', 'PrincipalResponse', 'RoleManagementPolicyApprovalRuleResponse', 'RoleManagementPolicyAuthenticationContextRuleResponse', @@ -495,6 +498,92 @@ def type(self) -> Optional[str]: return pulumi.get(self, "type") +@pulumi.output_type +class PolicyPropertiesResponse(dict): + """ + Expanded info of resource scope + """ + def __init__(__self__, *, + scope: 'outputs.PolicyPropertiesResponseScope'): + """ + Expanded info of resource scope + :param 'PolicyPropertiesResponseScope' scope: Details of the resource scope + """ + pulumi.set(__self__, "scope", scope) + + @property + @pulumi.getter + def scope(self) -> 'outputs.PolicyPropertiesResponseScope': + """ + Details of the resource scope + """ + return pulumi.get(self, "scope") + + +@pulumi.output_type +class PolicyPropertiesResponseScope(dict): + """ + Details of the resource scope + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "displayName": + suggest = "display_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in PolicyPropertiesResponseScope. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + PolicyPropertiesResponseScope.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + PolicyPropertiesResponseScope.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + display_name: Optional[str] = None, + id: Optional[str] = None, + type: Optional[str] = None): + """ + Details of the resource scope + :param str display_name: Display name of the resource + :param str id: Scope id of the resource + :param str type: Type of the resource + """ + if display_name is not None: + pulumi.set(__self__, "display_name", display_name) + if id is not None: + pulumi.set(__self__, "id", id) + if type is not None: + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[str]: + """ + Display name of the resource + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter + def id(self) -> Optional[str]: + """ + Scope id of the resource + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter + def type(self) -> Optional[str]: + """ + Type of the resource + """ + return pulumi.get(self, "type") + + @pulumi.output_type class PrincipalResponse(dict): """ diff --git a/sdk/python/pulumi_azure_native/authorization/v20201001/role_management_policy.py b/sdk/python/pulumi_azure_native/authorization/v20201001/role_management_policy.py new file mode 100644 index 000000000000..ef46fc13b61b --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/v20201001/role_management_policy.py @@ -0,0 +1,326 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from ... import _utilities +from . import outputs +from ._enums import * +from ._inputs import * + +__all__ = ['RoleManagementPolicyArgs', 'RoleManagementPolicy'] + +@pulumi.input_type +class RoleManagementPolicyArgs: + def __init__(__self__, *, + scope: pulumi.Input[str], + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + is_organization_default: Optional[pulumi.Input[bool]] = None, + role_management_policy_name: Optional[pulumi.Input[str]] = None, + rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs']]]]] = None): + """ + The set of arguments for constructing a RoleManagementPolicy resource. + :param pulumi.Input[str] scope: The role management policy scope. + :param pulumi.Input[str] description: The role management policy description. + :param pulumi.Input[str] display_name: The role management policy display name. + :param pulumi.Input[bool] is_organization_default: The role management policy is default policy. + :param pulumi.Input[str] role_management_policy_name: The name (guid) of the role management policy to upsert. + :param pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs']]]] rules: The rule applied to the policy. + """ + pulumi.set(__self__, "scope", scope) + if description is not None: + pulumi.set(__self__, "description", description) + if display_name is not None: + pulumi.set(__self__, "display_name", display_name) + if is_organization_default is not None: + pulumi.set(__self__, "is_organization_default", is_organization_default) + if role_management_policy_name is not None: + pulumi.set(__self__, "role_management_policy_name", role_management_policy_name) + if rules is not None: + pulumi.set(__self__, "rules", rules) + + @property + @pulumi.getter + def scope(self) -> pulumi.Input[str]: + """ + The role management policy scope. + """ + return pulumi.get(self, "scope") + + @scope.setter + def scope(self, value: pulumi.Input[str]): + pulumi.set(self, "scope", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + The role management policy description. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[pulumi.Input[str]]: + """ + The role management policy display name. + """ + return pulumi.get(self, "display_name") + + @display_name.setter + def display_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display_name", value) + + @property + @pulumi.getter(name="isOrganizationDefault") + def is_organization_default(self) -> Optional[pulumi.Input[bool]]: + """ + The role management policy is default policy. + """ + return pulumi.get(self, "is_organization_default") + + @is_organization_default.setter + def is_organization_default(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_organization_default", value) + + @property + @pulumi.getter(name="roleManagementPolicyName") + def role_management_policy_name(self) -> Optional[pulumi.Input[str]]: + """ + The name (guid) of the role management policy to upsert. + """ + return pulumi.get(self, "role_management_policy_name") + + @role_management_policy_name.setter + def role_management_policy_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "role_management_policy_name", value) + + @property + @pulumi.getter + def rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs']]]]]: + """ + The rule applied to the policy. + """ + return pulumi.get(self, "rules") + + @rules.setter + def rules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs']]]]]): + pulumi.set(self, "rules", value) + + +class RoleManagementPolicy(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + is_organization_default: Optional[pulumi.Input[bool]] = None, + role_management_policy_name: Optional[pulumi.Input[str]] = None, + rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyApprovalRuleArgsDict'], Union['RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgsDict'], Union['RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyEnablementRuleArgsDict'], Union['RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyExpirationRuleArgsDict'], Union['RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyNotificationRuleArgsDict']]]]]] = None, + scope: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Role management policy + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] description: The role management policy description. + :param pulumi.Input[str] display_name: The role management policy display name. + :param pulumi.Input[bool] is_organization_default: The role management policy is default policy. + :param pulumi.Input[str] role_management_policy_name: The name (guid) of the role management policy to upsert. + :param pulumi.Input[Sequence[pulumi.Input[Union[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyApprovalRuleArgsDict'], Union['RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgsDict'], Union['RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyEnablementRuleArgsDict'], Union['RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyExpirationRuleArgsDict'], Union['RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyNotificationRuleArgsDict']]]]] rules: The rule applied to the policy. + :param pulumi.Input[str] scope: The role management policy scope. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: RoleManagementPolicyArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Role management policy + + :param str resource_name: The name of the resource. + :param RoleManagementPolicyArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(RoleManagementPolicyArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + is_organization_default: Optional[pulumi.Input[bool]] = None, + role_management_policy_name: Optional[pulumi.Input[str]] = None, + rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyApprovalRuleArgsDict'], Union['RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgsDict'], Union['RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyEnablementRuleArgsDict'], Union['RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyExpirationRuleArgsDict'], Union['RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyNotificationRuleArgsDict']]]]]] = None, + scope: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = RoleManagementPolicyArgs.__new__(RoleManagementPolicyArgs) + + __props__.__dict__["description"] = description + __props__.__dict__["display_name"] = display_name + __props__.__dict__["is_organization_default"] = is_organization_default + __props__.__dict__["role_management_policy_name"] = role_management_policy_name + __props__.__dict__["rules"] = rules + if scope is None and not opts.urn: + raise TypeError("Missing required property 'scope'") + __props__.__dict__["scope"] = scope + __props__.__dict__["effective_rules"] = None + __props__.__dict__["last_modified_by"] = None + __props__.__dict__["last_modified_date_time"] = None + __props__.__dict__["name"] = None + __props__.__dict__["policy_properties"] = None + __props__.__dict__["type"] = None + alias_opts = pulumi.ResourceOptions(aliases=[pulumi.Alias(type_="azure-native:authorization:RoleManagementPolicy"), pulumi.Alias(type_="azure-native:authorization/v20201001preview:RoleManagementPolicy"), pulumi.Alias(type_="azure-native:authorization/v20240201preview:RoleManagementPolicy"), pulumi.Alias(type_="azure-native:authorization/v20240901preview:RoleManagementPolicy")]) + opts = pulumi.ResourceOptions.merge(opts, alias_opts) + super(RoleManagementPolicy, __self__).__init__( + 'azure-native:authorization/v20201001:RoleManagementPolicy', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None) -> 'RoleManagementPolicy': + """ + Get an existing RoleManagementPolicy resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = RoleManagementPolicyArgs.__new__(RoleManagementPolicyArgs) + + __props__.__dict__["description"] = None + __props__.__dict__["display_name"] = None + __props__.__dict__["effective_rules"] = None + __props__.__dict__["is_organization_default"] = None + __props__.__dict__["last_modified_by"] = None + __props__.__dict__["last_modified_date_time"] = None + __props__.__dict__["name"] = None + __props__.__dict__["policy_properties"] = None + __props__.__dict__["rules"] = None + __props__.__dict__["scope"] = None + __props__.__dict__["type"] = None + return RoleManagementPolicy(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def description(self) -> pulumi.Output[Optional[str]]: + """ + The role management policy description. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> pulumi.Output[Optional[str]]: + """ + The role management policy display name. + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter(name="effectiveRules") + def effective_rules(self) -> pulumi.Output[Sequence[Any]]: + """ + The readonly computed rule applied to the policy. + """ + return pulumi.get(self, "effective_rules") + + @property + @pulumi.getter(name="isOrganizationDefault") + def is_organization_default(self) -> pulumi.Output[Optional[bool]]: + """ + The role management policy is default policy. + """ + return pulumi.get(self, "is_organization_default") + + @property + @pulumi.getter(name="lastModifiedBy") + def last_modified_by(self) -> pulumi.Output['outputs.PrincipalResponse']: + """ + The name of the entity last modified it + """ + return pulumi.get(self, "last_modified_by") + + @property + @pulumi.getter(name="lastModifiedDateTime") + def last_modified_date_time(self) -> pulumi.Output[str]: + """ + The last modified date time. + """ + return pulumi.get(self, "last_modified_date_time") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + The role management policy name. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="policyProperties") + def policy_properties(self) -> pulumi.Output['outputs.PolicyPropertiesResponse']: + """ + Additional properties of scope + """ + return pulumi.get(self, "policy_properties") + + @property + @pulumi.getter + def rules(self) -> pulumi.Output[Optional[Sequence[Any]]]: + """ + The rule applied to the policy. + """ + return pulumi.get(self, "rules") + + @property + @pulumi.getter + def scope(self) -> pulumi.Output[Optional[str]]: + """ + The role management policy scope. + """ + return pulumi.get(self, "scope") + + @property + @pulumi.getter + def type(self) -> pulumi.Output[str]: + """ + The role management policy type. + """ + return pulumi.get(self, "type") + diff --git a/sdk/python/pulumi_azure_native/authorization/v20201001preview/__init__.py b/sdk/python/pulumi_azure_native/authorization/v20201001preview/__init__.py index 764078306785..c9d9f0f2f5ee 100644 --- a/sdk/python/pulumi_azure_native/authorization/v20201001preview/__init__.py +++ b/sdk/python/pulumi_azure_native/authorization/v20201001preview/__init__.py @@ -5,6 +5,10 @@ from ... import _utilities import typing # Export this package's modules as members: +from ._enums import * +from .get_role_management_policy import * from .get_role_management_policy_assignment import * +from .role_management_policy import * from .role_management_policy_assignment import * +from ._inputs import * from . import outputs diff --git a/sdk/python/pulumi_azure_native/authorization/v20201001preview/_enums.py b/sdk/python/pulumi_azure_native/authorization/v20201001preview/_enums.py new file mode 100644 index 000000000000..2b41faf3d574 --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/v20201001preview/_enums.py @@ -0,0 +1,78 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +from enum import Enum + +__all__ = [ + 'ApprovalMode', + 'EnablementRules', + 'NotificationDeliveryMechanism', + 'NotificationLevel', + 'RecipientType', + 'RoleManagementPolicyRuleType', + 'UserType', +] + + +class ApprovalMode(str, Enum): + """ + The type of rule + """ + SINGLE_STAGE = "SingleStage" + SERIAL = "Serial" + PARALLEL = "Parallel" + NO_APPROVAL = "NoApproval" + + +class EnablementRules(str, Enum): + """ + The type of enablement rule + """ + MULTI_FACTOR_AUTHENTICATION = "MultiFactorAuthentication" + JUSTIFICATION = "Justification" + TICKETING = "Ticketing" + + +class NotificationDeliveryMechanism(str, Enum): + """ + The type of notification. + """ + EMAIL = "Email" + + +class NotificationLevel(str, Enum): + """ + The notification level. + """ + NONE = "None" + CRITICAL = "Critical" + ALL = "All" + + +class RecipientType(str, Enum): + """ + The recipient type. + """ + REQUESTOR = "Requestor" + APPROVER = "Approver" + ADMIN = "Admin" + + +class RoleManagementPolicyRuleType(str, Enum): + """ + The type of rule + """ + ROLE_MANAGEMENT_POLICY_APPROVAL_RULE = "RoleManagementPolicyApprovalRule" + ROLE_MANAGEMENT_POLICY_AUTHENTICATION_CONTEXT_RULE = "RoleManagementPolicyAuthenticationContextRule" + ROLE_MANAGEMENT_POLICY_ENABLEMENT_RULE = "RoleManagementPolicyEnablementRule" + ROLE_MANAGEMENT_POLICY_EXPIRATION_RULE = "RoleManagementPolicyExpirationRule" + ROLE_MANAGEMENT_POLICY_NOTIFICATION_RULE = "RoleManagementPolicyNotificationRule" + + +class UserType(str, Enum): + """ + The type of user. + """ + USER = "User" + GROUP = "Group" diff --git a/sdk/python/pulumi_azure_native/authorization/v20201001preview/_inputs.py b/sdk/python/pulumi_azure_native/authorization/v20201001preview/_inputs.py new file mode 100644 index 000000000000..92bbe89ce629 --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/v20201001preview/_inputs.py @@ -0,0 +1,1134 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from ... import _utilities +from ._enums import * + +__all__ = [ + 'ApprovalSettingsArgs', + 'ApprovalSettingsArgsDict', + 'ApprovalStageArgs', + 'ApprovalStageArgsDict', + 'RoleManagementPolicyApprovalRuleArgs', + 'RoleManagementPolicyApprovalRuleArgsDict', + 'RoleManagementPolicyAuthenticationContextRuleArgs', + 'RoleManagementPolicyAuthenticationContextRuleArgsDict', + 'RoleManagementPolicyEnablementRuleArgs', + 'RoleManagementPolicyEnablementRuleArgsDict', + 'RoleManagementPolicyExpirationRuleArgs', + 'RoleManagementPolicyExpirationRuleArgsDict', + 'RoleManagementPolicyNotificationRuleArgs', + 'RoleManagementPolicyNotificationRuleArgsDict', + 'RoleManagementPolicyRuleTargetArgs', + 'RoleManagementPolicyRuleTargetArgsDict', + 'UserSetArgs', + 'UserSetArgsDict', +] + +MYPY = False + +if not MYPY: + class ApprovalSettingsArgsDict(TypedDict): + """ + The approval settings. + """ + approval_mode: NotRequired[pulumi.Input[Union[str, 'ApprovalMode']]] + """ + The type of rule + """ + approval_stages: NotRequired[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgsDict']]]] + """ + The approval stages of the request. + """ + is_approval_required: NotRequired[pulumi.Input[bool]] + """ + Determines whether approval is required or not. + """ + is_approval_required_for_extension: NotRequired[pulumi.Input[bool]] + """ + Determines whether approval is required for assignment extension. + """ + is_requestor_justification_required: NotRequired[pulumi.Input[bool]] + """ + Determine whether requestor justification is required. + """ +elif False: + ApprovalSettingsArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ApprovalSettingsArgs: + def __init__(__self__, *, + approval_mode: Optional[pulumi.Input[Union[str, 'ApprovalMode']]] = None, + approval_stages: Optional[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]]] = None, + is_approval_required: Optional[pulumi.Input[bool]] = None, + is_approval_required_for_extension: Optional[pulumi.Input[bool]] = None, + is_requestor_justification_required: Optional[pulumi.Input[bool]] = None): + """ + The approval settings. + :param pulumi.Input[Union[str, 'ApprovalMode']] approval_mode: The type of rule + :param pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]] approval_stages: The approval stages of the request. + :param pulumi.Input[bool] is_approval_required: Determines whether approval is required or not. + :param pulumi.Input[bool] is_approval_required_for_extension: Determines whether approval is required for assignment extension. + :param pulumi.Input[bool] is_requestor_justification_required: Determine whether requestor justification is required. + """ + if approval_mode is not None: + pulumi.set(__self__, "approval_mode", approval_mode) + if approval_stages is not None: + pulumi.set(__self__, "approval_stages", approval_stages) + if is_approval_required is not None: + pulumi.set(__self__, "is_approval_required", is_approval_required) + if is_approval_required_for_extension is not None: + pulumi.set(__self__, "is_approval_required_for_extension", is_approval_required_for_extension) + if is_requestor_justification_required is not None: + pulumi.set(__self__, "is_requestor_justification_required", is_requestor_justification_required) + + @property + @pulumi.getter(name="approvalMode") + def approval_mode(self) -> Optional[pulumi.Input[Union[str, 'ApprovalMode']]]: + """ + The type of rule + """ + return pulumi.get(self, "approval_mode") + + @approval_mode.setter + def approval_mode(self, value: Optional[pulumi.Input[Union[str, 'ApprovalMode']]]): + pulumi.set(self, "approval_mode", value) + + @property + @pulumi.getter(name="approvalStages") + def approval_stages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]]]: + """ + The approval stages of the request. + """ + return pulumi.get(self, "approval_stages") + + @approval_stages.setter + def approval_stages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]]]): + pulumi.set(self, "approval_stages", value) + + @property + @pulumi.getter(name="isApprovalRequired") + def is_approval_required(self) -> Optional[pulumi.Input[bool]]: + """ + Determines whether approval is required or not. + """ + return pulumi.get(self, "is_approval_required") + + @is_approval_required.setter + def is_approval_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_approval_required", value) + + @property + @pulumi.getter(name="isApprovalRequiredForExtension") + def is_approval_required_for_extension(self) -> Optional[pulumi.Input[bool]]: + """ + Determines whether approval is required for assignment extension. + """ + return pulumi.get(self, "is_approval_required_for_extension") + + @is_approval_required_for_extension.setter + def is_approval_required_for_extension(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_approval_required_for_extension", value) + + @property + @pulumi.getter(name="isRequestorJustificationRequired") + def is_requestor_justification_required(self) -> Optional[pulumi.Input[bool]]: + """ + Determine whether requestor justification is required. + """ + return pulumi.get(self, "is_requestor_justification_required") + + @is_requestor_justification_required.setter + def is_requestor_justification_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_requestor_justification_required", value) + + +if not MYPY: + class ApprovalStageArgsDict(TypedDict): + """ + The approval stage. + """ + approval_stage_time_out_in_days: NotRequired[pulumi.Input[int]] + """ + The time in days when approval request would be timed out + """ + escalation_approvers: NotRequired[pulumi.Input[Sequence[pulumi.Input['UserSetArgsDict']]]] + """ + The escalation approver of the request. + """ + escalation_time_in_minutes: NotRequired[pulumi.Input[int]] + """ + The time in minutes when the approval request would be escalated if the primary approver does not approve + """ + is_approver_justification_required: NotRequired[pulumi.Input[bool]] + """ + Determines whether approver need to provide justification for his decision. + """ + is_escalation_enabled: NotRequired[pulumi.Input[bool]] + """ + The value determine whether escalation feature is enabled. + """ + primary_approvers: NotRequired[pulumi.Input[Sequence[pulumi.Input['UserSetArgsDict']]]] + """ + The primary approver of the request. + """ +elif False: + ApprovalStageArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ApprovalStageArgs: + def __init__(__self__, *, + approval_stage_time_out_in_days: Optional[pulumi.Input[int]] = None, + escalation_approvers: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]] = None, + escalation_time_in_minutes: Optional[pulumi.Input[int]] = None, + is_approver_justification_required: Optional[pulumi.Input[bool]] = None, + is_escalation_enabled: Optional[pulumi.Input[bool]] = None, + primary_approvers: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]] = None): + """ + The approval stage. + :param pulumi.Input[int] approval_stage_time_out_in_days: The time in days when approval request would be timed out + :param pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]] escalation_approvers: The escalation approver of the request. + :param pulumi.Input[int] escalation_time_in_minutes: The time in minutes when the approval request would be escalated if the primary approver does not approve + :param pulumi.Input[bool] is_approver_justification_required: Determines whether approver need to provide justification for his decision. + :param pulumi.Input[bool] is_escalation_enabled: The value determine whether escalation feature is enabled. + :param pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]] primary_approvers: The primary approver of the request. + """ + if approval_stage_time_out_in_days is not None: + pulumi.set(__self__, "approval_stage_time_out_in_days", approval_stage_time_out_in_days) + if escalation_approvers is not None: + pulumi.set(__self__, "escalation_approvers", escalation_approvers) + if escalation_time_in_minutes is not None: + pulumi.set(__self__, "escalation_time_in_minutes", escalation_time_in_minutes) + if is_approver_justification_required is not None: + pulumi.set(__self__, "is_approver_justification_required", is_approver_justification_required) + if is_escalation_enabled is not None: + pulumi.set(__self__, "is_escalation_enabled", is_escalation_enabled) + if primary_approvers is not None: + pulumi.set(__self__, "primary_approvers", primary_approvers) + + @property + @pulumi.getter(name="approvalStageTimeOutInDays") + def approval_stage_time_out_in_days(self) -> Optional[pulumi.Input[int]]: + """ + The time in days when approval request would be timed out + """ + return pulumi.get(self, "approval_stage_time_out_in_days") + + @approval_stage_time_out_in_days.setter + def approval_stage_time_out_in_days(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "approval_stage_time_out_in_days", value) + + @property + @pulumi.getter(name="escalationApprovers") + def escalation_approvers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]: + """ + The escalation approver of the request. + """ + return pulumi.get(self, "escalation_approvers") + + @escalation_approvers.setter + def escalation_approvers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]): + pulumi.set(self, "escalation_approvers", value) + + @property + @pulumi.getter(name="escalationTimeInMinutes") + def escalation_time_in_minutes(self) -> Optional[pulumi.Input[int]]: + """ + The time in minutes when the approval request would be escalated if the primary approver does not approve + """ + return pulumi.get(self, "escalation_time_in_minutes") + + @escalation_time_in_minutes.setter + def escalation_time_in_minutes(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "escalation_time_in_minutes", value) + + @property + @pulumi.getter(name="isApproverJustificationRequired") + def is_approver_justification_required(self) -> Optional[pulumi.Input[bool]]: + """ + Determines whether approver need to provide justification for his decision. + """ + return pulumi.get(self, "is_approver_justification_required") + + @is_approver_justification_required.setter + def is_approver_justification_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_approver_justification_required", value) + + @property + @pulumi.getter(name="isEscalationEnabled") + def is_escalation_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + The value determine whether escalation feature is enabled. + """ + return pulumi.get(self, "is_escalation_enabled") + + @is_escalation_enabled.setter + def is_escalation_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_escalation_enabled", value) + + @property + @pulumi.getter(name="primaryApprovers") + def primary_approvers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]: + """ + The primary approver of the request. + """ + return pulumi.get(self, "primary_approvers") + + @primary_approvers.setter + def primary_approvers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]): + pulumi.set(self, "primary_approvers", value) + + +if not MYPY: + class RoleManagementPolicyApprovalRuleArgsDict(TypedDict): + """ + The role management policy approval rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + setting: NotRequired[pulumi.Input['ApprovalSettingsArgsDict']] + """ + The approval setting + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyApprovalRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyApprovalRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + id: Optional[pulumi.Input[str]] = None, + setting: Optional[pulumi.Input['ApprovalSettingsArgs']] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy approval rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input['ApprovalSettingsArgs'] setting: The approval setting + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyApprovalRule') + if id is not None: + pulumi.set(__self__, "id", id) + if setting is not None: + pulumi.set(__self__, "setting", setting) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter + def setting(self) -> Optional[pulumi.Input['ApprovalSettingsArgs']]: + """ + The approval setting + """ + return pulumi.get(self, "setting") + + @setting.setter + def setting(self, value: Optional[pulumi.Input['ApprovalSettingsArgs']]): + pulumi.set(self, "setting", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyAuthenticationContextRuleArgsDict(TypedDict): + """ + The role management policy authentication context rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + """ + claim_value: NotRequired[pulumi.Input[str]] + """ + The claim value. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + is_enabled: NotRequired[pulumi.Input[bool]] + """ + The value indicating if rule is enabled. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyAuthenticationContextRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyAuthenticationContextRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + claim_value: Optional[pulumi.Input[str]] = None, + id: Optional[pulumi.Input[str]] = None, + is_enabled: Optional[pulumi.Input[bool]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy authentication context rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + :param pulumi.Input[str] claim_value: The claim value. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input[bool] is_enabled: The value indicating if rule is enabled. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyAuthenticationContextRule') + if claim_value is not None: + pulumi.set(__self__, "claim_value", claim_value) + if id is not None: + pulumi.set(__self__, "id", id) + if is_enabled is not None: + pulumi.set(__self__, "is_enabled", is_enabled) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter(name="claimValue") + def claim_value(self) -> Optional[pulumi.Input[str]]: + """ + The claim value. + """ + return pulumi.get(self, "claim_value") + + @claim_value.setter + def claim_value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "claim_value", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isEnabled") + def is_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + The value indicating if rule is enabled. + """ + return pulumi.get(self, "is_enabled") + + @is_enabled.setter + def is_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_enabled", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyEnablementRuleArgsDict(TypedDict): + """ + The role management policy rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + """ + enabled_rules: NotRequired[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]] + """ + The list of enabled rules. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyEnablementRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyEnablementRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + enabled_rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]] = None, + id: Optional[pulumi.Input[str]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + :param pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]] enabled_rules: The list of enabled rules. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyEnablementRule') + if enabled_rules is not None: + pulumi.set(__self__, "enabled_rules", enabled_rules) + if id is not None: + pulumi.set(__self__, "id", id) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter(name="enabledRules") + def enabled_rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]]: + """ + The list of enabled rules. + """ + return pulumi.get(self, "enabled_rules") + + @enabled_rules.setter + def enabled_rules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]]): + pulumi.set(self, "enabled_rules", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyExpirationRuleArgsDict(TypedDict): + """ + The role management policy expiration rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + is_expiration_required: NotRequired[pulumi.Input[bool]] + """ + The value indicating whether expiration is required. + """ + maximum_duration: NotRequired[pulumi.Input[str]] + """ + The maximum duration of expiration in timespan. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyExpirationRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyExpirationRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + id: Optional[pulumi.Input[str]] = None, + is_expiration_required: Optional[pulumi.Input[bool]] = None, + maximum_duration: Optional[pulumi.Input[str]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy expiration rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input[bool] is_expiration_required: The value indicating whether expiration is required. + :param pulumi.Input[str] maximum_duration: The maximum duration of expiration in timespan. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyExpirationRule') + if id is not None: + pulumi.set(__self__, "id", id) + if is_expiration_required is not None: + pulumi.set(__self__, "is_expiration_required", is_expiration_required) + if maximum_duration is not None: + pulumi.set(__self__, "maximum_duration", maximum_duration) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isExpirationRequired") + def is_expiration_required(self) -> Optional[pulumi.Input[bool]]: + """ + The value indicating whether expiration is required. + """ + return pulumi.get(self, "is_expiration_required") + + @is_expiration_required.setter + def is_expiration_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_expiration_required", value) + + @property + @pulumi.getter(name="maximumDuration") + def maximum_duration(self) -> Optional[pulumi.Input[str]]: + """ + The maximum duration of expiration in timespan. + """ + return pulumi.get(self, "maximum_duration") + + @maximum_duration.setter + def maximum_duration(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "maximum_duration", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyNotificationRuleArgsDict(TypedDict): + """ + The role management policy notification rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + is_default_recipients_enabled: NotRequired[pulumi.Input[bool]] + """ + Determines if the notification will be sent to the recipient type specified in the policy rule. + """ + notification_level: NotRequired[pulumi.Input[Union[str, 'NotificationLevel']]] + """ + The notification level. + """ + notification_recipients: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of notification recipients. + """ + notification_type: NotRequired[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]] + """ + The type of notification. + """ + recipient_type: NotRequired[pulumi.Input[Union[str, 'RecipientType']]] + """ + The recipient type. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyNotificationRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyNotificationRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + id: Optional[pulumi.Input[str]] = None, + is_default_recipients_enabled: Optional[pulumi.Input[bool]] = None, + notification_level: Optional[pulumi.Input[Union[str, 'NotificationLevel']]] = None, + notification_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + notification_type: Optional[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]] = None, + recipient_type: Optional[pulumi.Input[Union[str, 'RecipientType']]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy notification rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input[bool] is_default_recipients_enabled: Determines if the notification will be sent to the recipient type specified in the policy rule. + :param pulumi.Input[Union[str, 'NotificationLevel']] notification_level: The notification level. + :param pulumi.Input[Sequence[pulumi.Input[str]]] notification_recipients: The list of notification recipients. + :param pulumi.Input[Union[str, 'NotificationDeliveryMechanism']] notification_type: The type of notification. + :param pulumi.Input[Union[str, 'RecipientType']] recipient_type: The recipient type. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyNotificationRule') + if id is not None: + pulumi.set(__self__, "id", id) + if is_default_recipients_enabled is not None: + pulumi.set(__self__, "is_default_recipients_enabled", is_default_recipients_enabled) + if notification_level is not None: + pulumi.set(__self__, "notification_level", notification_level) + if notification_recipients is not None: + pulumi.set(__self__, "notification_recipients", notification_recipients) + if notification_type is not None: + pulumi.set(__self__, "notification_type", notification_type) + if recipient_type is not None: + pulumi.set(__self__, "recipient_type", recipient_type) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isDefaultRecipientsEnabled") + def is_default_recipients_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Determines if the notification will be sent to the recipient type specified in the policy rule. + """ + return pulumi.get(self, "is_default_recipients_enabled") + + @is_default_recipients_enabled.setter + def is_default_recipients_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_default_recipients_enabled", value) + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> Optional[pulumi.Input[Union[str, 'NotificationLevel']]]: + """ + The notification level. + """ + return pulumi.get(self, "notification_level") + + @notification_level.setter + def notification_level(self, value: Optional[pulumi.Input[Union[str, 'NotificationLevel']]]): + pulumi.set(self, "notification_level", value) + + @property + @pulumi.getter(name="notificationRecipients") + def notification_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of notification recipients. + """ + return pulumi.get(self, "notification_recipients") + + @notification_recipients.setter + def notification_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "notification_recipients", value) + + @property + @pulumi.getter(name="notificationType") + def notification_type(self) -> Optional[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]]: + """ + The type of notification. + """ + return pulumi.get(self, "notification_type") + + @notification_type.setter + def notification_type(self, value: Optional[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]]): + pulumi.set(self, "notification_type", value) + + @property + @pulumi.getter(name="recipientType") + def recipient_type(self) -> Optional[pulumi.Input[Union[str, 'RecipientType']]]: + """ + The recipient type. + """ + return pulumi.get(self, "recipient_type") + + @recipient_type.setter + def recipient_type(self, value: Optional[pulumi.Input[Union[str, 'RecipientType']]]): + pulumi.set(self, "recipient_type", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyRuleTargetArgsDict(TypedDict): + """ + The role management policy rule target. + """ + caller: NotRequired[pulumi.Input[str]] + """ + The caller of the setting. + """ + enforced_settings: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of enforced settings. + """ + inheritable_settings: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of inheritable settings. + """ + level: NotRequired[pulumi.Input[str]] + """ + The assignment level to which rule is applied. + """ + operations: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The type of operation. + """ + target_objects: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of target objects. + """ +elif False: + RoleManagementPolicyRuleTargetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyRuleTargetArgs: + def __init__(__self__, *, + caller: Optional[pulumi.Input[str]] = None, + enforced_settings: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + inheritable_settings: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + level: Optional[pulumi.Input[str]] = None, + operations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + target_objects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + The role management policy rule target. + :param pulumi.Input[str] caller: The caller of the setting. + :param pulumi.Input[Sequence[pulumi.Input[str]]] enforced_settings: The list of enforced settings. + :param pulumi.Input[Sequence[pulumi.Input[str]]] inheritable_settings: The list of inheritable settings. + :param pulumi.Input[str] level: The assignment level to which rule is applied. + :param pulumi.Input[Sequence[pulumi.Input[str]]] operations: The type of operation. + :param pulumi.Input[Sequence[pulumi.Input[str]]] target_objects: The list of target objects. + """ + if caller is not None: + pulumi.set(__self__, "caller", caller) + if enforced_settings is not None: + pulumi.set(__self__, "enforced_settings", enforced_settings) + if inheritable_settings is not None: + pulumi.set(__self__, "inheritable_settings", inheritable_settings) + if level is not None: + pulumi.set(__self__, "level", level) + if operations is not None: + pulumi.set(__self__, "operations", operations) + if target_objects is not None: + pulumi.set(__self__, "target_objects", target_objects) + + @property + @pulumi.getter + def caller(self) -> Optional[pulumi.Input[str]]: + """ + The caller of the setting. + """ + return pulumi.get(self, "caller") + + @caller.setter + def caller(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "caller", value) + + @property + @pulumi.getter(name="enforcedSettings") + def enforced_settings(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of enforced settings. + """ + return pulumi.get(self, "enforced_settings") + + @enforced_settings.setter + def enforced_settings(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "enforced_settings", value) + + @property + @pulumi.getter(name="inheritableSettings") + def inheritable_settings(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of inheritable settings. + """ + return pulumi.get(self, "inheritable_settings") + + @inheritable_settings.setter + def inheritable_settings(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "inheritable_settings", value) + + @property + @pulumi.getter + def level(self) -> Optional[pulumi.Input[str]]: + """ + The assignment level to which rule is applied. + """ + return pulumi.get(self, "level") + + @level.setter + def level(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "level", value) + + @property + @pulumi.getter + def operations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The type of operation. + """ + return pulumi.get(self, "operations") + + @operations.setter + def operations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "operations", value) + + @property + @pulumi.getter(name="targetObjects") + def target_objects(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of target objects. + """ + return pulumi.get(self, "target_objects") + + @target_objects.setter + def target_objects(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "target_objects", value) + + +if not MYPY: + class UserSetArgsDict(TypedDict): + """ + The detail of a user. + """ + description: NotRequired[pulumi.Input[str]] + """ + The description of the user. + """ + id: NotRequired[pulumi.Input[str]] + """ + The object id of the user. + """ + is_backup: NotRequired[pulumi.Input[bool]] + """ + The value indicating whether the user is a backup fallback approver + """ + user_type: NotRequired[pulumi.Input[Union[str, 'UserType']]] + """ + The type of user. + """ +elif False: + UserSetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class UserSetArgs: + def __init__(__self__, *, + description: Optional[pulumi.Input[str]] = None, + id: Optional[pulumi.Input[str]] = None, + is_backup: Optional[pulumi.Input[bool]] = None, + user_type: Optional[pulumi.Input[Union[str, 'UserType']]] = None): + """ + The detail of a user. + :param pulumi.Input[str] description: The description of the user. + :param pulumi.Input[str] id: The object id of the user. + :param pulumi.Input[bool] is_backup: The value indicating whether the user is a backup fallback approver + :param pulumi.Input[Union[str, 'UserType']] user_type: The type of user. + """ + if description is not None: + pulumi.set(__self__, "description", description) + if id is not None: + pulumi.set(__self__, "id", id) + if is_backup is not None: + pulumi.set(__self__, "is_backup", is_backup) + if user_type is not None: + pulumi.set(__self__, "user_type", user_type) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + The description of the user. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The object id of the user. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isBackup") + def is_backup(self) -> Optional[pulumi.Input[bool]]: + """ + The value indicating whether the user is a backup fallback approver + """ + return pulumi.get(self, "is_backup") + + @is_backup.setter + def is_backup(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_backup", value) + + @property + @pulumi.getter(name="userType") + def user_type(self) -> Optional[pulumi.Input[Union[str, 'UserType']]]: + """ + The type of user. + """ + return pulumi.get(self, "user_type") + + @user_type.setter + def user_type(self, value: Optional[pulumi.Input[Union[str, 'UserType']]]): + pulumi.set(self, "user_type", value) + + diff --git a/sdk/python/pulumi_azure_native/authorization/v20201001preview/get_role_management_policy.py b/sdk/python/pulumi_azure_native/authorization/v20201001preview/get_role_management_policy.py new file mode 100644 index 000000000000..1a43269f0c5c --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/v20201001preview/get_role_management_policy.py @@ -0,0 +1,241 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from ... import _utilities +from . import outputs + +__all__ = [ + 'GetRoleManagementPolicyResult', + 'AwaitableGetRoleManagementPolicyResult', + 'get_role_management_policy', + 'get_role_management_policy_output', +] + +@pulumi.output_type +class GetRoleManagementPolicyResult: + """ + Role management policy + """ + def __init__(__self__, description=None, display_name=None, effective_rules=None, id=None, is_organization_default=None, last_modified_by=None, last_modified_date_time=None, name=None, policy_properties=None, rules=None, scope=None, type=None): + if description and not isinstance(description, str): + raise TypeError("Expected argument 'description' to be a str") + pulumi.set(__self__, "description", description) + if display_name and not isinstance(display_name, str): + raise TypeError("Expected argument 'display_name' to be a str") + pulumi.set(__self__, "display_name", display_name) + if effective_rules and not isinstance(effective_rules, list): + raise TypeError("Expected argument 'effective_rules' to be a list") + pulumi.set(__self__, "effective_rules", effective_rules) + if id and not isinstance(id, str): + raise TypeError("Expected argument 'id' to be a str") + pulumi.set(__self__, "id", id) + if is_organization_default and not isinstance(is_organization_default, bool): + raise TypeError("Expected argument 'is_organization_default' to be a bool") + pulumi.set(__self__, "is_organization_default", is_organization_default) + if last_modified_by and not isinstance(last_modified_by, dict): + raise TypeError("Expected argument 'last_modified_by' to be a dict") + pulumi.set(__self__, "last_modified_by", last_modified_by) + if last_modified_date_time and not isinstance(last_modified_date_time, str): + raise TypeError("Expected argument 'last_modified_date_time' to be a str") + pulumi.set(__self__, "last_modified_date_time", last_modified_date_time) + if name and not isinstance(name, str): + raise TypeError("Expected argument 'name' to be a str") + pulumi.set(__self__, "name", name) + if policy_properties and not isinstance(policy_properties, dict): + raise TypeError("Expected argument 'policy_properties' to be a dict") + pulumi.set(__self__, "policy_properties", policy_properties) + if rules and not isinstance(rules, list): + raise TypeError("Expected argument 'rules' to be a list") + pulumi.set(__self__, "rules", rules) + if scope and not isinstance(scope, str): + raise TypeError("Expected argument 'scope' to be a str") + pulumi.set(__self__, "scope", scope) + if type and not isinstance(type, str): + raise TypeError("Expected argument 'type' to be a str") + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter + def description(self) -> Optional[str]: + """ + The role management policy description. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[str]: + """ + The role management policy display name. + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter(name="effectiveRules") + def effective_rules(self) -> Sequence[Any]: + """ + The readonly computed rule applied to the policy. + """ + return pulumi.get(self, "effective_rules") + + @property + @pulumi.getter + def id(self) -> str: + """ + The role management policy Id. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter(name="isOrganizationDefault") + def is_organization_default(self) -> Optional[bool]: + """ + The role management policy is default policy. + """ + return pulumi.get(self, "is_organization_default") + + @property + @pulumi.getter(name="lastModifiedBy") + def last_modified_by(self) -> 'outputs.PrincipalResponse': + """ + The name of the entity last modified it + """ + return pulumi.get(self, "last_modified_by") + + @property + @pulumi.getter(name="lastModifiedDateTime") + def last_modified_date_time(self) -> str: + """ + The last modified date time. + """ + return pulumi.get(self, "last_modified_date_time") + + @property + @pulumi.getter + def name(self) -> str: + """ + The role management policy name. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="policyProperties") + def policy_properties(self) -> 'outputs.PolicyPropertiesResponse': + """ + Additional properties of scope + """ + return pulumi.get(self, "policy_properties") + + @property + @pulumi.getter + def rules(self) -> Optional[Sequence[Any]]: + """ + The rule applied to the policy. + """ + return pulumi.get(self, "rules") + + @property + @pulumi.getter + def scope(self) -> Optional[str]: + """ + The role management policy scope. + """ + return pulumi.get(self, "scope") + + @property + @pulumi.getter + def type(self) -> str: + """ + The role management policy type. + """ + return pulumi.get(self, "type") + + +class AwaitableGetRoleManagementPolicyResult(GetRoleManagementPolicyResult): + # pylint: disable=using-constant-test + def __await__(self): + if False: + yield self + return GetRoleManagementPolicyResult( + description=self.description, + display_name=self.display_name, + effective_rules=self.effective_rules, + id=self.id, + is_organization_default=self.is_organization_default, + last_modified_by=self.last_modified_by, + last_modified_date_time=self.last_modified_date_time, + name=self.name, + policy_properties=self.policy_properties, + rules=self.rules, + scope=self.scope, + type=self.type) + + +def get_role_management_policy(role_management_policy_name: Optional[str] = None, + scope: Optional[str] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetRoleManagementPolicyResult: + """ + Get the specified role management policy for a resource scope + + + :param str role_management_policy_name: The name (guid) of the role management policy to get. + :param str scope: The scope of the role management policy. + """ + __args__ = dict() + __args__['roleManagementPolicyName'] = role_management_policy_name + __args__['scope'] = scope + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke('azure-native:authorization/v20201001preview:getRoleManagementPolicy', __args__, opts=opts, typ=GetRoleManagementPolicyResult).value + + return AwaitableGetRoleManagementPolicyResult( + description=pulumi.get(__ret__, 'description'), + display_name=pulumi.get(__ret__, 'display_name'), + effective_rules=pulumi.get(__ret__, 'effective_rules'), + id=pulumi.get(__ret__, 'id'), + is_organization_default=pulumi.get(__ret__, 'is_organization_default'), + last_modified_by=pulumi.get(__ret__, 'last_modified_by'), + last_modified_date_time=pulumi.get(__ret__, 'last_modified_date_time'), + name=pulumi.get(__ret__, 'name'), + policy_properties=pulumi.get(__ret__, 'policy_properties'), + rules=pulumi.get(__ret__, 'rules'), + scope=pulumi.get(__ret__, 'scope'), + type=pulumi.get(__ret__, 'type')) +def get_role_management_policy_output(role_management_policy_name: Optional[pulumi.Input[str]] = None, + scope: Optional[pulumi.Input[str]] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRoleManagementPolicyResult]: + """ + Get the specified role management policy for a resource scope + + + :param str role_management_policy_name: The name (guid) of the role management policy to get. + :param str scope: The scope of the role management policy. + """ + __args__ = dict() + __args__['roleManagementPolicyName'] = role_management_policy_name + __args__['scope'] = scope + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke_output('azure-native:authorization/v20201001preview:getRoleManagementPolicy', __args__, opts=opts, typ=GetRoleManagementPolicyResult) + return __ret__.apply(lambda __response__: GetRoleManagementPolicyResult( + description=pulumi.get(__response__, 'description'), + display_name=pulumi.get(__response__, 'display_name'), + effective_rules=pulumi.get(__response__, 'effective_rules'), + id=pulumi.get(__response__, 'id'), + is_organization_default=pulumi.get(__response__, 'is_organization_default'), + last_modified_by=pulumi.get(__response__, 'last_modified_by'), + last_modified_date_time=pulumi.get(__response__, 'last_modified_date_time'), + name=pulumi.get(__response__, 'name'), + policy_properties=pulumi.get(__response__, 'policy_properties'), + rules=pulumi.get(__response__, 'rules'), + scope=pulumi.get(__response__, 'scope'), + type=pulumi.get(__response__, 'type'))) diff --git a/sdk/python/pulumi_azure_native/authorization/v20201001preview/outputs.py b/sdk/python/pulumi_azure_native/authorization/v20201001preview/outputs.py index d5b93ac86689..47ac9169159c 100644 --- a/sdk/python/pulumi_azure_native/authorization/v20201001preview/outputs.py +++ b/sdk/python/pulumi_azure_native/authorization/v20201001preview/outputs.py @@ -14,15 +14,233 @@ from typing_extensions import NotRequired, TypedDict, TypeAlias from ... import _utilities from . import outputs +from ._enums import * __all__ = [ + 'ApprovalSettingsResponse', + 'ApprovalStageResponse', 'PolicyAssignmentPropertiesResponse', 'PolicyAssignmentPropertiesResponsePolicy', 'PolicyAssignmentPropertiesResponseRoleDefinition', 'PolicyAssignmentPropertiesResponseScope', + 'PolicyPropertiesResponse', + 'PolicyPropertiesResponseScope', 'PrincipalResponse', + 'RoleManagementPolicyApprovalRuleResponse', + 'RoleManagementPolicyAuthenticationContextRuleResponse', + 'RoleManagementPolicyEnablementRuleResponse', + 'RoleManagementPolicyExpirationRuleResponse', + 'RoleManagementPolicyNotificationRuleResponse', + 'RoleManagementPolicyRuleTargetResponse', + 'UserSetResponse', ] +@pulumi.output_type +class ApprovalSettingsResponse(dict): + """ + The approval settings. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "approvalMode": + suggest = "approval_mode" + elif key == "approvalStages": + suggest = "approval_stages" + elif key == "isApprovalRequired": + suggest = "is_approval_required" + elif key == "isApprovalRequiredForExtension": + suggest = "is_approval_required_for_extension" + elif key == "isRequestorJustificationRequired": + suggest = "is_requestor_justification_required" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ApprovalSettingsResponse. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ApprovalSettingsResponse.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ApprovalSettingsResponse.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + approval_mode: Optional[str] = None, + approval_stages: Optional[Sequence['outputs.ApprovalStageResponse']] = None, + is_approval_required: Optional[bool] = None, + is_approval_required_for_extension: Optional[bool] = None, + is_requestor_justification_required: Optional[bool] = None): + """ + The approval settings. + :param str approval_mode: The type of rule + :param Sequence['ApprovalStageResponse'] approval_stages: The approval stages of the request. + :param bool is_approval_required: Determines whether approval is required or not. + :param bool is_approval_required_for_extension: Determines whether approval is required for assignment extension. + :param bool is_requestor_justification_required: Determine whether requestor justification is required. + """ + if approval_mode is not None: + pulumi.set(__self__, "approval_mode", approval_mode) + if approval_stages is not None: + pulumi.set(__self__, "approval_stages", approval_stages) + if is_approval_required is not None: + pulumi.set(__self__, "is_approval_required", is_approval_required) + if is_approval_required_for_extension is not None: + pulumi.set(__self__, "is_approval_required_for_extension", is_approval_required_for_extension) + if is_requestor_justification_required is not None: + pulumi.set(__self__, "is_requestor_justification_required", is_requestor_justification_required) + + @property + @pulumi.getter(name="approvalMode") + def approval_mode(self) -> Optional[str]: + """ + The type of rule + """ + return pulumi.get(self, "approval_mode") + + @property + @pulumi.getter(name="approvalStages") + def approval_stages(self) -> Optional[Sequence['outputs.ApprovalStageResponse']]: + """ + The approval stages of the request. + """ + return pulumi.get(self, "approval_stages") + + @property + @pulumi.getter(name="isApprovalRequired") + def is_approval_required(self) -> Optional[bool]: + """ + Determines whether approval is required or not. + """ + return pulumi.get(self, "is_approval_required") + + @property + @pulumi.getter(name="isApprovalRequiredForExtension") + def is_approval_required_for_extension(self) -> Optional[bool]: + """ + Determines whether approval is required for assignment extension. + """ + return pulumi.get(self, "is_approval_required_for_extension") + + @property + @pulumi.getter(name="isRequestorJustificationRequired") + def is_requestor_justification_required(self) -> Optional[bool]: + """ + Determine whether requestor justification is required. + """ + return pulumi.get(self, "is_requestor_justification_required") + + +@pulumi.output_type +class ApprovalStageResponse(dict): + """ + The approval stage. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "approvalStageTimeOutInDays": + suggest = "approval_stage_time_out_in_days" + elif key == "escalationApprovers": + suggest = "escalation_approvers" + elif key == "escalationTimeInMinutes": + suggest = "escalation_time_in_minutes" + elif key == "isApproverJustificationRequired": + suggest = "is_approver_justification_required" + elif key == "isEscalationEnabled": + suggest = "is_escalation_enabled" + elif key == "primaryApprovers": + suggest = "primary_approvers" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in ApprovalStageResponse. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + ApprovalStageResponse.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + ApprovalStageResponse.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + approval_stage_time_out_in_days: Optional[int] = None, + escalation_approvers: Optional[Sequence['outputs.UserSetResponse']] = None, + escalation_time_in_minutes: Optional[int] = None, + is_approver_justification_required: Optional[bool] = None, + is_escalation_enabled: Optional[bool] = None, + primary_approvers: Optional[Sequence['outputs.UserSetResponse']] = None): + """ + The approval stage. + :param int approval_stage_time_out_in_days: The time in days when approval request would be timed out + :param Sequence['UserSetResponse'] escalation_approvers: The escalation approver of the request. + :param int escalation_time_in_minutes: The time in minutes when the approval request would be escalated if the primary approver does not approve + :param bool is_approver_justification_required: Determines whether approver need to provide justification for his decision. + :param bool is_escalation_enabled: The value determine whether escalation feature is enabled. + :param Sequence['UserSetResponse'] primary_approvers: The primary approver of the request. + """ + if approval_stage_time_out_in_days is not None: + pulumi.set(__self__, "approval_stage_time_out_in_days", approval_stage_time_out_in_days) + if escalation_approvers is not None: + pulumi.set(__self__, "escalation_approvers", escalation_approvers) + if escalation_time_in_minutes is not None: + pulumi.set(__self__, "escalation_time_in_minutes", escalation_time_in_minutes) + if is_approver_justification_required is not None: + pulumi.set(__self__, "is_approver_justification_required", is_approver_justification_required) + if is_escalation_enabled is not None: + pulumi.set(__self__, "is_escalation_enabled", is_escalation_enabled) + if primary_approvers is not None: + pulumi.set(__self__, "primary_approvers", primary_approvers) + + @property + @pulumi.getter(name="approvalStageTimeOutInDays") + def approval_stage_time_out_in_days(self) -> Optional[int]: + """ + The time in days when approval request would be timed out + """ + return pulumi.get(self, "approval_stage_time_out_in_days") + + @property + @pulumi.getter(name="escalationApprovers") + def escalation_approvers(self) -> Optional[Sequence['outputs.UserSetResponse']]: + """ + The escalation approver of the request. + """ + return pulumi.get(self, "escalation_approvers") + + @property + @pulumi.getter(name="escalationTimeInMinutes") + def escalation_time_in_minutes(self) -> Optional[int]: + """ + The time in minutes when the approval request would be escalated if the primary approver does not approve + """ + return pulumi.get(self, "escalation_time_in_minutes") + + @property + @pulumi.getter(name="isApproverJustificationRequired") + def is_approver_justification_required(self) -> Optional[bool]: + """ + Determines whether approver need to provide justification for his decision. + """ + return pulumi.get(self, "is_approver_justification_required") + + @property + @pulumi.getter(name="isEscalationEnabled") + def is_escalation_enabled(self) -> Optional[bool]: + """ + The value determine whether escalation feature is enabled. + """ + return pulumi.get(self, "is_escalation_enabled") + + @property + @pulumi.getter(name="primaryApprovers") + def primary_approvers(self) -> Optional[Sequence['outputs.UserSetResponse']]: + """ + The primary approver of the request. + """ + return pulumi.get(self, "primary_approvers") + + @pulumi.output_type class PolicyAssignmentPropertiesResponse(dict): @staticmethod @@ -276,6 +494,88 @@ def type(self) -> Optional[str]: return pulumi.get(self, "type") +@pulumi.output_type +class PolicyPropertiesResponse(dict): + def __init__(__self__, *, + scope: 'outputs.PolicyPropertiesResponseScope'): + """ + :param 'PolicyPropertiesResponseScope' scope: Details of the resource scope + """ + pulumi.set(__self__, "scope", scope) + + @property + @pulumi.getter + def scope(self) -> 'outputs.PolicyPropertiesResponseScope': + """ + Details of the resource scope + """ + return pulumi.get(self, "scope") + + +@pulumi.output_type +class PolicyPropertiesResponseScope(dict): + """ + Details of the resource scope + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "displayName": + suggest = "display_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in PolicyPropertiesResponseScope. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + PolicyPropertiesResponseScope.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + PolicyPropertiesResponseScope.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + display_name: Optional[str] = None, + id: Optional[str] = None, + type: Optional[str] = None): + """ + Details of the resource scope + :param str display_name: Display name of the resource + :param str id: Scope id of the resource + :param str type: Type of the resource + """ + if display_name is not None: + pulumi.set(__self__, "display_name", display_name) + if id is not None: + pulumi.set(__self__, "id", id) + if type is not None: + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[str]: + """ + Display name of the resource + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter + def id(self) -> Optional[str]: + """ + Scope id of the resource + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter + def type(self) -> Optional[str]: + """ + Type of the resource + """ + return pulumi.get(self, "type") + + @pulumi.output_type class PrincipalResponse(dict): """ @@ -352,3 +652,662 @@ def type(self) -> Optional[str]: return pulumi.get(self, "type") +@pulumi.output_type +class RoleManagementPolicyApprovalRuleResponse(dict): + """ + The role management policy approval rule. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "ruleType": + suggest = "rule_type" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in RoleManagementPolicyApprovalRuleResponse. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + RoleManagementPolicyApprovalRuleResponse.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + RoleManagementPolicyApprovalRuleResponse.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + rule_type: str, + id: Optional[str] = None, + setting: Optional['outputs.ApprovalSettingsResponse'] = None, + target: Optional['outputs.RoleManagementPolicyRuleTargetResponse'] = None): + """ + The role management policy approval rule. + :param str rule_type: The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. + :param str id: The id of the rule. + :param 'ApprovalSettingsResponse' setting: The approval setting + :param 'RoleManagementPolicyRuleTargetResponse' target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyApprovalRule') + if id is not None: + pulumi.set(__self__, "id", id) + if setting is not None: + pulumi.set(__self__, "setting", setting) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> str: + """ + The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. + """ + return pulumi.get(self, "rule_type") + + @property + @pulumi.getter + def id(self) -> Optional[str]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter + def setting(self) -> Optional['outputs.ApprovalSettingsResponse']: + """ + The approval setting + """ + return pulumi.get(self, "setting") + + @property + @pulumi.getter + def target(self) -> Optional['outputs.RoleManagementPolicyRuleTargetResponse']: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + +@pulumi.output_type +class RoleManagementPolicyAuthenticationContextRuleResponse(dict): + """ + The role management policy authentication context rule. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "ruleType": + suggest = "rule_type" + elif key == "claimValue": + suggest = "claim_value" + elif key == "isEnabled": + suggest = "is_enabled" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in RoleManagementPolicyAuthenticationContextRuleResponse. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + RoleManagementPolicyAuthenticationContextRuleResponse.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + RoleManagementPolicyAuthenticationContextRuleResponse.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + rule_type: str, + claim_value: Optional[str] = None, + id: Optional[str] = None, + is_enabled: Optional[bool] = None, + target: Optional['outputs.RoleManagementPolicyRuleTargetResponse'] = None): + """ + The role management policy authentication context rule. + :param str rule_type: The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + :param str claim_value: The claim value. + :param str id: The id of the rule. + :param bool is_enabled: The value indicating if rule is enabled. + :param 'RoleManagementPolicyRuleTargetResponse' target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyAuthenticationContextRule') + if claim_value is not None: + pulumi.set(__self__, "claim_value", claim_value) + if id is not None: + pulumi.set(__self__, "id", id) + if is_enabled is not None: + pulumi.set(__self__, "is_enabled", is_enabled) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> str: + """ + The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + """ + return pulumi.get(self, "rule_type") + + @property + @pulumi.getter(name="claimValue") + def claim_value(self) -> Optional[str]: + """ + The claim value. + """ + return pulumi.get(self, "claim_value") + + @property + @pulumi.getter + def id(self) -> Optional[str]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter(name="isEnabled") + def is_enabled(self) -> Optional[bool]: + """ + The value indicating if rule is enabled. + """ + return pulumi.get(self, "is_enabled") + + @property + @pulumi.getter + def target(self) -> Optional['outputs.RoleManagementPolicyRuleTargetResponse']: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + +@pulumi.output_type +class RoleManagementPolicyEnablementRuleResponse(dict): + """ + The role management policy rule. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "ruleType": + suggest = "rule_type" + elif key == "enabledRules": + suggest = "enabled_rules" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in RoleManagementPolicyEnablementRuleResponse. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + RoleManagementPolicyEnablementRuleResponse.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + RoleManagementPolicyEnablementRuleResponse.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + rule_type: str, + enabled_rules: Optional[Sequence[str]] = None, + id: Optional[str] = None, + target: Optional['outputs.RoleManagementPolicyRuleTargetResponse'] = None): + """ + The role management policy rule. + :param str rule_type: The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + :param Sequence[str] enabled_rules: The list of enabled rules. + :param str id: The id of the rule. + :param 'RoleManagementPolicyRuleTargetResponse' target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyEnablementRule') + if enabled_rules is not None: + pulumi.set(__self__, "enabled_rules", enabled_rules) + if id is not None: + pulumi.set(__self__, "id", id) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> str: + """ + The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + """ + return pulumi.get(self, "rule_type") + + @property + @pulumi.getter(name="enabledRules") + def enabled_rules(self) -> Optional[Sequence[str]]: + """ + The list of enabled rules. + """ + return pulumi.get(self, "enabled_rules") + + @property + @pulumi.getter + def id(self) -> Optional[str]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter + def target(self) -> Optional['outputs.RoleManagementPolicyRuleTargetResponse']: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + +@pulumi.output_type +class RoleManagementPolicyExpirationRuleResponse(dict): + """ + The role management policy expiration rule. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "ruleType": + suggest = "rule_type" + elif key == "isExpirationRequired": + suggest = "is_expiration_required" + elif key == "maximumDuration": + suggest = "maximum_duration" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in RoleManagementPolicyExpirationRuleResponse. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + RoleManagementPolicyExpirationRuleResponse.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + RoleManagementPolicyExpirationRuleResponse.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + rule_type: str, + id: Optional[str] = None, + is_expiration_required: Optional[bool] = None, + maximum_duration: Optional[str] = None, + target: Optional['outputs.RoleManagementPolicyRuleTargetResponse'] = None): + """ + The role management policy expiration rule. + :param str rule_type: The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + :param str id: The id of the rule. + :param bool is_expiration_required: The value indicating whether expiration is required. + :param str maximum_duration: The maximum duration of expiration in timespan. + :param 'RoleManagementPolicyRuleTargetResponse' target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyExpirationRule') + if id is not None: + pulumi.set(__self__, "id", id) + if is_expiration_required is not None: + pulumi.set(__self__, "is_expiration_required", is_expiration_required) + if maximum_duration is not None: + pulumi.set(__self__, "maximum_duration", maximum_duration) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> str: + """ + The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + """ + return pulumi.get(self, "rule_type") + + @property + @pulumi.getter + def id(self) -> Optional[str]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter(name="isExpirationRequired") + def is_expiration_required(self) -> Optional[bool]: + """ + The value indicating whether expiration is required. + """ + return pulumi.get(self, "is_expiration_required") + + @property + @pulumi.getter(name="maximumDuration") + def maximum_duration(self) -> Optional[str]: + """ + The maximum duration of expiration in timespan. + """ + return pulumi.get(self, "maximum_duration") + + @property + @pulumi.getter + def target(self) -> Optional['outputs.RoleManagementPolicyRuleTargetResponse']: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + +@pulumi.output_type +class RoleManagementPolicyNotificationRuleResponse(dict): + """ + The role management policy notification rule. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "ruleType": + suggest = "rule_type" + elif key == "isDefaultRecipientsEnabled": + suggest = "is_default_recipients_enabled" + elif key == "notificationLevel": + suggest = "notification_level" + elif key == "notificationRecipients": + suggest = "notification_recipients" + elif key == "notificationType": + suggest = "notification_type" + elif key == "recipientType": + suggest = "recipient_type" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in RoleManagementPolicyNotificationRuleResponse. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + RoleManagementPolicyNotificationRuleResponse.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + RoleManagementPolicyNotificationRuleResponse.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + rule_type: str, + id: Optional[str] = None, + is_default_recipients_enabled: Optional[bool] = None, + notification_level: Optional[str] = None, + notification_recipients: Optional[Sequence[str]] = None, + notification_type: Optional[str] = None, + recipient_type: Optional[str] = None, + target: Optional['outputs.RoleManagementPolicyRuleTargetResponse'] = None): + """ + The role management policy notification rule. + :param str rule_type: The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + :param str id: The id of the rule. + :param bool is_default_recipients_enabled: Determines if the notification will be sent to the recipient type specified in the policy rule. + :param str notification_level: The notification level. + :param Sequence[str] notification_recipients: The list of notification recipients. + :param str notification_type: The type of notification. + :param str recipient_type: The recipient type. + :param 'RoleManagementPolicyRuleTargetResponse' target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyNotificationRule') + if id is not None: + pulumi.set(__self__, "id", id) + if is_default_recipients_enabled is not None: + pulumi.set(__self__, "is_default_recipients_enabled", is_default_recipients_enabled) + if notification_level is not None: + pulumi.set(__self__, "notification_level", notification_level) + if notification_recipients is not None: + pulumi.set(__self__, "notification_recipients", notification_recipients) + if notification_type is not None: + pulumi.set(__self__, "notification_type", notification_type) + if recipient_type is not None: + pulumi.set(__self__, "recipient_type", recipient_type) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> str: + """ + The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + """ + return pulumi.get(self, "rule_type") + + @property + @pulumi.getter + def id(self) -> Optional[str]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter(name="isDefaultRecipientsEnabled") + def is_default_recipients_enabled(self) -> Optional[bool]: + """ + Determines if the notification will be sent to the recipient type specified in the policy rule. + """ + return pulumi.get(self, "is_default_recipients_enabled") + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> Optional[str]: + """ + The notification level. + """ + return pulumi.get(self, "notification_level") + + @property + @pulumi.getter(name="notificationRecipients") + def notification_recipients(self) -> Optional[Sequence[str]]: + """ + The list of notification recipients. + """ + return pulumi.get(self, "notification_recipients") + + @property + @pulumi.getter(name="notificationType") + def notification_type(self) -> Optional[str]: + """ + The type of notification. + """ + return pulumi.get(self, "notification_type") + + @property + @pulumi.getter(name="recipientType") + def recipient_type(self) -> Optional[str]: + """ + The recipient type. + """ + return pulumi.get(self, "recipient_type") + + @property + @pulumi.getter + def target(self) -> Optional['outputs.RoleManagementPolicyRuleTargetResponse']: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + +@pulumi.output_type +class RoleManagementPolicyRuleTargetResponse(dict): + """ + The role management policy rule target. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "enforcedSettings": + suggest = "enforced_settings" + elif key == "inheritableSettings": + suggest = "inheritable_settings" + elif key == "targetObjects": + suggest = "target_objects" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in RoleManagementPolicyRuleTargetResponse. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + RoleManagementPolicyRuleTargetResponse.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + RoleManagementPolicyRuleTargetResponse.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + caller: Optional[str] = None, + enforced_settings: Optional[Sequence[str]] = None, + inheritable_settings: Optional[Sequence[str]] = None, + level: Optional[str] = None, + operations: Optional[Sequence[str]] = None, + target_objects: Optional[Sequence[str]] = None): + """ + The role management policy rule target. + :param str caller: The caller of the setting. + :param Sequence[str] enforced_settings: The list of enforced settings. + :param Sequence[str] inheritable_settings: The list of inheritable settings. + :param str level: The assignment level to which rule is applied. + :param Sequence[str] operations: The type of operation. + :param Sequence[str] target_objects: The list of target objects. + """ + if caller is not None: + pulumi.set(__self__, "caller", caller) + if enforced_settings is not None: + pulumi.set(__self__, "enforced_settings", enforced_settings) + if inheritable_settings is not None: + pulumi.set(__self__, "inheritable_settings", inheritable_settings) + if level is not None: + pulumi.set(__self__, "level", level) + if operations is not None: + pulumi.set(__self__, "operations", operations) + if target_objects is not None: + pulumi.set(__self__, "target_objects", target_objects) + + @property + @pulumi.getter + def caller(self) -> Optional[str]: + """ + The caller of the setting. + """ + return pulumi.get(self, "caller") + + @property + @pulumi.getter(name="enforcedSettings") + def enforced_settings(self) -> Optional[Sequence[str]]: + """ + The list of enforced settings. + """ + return pulumi.get(self, "enforced_settings") + + @property + @pulumi.getter(name="inheritableSettings") + def inheritable_settings(self) -> Optional[Sequence[str]]: + """ + The list of inheritable settings. + """ + return pulumi.get(self, "inheritable_settings") + + @property + @pulumi.getter + def level(self) -> Optional[str]: + """ + The assignment level to which rule is applied. + """ + return pulumi.get(self, "level") + + @property + @pulumi.getter + def operations(self) -> Optional[Sequence[str]]: + """ + The type of operation. + """ + return pulumi.get(self, "operations") + + @property + @pulumi.getter(name="targetObjects") + def target_objects(self) -> Optional[Sequence[str]]: + """ + The list of target objects. + """ + return pulumi.get(self, "target_objects") + + +@pulumi.output_type +class UserSetResponse(dict): + """ + The detail of a user. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "isBackup": + suggest = "is_backup" + elif key == "userType": + suggest = "user_type" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in UserSetResponse. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + UserSetResponse.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + UserSetResponse.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + description: Optional[str] = None, + id: Optional[str] = None, + is_backup: Optional[bool] = None, + user_type: Optional[str] = None): + """ + The detail of a user. + :param str description: The description of the user. + :param str id: The object id of the user. + :param bool is_backup: The value indicating whether the user is a backup fallback approver + :param str user_type: The type of user. + """ + if description is not None: + pulumi.set(__self__, "description", description) + if id is not None: + pulumi.set(__self__, "id", id) + if is_backup is not None: + pulumi.set(__self__, "is_backup", is_backup) + if user_type is not None: + pulumi.set(__self__, "user_type", user_type) + + @property + @pulumi.getter + def description(self) -> Optional[str]: + """ + The description of the user. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter + def id(self) -> Optional[str]: + """ + The object id of the user. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter(name="isBackup") + def is_backup(self) -> Optional[bool]: + """ + The value indicating whether the user is a backup fallback approver + """ + return pulumi.get(self, "is_backup") + + @property + @pulumi.getter(name="userType") + def user_type(self) -> Optional[str]: + """ + The type of user. + """ + return pulumi.get(self, "user_type") + + diff --git a/sdk/python/pulumi_azure_native/authorization/v20201001preview/role_management_policy.py b/sdk/python/pulumi_azure_native/authorization/v20201001preview/role_management_policy.py new file mode 100644 index 000000000000..52c93630333c --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/v20201001preview/role_management_policy.py @@ -0,0 +1,326 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from ... import _utilities +from . import outputs +from ._enums import * +from ._inputs import * + +__all__ = ['RoleManagementPolicyArgs', 'RoleManagementPolicy'] + +@pulumi.input_type +class RoleManagementPolicyArgs: + def __init__(__self__, *, + scope: pulumi.Input[str], + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + is_organization_default: Optional[pulumi.Input[bool]] = None, + role_management_policy_name: Optional[pulumi.Input[str]] = None, + rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs']]]]] = None): + """ + The set of arguments for constructing a RoleManagementPolicy resource. + :param pulumi.Input[str] scope: The role management policy scope. + :param pulumi.Input[str] description: The role management policy description. + :param pulumi.Input[str] display_name: The role management policy display name. + :param pulumi.Input[bool] is_organization_default: The role management policy is default policy. + :param pulumi.Input[str] role_management_policy_name: The name (guid) of the role management policy to upsert. + :param pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs']]]] rules: The rule applied to the policy. + """ + pulumi.set(__self__, "scope", scope) + if description is not None: + pulumi.set(__self__, "description", description) + if display_name is not None: + pulumi.set(__self__, "display_name", display_name) + if is_organization_default is not None: + pulumi.set(__self__, "is_organization_default", is_organization_default) + if role_management_policy_name is not None: + pulumi.set(__self__, "role_management_policy_name", role_management_policy_name) + if rules is not None: + pulumi.set(__self__, "rules", rules) + + @property + @pulumi.getter + def scope(self) -> pulumi.Input[str]: + """ + The role management policy scope. + """ + return pulumi.get(self, "scope") + + @scope.setter + def scope(self, value: pulumi.Input[str]): + pulumi.set(self, "scope", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + The role management policy description. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[pulumi.Input[str]]: + """ + The role management policy display name. + """ + return pulumi.get(self, "display_name") + + @display_name.setter + def display_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display_name", value) + + @property + @pulumi.getter(name="isOrganizationDefault") + def is_organization_default(self) -> Optional[pulumi.Input[bool]]: + """ + The role management policy is default policy. + """ + return pulumi.get(self, "is_organization_default") + + @is_organization_default.setter + def is_organization_default(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_organization_default", value) + + @property + @pulumi.getter(name="roleManagementPolicyName") + def role_management_policy_name(self) -> Optional[pulumi.Input[str]]: + """ + The name (guid) of the role management policy to upsert. + """ + return pulumi.get(self, "role_management_policy_name") + + @role_management_policy_name.setter + def role_management_policy_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "role_management_policy_name", value) + + @property + @pulumi.getter + def rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs']]]]]: + """ + The rule applied to the policy. + """ + return pulumi.get(self, "rules") + + @rules.setter + def rules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs']]]]]): + pulumi.set(self, "rules", value) + + +class RoleManagementPolicy(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + is_organization_default: Optional[pulumi.Input[bool]] = None, + role_management_policy_name: Optional[pulumi.Input[str]] = None, + rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyApprovalRuleArgsDict'], Union['RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgsDict'], Union['RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyEnablementRuleArgsDict'], Union['RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyExpirationRuleArgsDict'], Union['RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyNotificationRuleArgsDict']]]]]] = None, + scope: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Role management policy + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] description: The role management policy description. + :param pulumi.Input[str] display_name: The role management policy display name. + :param pulumi.Input[bool] is_organization_default: The role management policy is default policy. + :param pulumi.Input[str] role_management_policy_name: The name (guid) of the role management policy to upsert. + :param pulumi.Input[Sequence[pulumi.Input[Union[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyApprovalRuleArgsDict'], Union['RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgsDict'], Union['RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyEnablementRuleArgsDict'], Union['RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyExpirationRuleArgsDict'], Union['RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyNotificationRuleArgsDict']]]]] rules: The rule applied to the policy. + :param pulumi.Input[str] scope: The role management policy scope. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: RoleManagementPolicyArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Role management policy + + :param str resource_name: The name of the resource. + :param RoleManagementPolicyArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(RoleManagementPolicyArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + is_organization_default: Optional[pulumi.Input[bool]] = None, + role_management_policy_name: Optional[pulumi.Input[str]] = None, + rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyApprovalRuleArgsDict'], Union['RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgsDict'], Union['RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyEnablementRuleArgsDict'], Union['RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyExpirationRuleArgsDict'], Union['RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyNotificationRuleArgsDict']]]]]] = None, + scope: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = RoleManagementPolicyArgs.__new__(RoleManagementPolicyArgs) + + __props__.__dict__["description"] = description + __props__.__dict__["display_name"] = display_name + __props__.__dict__["is_organization_default"] = is_organization_default + __props__.__dict__["role_management_policy_name"] = role_management_policy_name + __props__.__dict__["rules"] = rules + if scope is None and not opts.urn: + raise TypeError("Missing required property 'scope'") + __props__.__dict__["scope"] = scope + __props__.__dict__["effective_rules"] = None + __props__.__dict__["last_modified_by"] = None + __props__.__dict__["last_modified_date_time"] = None + __props__.__dict__["name"] = None + __props__.__dict__["policy_properties"] = None + __props__.__dict__["type"] = None + alias_opts = pulumi.ResourceOptions(aliases=[pulumi.Alias(type_="azure-native:authorization:RoleManagementPolicy"), pulumi.Alias(type_="azure-native:authorization/v20201001:RoleManagementPolicy"), pulumi.Alias(type_="azure-native:authorization/v20240201preview:RoleManagementPolicy"), pulumi.Alias(type_="azure-native:authorization/v20240901preview:RoleManagementPolicy")]) + opts = pulumi.ResourceOptions.merge(opts, alias_opts) + super(RoleManagementPolicy, __self__).__init__( + 'azure-native:authorization/v20201001preview:RoleManagementPolicy', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None) -> 'RoleManagementPolicy': + """ + Get an existing RoleManagementPolicy resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = RoleManagementPolicyArgs.__new__(RoleManagementPolicyArgs) + + __props__.__dict__["description"] = None + __props__.__dict__["display_name"] = None + __props__.__dict__["effective_rules"] = None + __props__.__dict__["is_organization_default"] = None + __props__.__dict__["last_modified_by"] = None + __props__.__dict__["last_modified_date_time"] = None + __props__.__dict__["name"] = None + __props__.__dict__["policy_properties"] = None + __props__.__dict__["rules"] = None + __props__.__dict__["scope"] = None + __props__.__dict__["type"] = None + return RoleManagementPolicy(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def description(self) -> pulumi.Output[Optional[str]]: + """ + The role management policy description. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> pulumi.Output[Optional[str]]: + """ + The role management policy display name. + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter(name="effectiveRules") + def effective_rules(self) -> pulumi.Output[Sequence[Any]]: + """ + The readonly computed rule applied to the policy. + """ + return pulumi.get(self, "effective_rules") + + @property + @pulumi.getter(name="isOrganizationDefault") + def is_organization_default(self) -> pulumi.Output[Optional[bool]]: + """ + The role management policy is default policy. + """ + return pulumi.get(self, "is_organization_default") + + @property + @pulumi.getter(name="lastModifiedBy") + def last_modified_by(self) -> pulumi.Output['outputs.PrincipalResponse']: + """ + The name of the entity last modified it + """ + return pulumi.get(self, "last_modified_by") + + @property + @pulumi.getter(name="lastModifiedDateTime") + def last_modified_date_time(self) -> pulumi.Output[str]: + """ + The last modified date time. + """ + return pulumi.get(self, "last_modified_date_time") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + The role management policy name. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="policyProperties") + def policy_properties(self) -> pulumi.Output['outputs.PolicyPropertiesResponse']: + """ + Additional properties of scope + """ + return pulumi.get(self, "policy_properties") + + @property + @pulumi.getter + def rules(self) -> pulumi.Output[Optional[Sequence[Any]]]: + """ + The rule applied to the policy. + """ + return pulumi.get(self, "rules") + + @property + @pulumi.getter + def scope(self) -> pulumi.Output[Optional[str]]: + """ + The role management policy scope. + """ + return pulumi.get(self, "scope") + + @property + @pulumi.getter + def type(self) -> pulumi.Output[str]: + """ + The role management policy type. + """ + return pulumi.get(self, "type") + diff --git a/sdk/python/pulumi_azure_native/authorization/v20240201preview/__init__.py b/sdk/python/pulumi_azure_native/authorization/v20240201preview/__init__.py index 764078306785..c9d9f0f2f5ee 100644 --- a/sdk/python/pulumi_azure_native/authorization/v20240201preview/__init__.py +++ b/sdk/python/pulumi_azure_native/authorization/v20240201preview/__init__.py @@ -5,6 +5,10 @@ from ... import _utilities import typing # Export this package's modules as members: +from ._enums import * +from .get_role_management_policy import * from .get_role_management_policy_assignment import * +from .role_management_policy import * from .role_management_policy_assignment import * +from ._inputs import * from . import outputs diff --git a/sdk/python/pulumi_azure_native/authorization/v20240201preview/_enums.py b/sdk/python/pulumi_azure_native/authorization/v20240201preview/_enums.py new file mode 100644 index 000000000000..0330c93d0466 --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/v20240201preview/_enums.py @@ -0,0 +1,96 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +from enum import Enum + +__all__ = [ + 'ApprovalMode', + 'EnablementRules', + 'ExcludedPrincipalTypes', + 'NotificationDeliveryMechanism', + 'NotificationLevel', + 'PIMOnlyMode', + 'RecipientType', + 'RoleManagementPolicyRuleType', + 'UserType', +] + + +class ApprovalMode(str, Enum): + """ + The type of rule + """ + SINGLE_STAGE = "SingleStage" + SERIAL = "Serial" + PARALLEL = "Parallel" + NO_APPROVAL = "NoApproval" + + +class EnablementRules(str, Enum): + """ + The type of enablement rule + """ + MULTI_FACTOR_AUTHENTICATION = "MultiFactorAuthentication" + JUSTIFICATION = "Justification" + TICKETING = "Ticketing" + + +class ExcludedPrincipalTypes(str, Enum): + SERVICE_PRINCIPALS_AS_TARGET = "ServicePrincipalsAsTarget" + SERVICE_PRINCIPALS_AS_REQUESTOR = "ServicePrincipalsAsRequestor" + + +class NotificationDeliveryMechanism(str, Enum): + """ + The type of notification. + """ + EMAIL = "Email" + + +class NotificationLevel(str, Enum): + """ + The notification level. + """ + NONE = "None" + CRITICAL = "Critical" + ALL = "All" + + +class PIMOnlyMode(str, Enum): + """ + Determines whether the setting is enabled, disabled or report only. + """ + DISABLED = "Disabled" + ENABLED = "Enabled" + REPORT_ONLY = "ReportOnly" + + +class RecipientType(str, Enum): + """ + The recipient type. + """ + REQUESTOR = "Requestor" + APPROVER = "Approver" + ADMIN = "Admin" + + +class RoleManagementPolicyRuleType(str, Enum): + """ + The type of rule + """ + ROLE_MANAGEMENT_POLICY_APPROVAL_RULE = "RoleManagementPolicyApprovalRule" + ROLE_MANAGEMENT_POLICY_AUTHENTICATION_CONTEXT_RULE = "RoleManagementPolicyAuthenticationContextRule" + ROLE_MANAGEMENT_POLICY_ENABLEMENT_RULE = "RoleManagementPolicyEnablementRule" + ROLE_MANAGEMENT_POLICY_EXPIRATION_RULE = "RoleManagementPolicyExpirationRule" + ROLE_MANAGEMENT_POLICY_NOTIFICATION_RULE = "RoleManagementPolicyNotificationRule" + ROLE_MANAGEMENT_POLICY_PIM_ONLY_MODE_RULE = "RoleManagementPolicyPimOnlyModeRule" + + +class UserType(str, Enum): + """ + The type of user. + """ + USER = "User" + GROUP = "Group" + SERVICE_PRINCIPAL = "ServicePrincipal" diff --git a/sdk/python/pulumi_azure_native/authorization/v20240201preview/_inputs.py b/sdk/python/pulumi_azure_native/authorization/v20240201preview/_inputs.py new file mode 100644 index 000000000000..6e1e16f8b873 --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/v20240201preview/_inputs.py @@ -0,0 +1,1390 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from ... import _utilities +from ._enums import * + +__all__ = [ + 'ApprovalSettingsArgs', + 'ApprovalSettingsArgsDict', + 'ApprovalStageArgs', + 'ApprovalStageArgsDict', + 'PIMOnlyModeSettingsArgs', + 'PIMOnlyModeSettingsArgsDict', + 'RoleManagementPolicyApprovalRuleArgs', + 'RoleManagementPolicyApprovalRuleArgsDict', + 'RoleManagementPolicyAuthenticationContextRuleArgs', + 'RoleManagementPolicyAuthenticationContextRuleArgsDict', + 'RoleManagementPolicyEnablementRuleArgs', + 'RoleManagementPolicyEnablementRuleArgsDict', + 'RoleManagementPolicyExpirationRuleArgs', + 'RoleManagementPolicyExpirationRuleArgsDict', + 'RoleManagementPolicyNotificationRuleArgs', + 'RoleManagementPolicyNotificationRuleArgsDict', + 'RoleManagementPolicyPimOnlyModeRuleArgs', + 'RoleManagementPolicyPimOnlyModeRuleArgsDict', + 'RoleManagementPolicyRuleTargetArgs', + 'RoleManagementPolicyRuleTargetArgsDict', + 'UserSetArgs', + 'UserSetArgsDict', + 'UsersOrServicePrincipalSetArgs', + 'UsersOrServicePrincipalSetArgsDict', +] + +MYPY = False + +if not MYPY: + class ApprovalSettingsArgsDict(TypedDict): + """ + The approval settings. + """ + approval_mode: NotRequired[pulumi.Input[Union[str, 'ApprovalMode']]] + """ + The type of rule + """ + approval_stages: NotRequired[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgsDict']]]] + """ + The approval stages of the request. + """ + is_approval_required: NotRequired[pulumi.Input[bool]] + """ + Determines whether approval is required or not. + """ + is_approval_required_for_extension: NotRequired[pulumi.Input[bool]] + """ + Determines whether approval is required for assignment extension. + """ + is_requestor_justification_required: NotRequired[pulumi.Input[bool]] + """ + Determine whether requestor justification is required. + """ +elif False: + ApprovalSettingsArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ApprovalSettingsArgs: + def __init__(__self__, *, + approval_mode: Optional[pulumi.Input[Union[str, 'ApprovalMode']]] = None, + approval_stages: Optional[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]]] = None, + is_approval_required: Optional[pulumi.Input[bool]] = None, + is_approval_required_for_extension: Optional[pulumi.Input[bool]] = None, + is_requestor_justification_required: Optional[pulumi.Input[bool]] = None): + """ + The approval settings. + :param pulumi.Input[Union[str, 'ApprovalMode']] approval_mode: The type of rule + :param pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]] approval_stages: The approval stages of the request. + :param pulumi.Input[bool] is_approval_required: Determines whether approval is required or not. + :param pulumi.Input[bool] is_approval_required_for_extension: Determines whether approval is required for assignment extension. + :param pulumi.Input[bool] is_requestor_justification_required: Determine whether requestor justification is required. + """ + if approval_mode is not None: + pulumi.set(__self__, "approval_mode", approval_mode) + if approval_stages is not None: + pulumi.set(__self__, "approval_stages", approval_stages) + if is_approval_required is not None: + pulumi.set(__self__, "is_approval_required", is_approval_required) + if is_approval_required_for_extension is not None: + pulumi.set(__self__, "is_approval_required_for_extension", is_approval_required_for_extension) + if is_requestor_justification_required is not None: + pulumi.set(__self__, "is_requestor_justification_required", is_requestor_justification_required) + + @property + @pulumi.getter(name="approvalMode") + def approval_mode(self) -> Optional[pulumi.Input[Union[str, 'ApprovalMode']]]: + """ + The type of rule + """ + return pulumi.get(self, "approval_mode") + + @approval_mode.setter + def approval_mode(self, value: Optional[pulumi.Input[Union[str, 'ApprovalMode']]]): + pulumi.set(self, "approval_mode", value) + + @property + @pulumi.getter(name="approvalStages") + def approval_stages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]]]: + """ + The approval stages of the request. + """ + return pulumi.get(self, "approval_stages") + + @approval_stages.setter + def approval_stages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]]]): + pulumi.set(self, "approval_stages", value) + + @property + @pulumi.getter(name="isApprovalRequired") + def is_approval_required(self) -> Optional[pulumi.Input[bool]]: + """ + Determines whether approval is required or not. + """ + return pulumi.get(self, "is_approval_required") + + @is_approval_required.setter + def is_approval_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_approval_required", value) + + @property + @pulumi.getter(name="isApprovalRequiredForExtension") + def is_approval_required_for_extension(self) -> Optional[pulumi.Input[bool]]: + """ + Determines whether approval is required for assignment extension. + """ + return pulumi.get(self, "is_approval_required_for_extension") + + @is_approval_required_for_extension.setter + def is_approval_required_for_extension(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_approval_required_for_extension", value) + + @property + @pulumi.getter(name="isRequestorJustificationRequired") + def is_requestor_justification_required(self) -> Optional[pulumi.Input[bool]]: + """ + Determine whether requestor justification is required. + """ + return pulumi.get(self, "is_requestor_justification_required") + + @is_requestor_justification_required.setter + def is_requestor_justification_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_requestor_justification_required", value) + + +if not MYPY: + class ApprovalStageArgsDict(TypedDict): + """ + The approval stage. + """ + approval_stage_time_out_in_days: NotRequired[pulumi.Input[int]] + """ + The time in days when approval request would be timed out + """ + escalation_approvers: NotRequired[pulumi.Input[Sequence[pulumi.Input['UserSetArgsDict']]]] + """ + The escalation approver of the request. + """ + escalation_time_in_minutes: NotRequired[pulumi.Input[int]] + """ + The time in minutes when the approval request would be escalated if the primary approver does not approve + """ + is_approver_justification_required: NotRequired[pulumi.Input[bool]] + """ + Determines whether approver need to provide justification for his decision. + """ + is_escalation_enabled: NotRequired[pulumi.Input[bool]] + """ + The value determine whether escalation feature is enabled. + """ + primary_approvers: NotRequired[pulumi.Input[Sequence[pulumi.Input['UserSetArgsDict']]]] + """ + The primary approver of the request. + """ +elif False: + ApprovalStageArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ApprovalStageArgs: + def __init__(__self__, *, + approval_stage_time_out_in_days: Optional[pulumi.Input[int]] = None, + escalation_approvers: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]] = None, + escalation_time_in_minutes: Optional[pulumi.Input[int]] = None, + is_approver_justification_required: Optional[pulumi.Input[bool]] = None, + is_escalation_enabled: Optional[pulumi.Input[bool]] = None, + primary_approvers: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]] = None): + """ + The approval stage. + :param pulumi.Input[int] approval_stage_time_out_in_days: The time in days when approval request would be timed out + :param pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]] escalation_approvers: The escalation approver of the request. + :param pulumi.Input[int] escalation_time_in_minutes: The time in minutes when the approval request would be escalated if the primary approver does not approve + :param pulumi.Input[bool] is_approver_justification_required: Determines whether approver need to provide justification for his decision. + :param pulumi.Input[bool] is_escalation_enabled: The value determine whether escalation feature is enabled. + :param pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]] primary_approvers: The primary approver of the request. + """ + if approval_stage_time_out_in_days is not None: + pulumi.set(__self__, "approval_stage_time_out_in_days", approval_stage_time_out_in_days) + if escalation_approvers is not None: + pulumi.set(__self__, "escalation_approvers", escalation_approvers) + if escalation_time_in_minutes is not None: + pulumi.set(__self__, "escalation_time_in_minutes", escalation_time_in_minutes) + if is_approver_justification_required is not None: + pulumi.set(__self__, "is_approver_justification_required", is_approver_justification_required) + if is_escalation_enabled is not None: + pulumi.set(__self__, "is_escalation_enabled", is_escalation_enabled) + if primary_approvers is not None: + pulumi.set(__self__, "primary_approvers", primary_approvers) + + @property + @pulumi.getter(name="approvalStageTimeOutInDays") + def approval_stage_time_out_in_days(self) -> Optional[pulumi.Input[int]]: + """ + The time in days when approval request would be timed out + """ + return pulumi.get(self, "approval_stage_time_out_in_days") + + @approval_stage_time_out_in_days.setter + def approval_stage_time_out_in_days(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "approval_stage_time_out_in_days", value) + + @property + @pulumi.getter(name="escalationApprovers") + def escalation_approvers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]: + """ + The escalation approver of the request. + """ + return pulumi.get(self, "escalation_approvers") + + @escalation_approvers.setter + def escalation_approvers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]): + pulumi.set(self, "escalation_approvers", value) + + @property + @pulumi.getter(name="escalationTimeInMinutes") + def escalation_time_in_minutes(self) -> Optional[pulumi.Input[int]]: + """ + The time in minutes when the approval request would be escalated if the primary approver does not approve + """ + return pulumi.get(self, "escalation_time_in_minutes") + + @escalation_time_in_minutes.setter + def escalation_time_in_minutes(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "escalation_time_in_minutes", value) + + @property + @pulumi.getter(name="isApproverJustificationRequired") + def is_approver_justification_required(self) -> Optional[pulumi.Input[bool]]: + """ + Determines whether approver need to provide justification for his decision. + """ + return pulumi.get(self, "is_approver_justification_required") + + @is_approver_justification_required.setter + def is_approver_justification_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_approver_justification_required", value) + + @property + @pulumi.getter(name="isEscalationEnabled") + def is_escalation_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + The value determine whether escalation feature is enabled. + """ + return pulumi.get(self, "is_escalation_enabled") + + @is_escalation_enabled.setter + def is_escalation_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_escalation_enabled", value) + + @property + @pulumi.getter(name="primaryApprovers") + def primary_approvers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]: + """ + The primary approver of the request. + """ + return pulumi.get(self, "primary_approvers") + + @primary_approvers.setter + def primary_approvers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]): + pulumi.set(self, "primary_approvers", value) + + +if not MYPY: + class PIMOnlyModeSettingsArgsDict(TypedDict): + """ + The PIM Only Mode settings. + """ + excluded_assignment_types: NotRequired[pulumi.Input[Sequence[pulumi.Input[Union[str, 'ExcludedPrincipalTypes']]]]] + """ + The list of excluded assignment types allowed. + """ + excludes: NotRequired[pulumi.Input[Sequence[pulumi.Input['UsersOrServicePrincipalSetArgsDict']]]] + """ + The list of excluded entities that the rule does not apply to. + """ + mode: NotRequired[pulumi.Input[Union[str, 'PIMOnlyMode']]] + """ + Determines whether the setting is enabled, disabled or report only. + """ +elif False: + PIMOnlyModeSettingsArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class PIMOnlyModeSettingsArgs: + def __init__(__self__, *, + excluded_assignment_types: Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'ExcludedPrincipalTypes']]]]] = None, + excludes: Optional[pulumi.Input[Sequence[pulumi.Input['UsersOrServicePrincipalSetArgs']]]] = None, + mode: Optional[pulumi.Input[Union[str, 'PIMOnlyMode']]] = None): + """ + The PIM Only Mode settings. + :param pulumi.Input[Sequence[pulumi.Input[Union[str, 'ExcludedPrincipalTypes']]]] excluded_assignment_types: The list of excluded assignment types allowed. + :param pulumi.Input[Sequence[pulumi.Input['UsersOrServicePrincipalSetArgs']]] excludes: The list of excluded entities that the rule does not apply to. + :param pulumi.Input[Union[str, 'PIMOnlyMode']] mode: Determines whether the setting is enabled, disabled or report only. + """ + if excluded_assignment_types is not None: + pulumi.set(__self__, "excluded_assignment_types", excluded_assignment_types) + if excludes is not None: + pulumi.set(__self__, "excludes", excludes) + if mode is not None: + pulumi.set(__self__, "mode", mode) + + @property + @pulumi.getter(name="excludedAssignmentTypes") + def excluded_assignment_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'ExcludedPrincipalTypes']]]]]: + """ + The list of excluded assignment types allowed. + """ + return pulumi.get(self, "excluded_assignment_types") + + @excluded_assignment_types.setter + def excluded_assignment_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'ExcludedPrincipalTypes']]]]]): + pulumi.set(self, "excluded_assignment_types", value) + + @property + @pulumi.getter + def excludes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UsersOrServicePrincipalSetArgs']]]]: + """ + The list of excluded entities that the rule does not apply to. + """ + return pulumi.get(self, "excludes") + + @excludes.setter + def excludes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['UsersOrServicePrincipalSetArgs']]]]): + pulumi.set(self, "excludes", value) + + @property + @pulumi.getter + def mode(self) -> Optional[pulumi.Input[Union[str, 'PIMOnlyMode']]]: + """ + Determines whether the setting is enabled, disabled or report only. + """ + return pulumi.get(self, "mode") + + @mode.setter + def mode(self, value: Optional[pulumi.Input[Union[str, 'PIMOnlyMode']]]): + pulumi.set(self, "mode", value) + + +if not MYPY: + class RoleManagementPolicyApprovalRuleArgsDict(TypedDict): + """ + The role management policy approval rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + setting: NotRequired[pulumi.Input['ApprovalSettingsArgsDict']] + """ + The approval setting + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyApprovalRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyApprovalRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + id: Optional[pulumi.Input[str]] = None, + setting: Optional[pulumi.Input['ApprovalSettingsArgs']] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy approval rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input['ApprovalSettingsArgs'] setting: The approval setting + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyApprovalRule') + if id is not None: + pulumi.set(__self__, "id", id) + if setting is not None: + pulumi.set(__self__, "setting", setting) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter + def setting(self) -> Optional[pulumi.Input['ApprovalSettingsArgs']]: + """ + The approval setting + """ + return pulumi.get(self, "setting") + + @setting.setter + def setting(self, value: Optional[pulumi.Input['ApprovalSettingsArgs']]): + pulumi.set(self, "setting", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyAuthenticationContextRuleArgsDict(TypedDict): + """ + The role management policy authentication context rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + """ + claim_value: NotRequired[pulumi.Input[str]] + """ + The claim value. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + is_enabled: NotRequired[pulumi.Input[bool]] + """ + The value indicating if rule is enabled. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyAuthenticationContextRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyAuthenticationContextRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + claim_value: Optional[pulumi.Input[str]] = None, + id: Optional[pulumi.Input[str]] = None, + is_enabled: Optional[pulumi.Input[bool]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy authentication context rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + :param pulumi.Input[str] claim_value: The claim value. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input[bool] is_enabled: The value indicating if rule is enabled. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyAuthenticationContextRule') + if claim_value is not None: + pulumi.set(__self__, "claim_value", claim_value) + if id is not None: + pulumi.set(__self__, "id", id) + if is_enabled is not None: + pulumi.set(__self__, "is_enabled", is_enabled) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter(name="claimValue") + def claim_value(self) -> Optional[pulumi.Input[str]]: + """ + The claim value. + """ + return pulumi.get(self, "claim_value") + + @claim_value.setter + def claim_value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "claim_value", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isEnabled") + def is_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + The value indicating if rule is enabled. + """ + return pulumi.get(self, "is_enabled") + + @is_enabled.setter + def is_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_enabled", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyEnablementRuleArgsDict(TypedDict): + """ + The role management policy enablement rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + """ + enabled_rules: NotRequired[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]] + """ + The list of enabled rules. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyEnablementRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyEnablementRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + enabled_rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]] = None, + id: Optional[pulumi.Input[str]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy enablement rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + :param pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]] enabled_rules: The list of enabled rules. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyEnablementRule') + if enabled_rules is not None: + pulumi.set(__self__, "enabled_rules", enabled_rules) + if id is not None: + pulumi.set(__self__, "id", id) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter(name="enabledRules") + def enabled_rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]]: + """ + The list of enabled rules. + """ + return pulumi.get(self, "enabled_rules") + + @enabled_rules.setter + def enabled_rules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]]): + pulumi.set(self, "enabled_rules", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyExpirationRuleArgsDict(TypedDict): + """ + The role management policy expiration rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + is_expiration_required: NotRequired[pulumi.Input[bool]] + """ + The value indicating whether expiration is required. + """ + maximum_duration: NotRequired[pulumi.Input[str]] + """ + The maximum duration of expiration in timespan. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyExpirationRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyExpirationRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + id: Optional[pulumi.Input[str]] = None, + is_expiration_required: Optional[pulumi.Input[bool]] = None, + maximum_duration: Optional[pulumi.Input[str]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy expiration rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input[bool] is_expiration_required: The value indicating whether expiration is required. + :param pulumi.Input[str] maximum_duration: The maximum duration of expiration in timespan. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyExpirationRule') + if id is not None: + pulumi.set(__self__, "id", id) + if is_expiration_required is not None: + pulumi.set(__self__, "is_expiration_required", is_expiration_required) + if maximum_duration is not None: + pulumi.set(__self__, "maximum_duration", maximum_duration) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isExpirationRequired") + def is_expiration_required(self) -> Optional[pulumi.Input[bool]]: + """ + The value indicating whether expiration is required. + """ + return pulumi.get(self, "is_expiration_required") + + @is_expiration_required.setter + def is_expiration_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_expiration_required", value) + + @property + @pulumi.getter(name="maximumDuration") + def maximum_duration(self) -> Optional[pulumi.Input[str]]: + """ + The maximum duration of expiration in timespan. + """ + return pulumi.get(self, "maximum_duration") + + @maximum_duration.setter + def maximum_duration(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "maximum_duration", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyNotificationRuleArgsDict(TypedDict): + """ + The role management policy notification rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + is_default_recipients_enabled: NotRequired[pulumi.Input[bool]] + """ + Determines if the notification will be sent to the recipient type specified in the policy rule. + """ + notification_level: NotRequired[pulumi.Input[Union[str, 'NotificationLevel']]] + """ + The notification level. + """ + notification_recipients: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of notification recipients. + """ + notification_type: NotRequired[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]] + """ + The type of notification. + """ + recipient_type: NotRequired[pulumi.Input[Union[str, 'RecipientType']]] + """ + The recipient type. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyNotificationRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyNotificationRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + id: Optional[pulumi.Input[str]] = None, + is_default_recipients_enabled: Optional[pulumi.Input[bool]] = None, + notification_level: Optional[pulumi.Input[Union[str, 'NotificationLevel']]] = None, + notification_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + notification_type: Optional[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]] = None, + recipient_type: Optional[pulumi.Input[Union[str, 'RecipientType']]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy notification rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input[bool] is_default_recipients_enabled: Determines if the notification will be sent to the recipient type specified in the policy rule. + :param pulumi.Input[Union[str, 'NotificationLevel']] notification_level: The notification level. + :param pulumi.Input[Sequence[pulumi.Input[str]]] notification_recipients: The list of notification recipients. + :param pulumi.Input[Union[str, 'NotificationDeliveryMechanism']] notification_type: The type of notification. + :param pulumi.Input[Union[str, 'RecipientType']] recipient_type: The recipient type. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyNotificationRule') + if id is not None: + pulumi.set(__self__, "id", id) + if is_default_recipients_enabled is not None: + pulumi.set(__self__, "is_default_recipients_enabled", is_default_recipients_enabled) + if notification_level is not None: + pulumi.set(__self__, "notification_level", notification_level) + if notification_recipients is not None: + pulumi.set(__self__, "notification_recipients", notification_recipients) + if notification_type is not None: + pulumi.set(__self__, "notification_type", notification_type) + if recipient_type is not None: + pulumi.set(__self__, "recipient_type", recipient_type) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isDefaultRecipientsEnabled") + def is_default_recipients_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Determines if the notification will be sent to the recipient type specified in the policy rule. + """ + return pulumi.get(self, "is_default_recipients_enabled") + + @is_default_recipients_enabled.setter + def is_default_recipients_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_default_recipients_enabled", value) + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> Optional[pulumi.Input[Union[str, 'NotificationLevel']]]: + """ + The notification level. + """ + return pulumi.get(self, "notification_level") + + @notification_level.setter + def notification_level(self, value: Optional[pulumi.Input[Union[str, 'NotificationLevel']]]): + pulumi.set(self, "notification_level", value) + + @property + @pulumi.getter(name="notificationRecipients") + def notification_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of notification recipients. + """ + return pulumi.get(self, "notification_recipients") + + @notification_recipients.setter + def notification_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "notification_recipients", value) + + @property + @pulumi.getter(name="notificationType") + def notification_type(self) -> Optional[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]]: + """ + The type of notification. + """ + return pulumi.get(self, "notification_type") + + @notification_type.setter + def notification_type(self, value: Optional[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]]): + pulumi.set(self, "notification_type", value) + + @property + @pulumi.getter(name="recipientType") + def recipient_type(self) -> Optional[pulumi.Input[Union[str, 'RecipientType']]]: + """ + The recipient type. + """ + return pulumi.get(self, "recipient_type") + + @recipient_type.setter + def recipient_type(self, value: Optional[pulumi.Input[Union[str, 'RecipientType']]]): + pulumi.set(self, "recipient_type", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyPimOnlyModeRuleArgsDict(TypedDict): + """ + The role management policy PIM only mode rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + pim_only_mode_settings: NotRequired[pulumi.Input['PIMOnlyModeSettingsArgsDict']] + """ + The PIM Only Mode settings + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyPimOnlyModeRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyPimOnlyModeRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + id: Optional[pulumi.Input[str]] = None, + pim_only_mode_settings: Optional[pulumi.Input['PIMOnlyModeSettingsArgs']] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy PIM only mode rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input['PIMOnlyModeSettingsArgs'] pim_only_mode_settings: The PIM Only Mode settings + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyPimOnlyModeRule') + if id is not None: + pulumi.set(__self__, "id", id) + if pim_only_mode_settings is not None: + pulumi.set(__self__, "pim_only_mode_settings", pim_only_mode_settings) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="pimOnlyModeSettings") + def pim_only_mode_settings(self) -> Optional[pulumi.Input['PIMOnlyModeSettingsArgs']]: + """ + The PIM Only Mode settings + """ + return pulumi.get(self, "pim_only_mode_settings") + + @pim_only_mode_settings.setter + def pim_only_mode_settings(self, value: Optional[pulumi.Input['PIMOnlyModeSettingsArgs']]): + pulumi.set(self, "pim_only_mode_settings", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyRuleTargetArgsDict(TypedDict): + """ + The role management policy rule target. + """ + caller: NotRequired[pulumi.Input[str]] + """ + The caller of the setting. + """ + enforced_settings: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of enforced settings. + """ + inheritable_settings: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of inheritable settings. + """ + level: NotRequired[pulumi.Input[str]] + """ + The assignment level to which rule is applied. + """ + operations: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The type of operation. + """ + target_objects: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of target objects. + """ +elif False: + RoleManagementPolicyRuleTargetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyRuleTargetArgs: + def __init__(__self__, *, + caller: Optional[pulumi.Input[str]] = None, + enforced_settings: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + inheritable_settings: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + level: Optional[pulumi.Input[str]] = None, + operations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + target_objects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + The role management policy rule target. + :param pulumi.Input[str] caller: The caller of the setting. + :param pulumi.Input[Sequence[pulumi.Input[str]]] enforced_settings: The list of enforced settings. + :param pulumi.Input[Sequence[pulumi.Input[str]]] inheritable_settings: The list of inheritable settings. + :param pulumi.Input[str] level: The assignment level to which rule is applied. + :param pulumi.Input[Sequence[pulumi.Input[str]]] operations: The type of operation. + :param pulumi.Input[Sequence[pulumi.Input[str]]] target_objects: The list of target objects. + """ + if caller is not None: + pulumi.set(__self__, "caller", caller) + if enforced_settings is not None: + pulumi.set(__self__, "enforced_settings", enforced_settings) + if inheritable_settings is not None: + pulumi.set(__self__, "inheritable_settings", inheritable_settings) + if level is not None: + pulumi.set(__self__, "level", level) + if operations is not None: + pulumi.set(__self__, "operations", operations) + if target_objects is not None: + pulumi.set(__self__, "target_objects", target_objects) + + @property + @pulumi.getter + def caller(self) -> Optional[pulumi.Input[str]]: + """ + The caller of the setting. + """ + return pulumi.get(self, "caller") + + @caller.setter + def caller(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "caller", value) + + @property + @pulumi.getter(name="enforcedSettings") + def enforced_settings(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of enforced settings. + """ + return pulumi.get(self, "enforced_settings") + + @enforced_settings.setter + def enforced_settings(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "enforced_settings", value) + + @property + @pulumi.getter(name="inheritableSettings") + def inheritable_settings(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of inheritable settings. + """ + return pulumi.get(self, "inheritable_settings") + + @inheritable_settings.setter + def inheritable_settings(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "inheritable_settings", value) + + @property + @pulumi.getter + def level(self) -> Optional[pulumi.Input[str]]: + """ + The assignment level to which rule is applied. + """ + return pulumi.get(self, "level") + + @level.setter + def level(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "level", value) + + @property + @pulumi.getter + def operations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The type of operation. + """ + return pulumi.get(self, "operations") + + @operations.setter + def operations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "operations", value) + + @property + @pulumi.getter(name="targetObjects") + def target_objects(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of target objects. + """ + return pulumi.get(self, "target_objects") + + @target_objects.setter + def target_objects(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "target_objects", value) + + +if not MYPY: + class UserSetArgsDict(TypedDict): + """ + The detail of a user. + """ + description: NotRequired[pulumi.Input[str]] + """ + The description of the user. + """ + id: NotRequired[pulumi.Input[str]] + """ + The object id of the user. + """ + is_backup: NotRequired[pulumi.Input[bool]] + """ + The value indicating whether the user is a backup fallback approver + """ + user_type: NotRequired[pulumi.Input[Union[str, 'UserType']]] + """ + The type of user. + """ +elif False: + UserSetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class UserSetArgs: + def __init__(__self__, *, + description: Optional[pulumi.Input[str]] = None, + id: Optional[pulumi.Input[str]] = None, + is_backup: Optional[pulumi.Input[bool]] = None, + user_type: Optional[pulumi.Input[Union[str, 'UserType']]] = None): + """ + The detail of a user. + :param pulumi.Input[str] description: The description of the user. + :param pulumi.Input[str] id: The object id of the user. + :param pulumi.Input[bool] is_backup: The value indicating whether the user is a backup fallback approver + :param pulumi.Input[Union[str, 'UserType']] user_type: The type of user. + """ + if description is not None: + pulumi.set(__self__, "description", description) + if id is not None: + pulumi.set(__self__, "id", id) + if is_backup is not None: + pulumi.set(__self__, "is_backup", is_backup) + if user_type is not None: + pulumi.set(__self__, "user_type", user_type) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + The description of the user. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The object id of the user. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isBackup") + def is_backup(self) -> Optional[pulumi.Input[bool]]: + """ + The value indicating whether the user is a backup fallback approver + """ + return pulumi.get(self, "is_backup") + + @is_backup.setter + def is_backup(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_backup", value) + + @property + @pulumi.getter(name="userType") + def user_type(self) -> Optional[pulumi.Input[Union[str, 'UserType']]]: + """ + The type of user. + """ + return pulumi.get(self, "user_type") + + @user_type.setter + def user_type(self, value: Optional[pulumi.Input[Union[str, 'UserType']]]): + pulumi.set(self, "user_type", value) + + +if not MYPY: + class UsersOrServicePrincipalSetArgsDict(TypedDict): + """ + The detail of a subject. + """ + display_name: NotRequired[pulumi.Input[str]] + """ + The display Name of the entity. + """ + id: NotRequired[pulumi.Input[str]] + """ + The object id of the entity. + """ + type: NotRequired[pulumi.Input[Union[str, 'UserType']]] + """ + The type of user. + """ +elif False: + UsersOrServicePrincipalSetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class UsersOrServicePrincipalSetArgs: + def __init__(__self__, *, + display_name: Optional[pulumi.Input[str]] = None, + id: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[Union[str, 'UserType']]] = None): + """ + The detail of a subject. + :param pulumi.Input[str] display_name: The display Name of the entity. + :param pulumi.Input[str] id: The object id of the entity. + :param pulumi.Input[Union[str, 'UserType']] type: The type of user. + """ + if display_name is not None: + pulumi.set(__self__, "display_name", display_name) + if id is not None: + pulumi.set(__self__, "id", id) + if type is not None: + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[pulumi.Input[str]]: + """ + The display Name of the entity. + """ + return pulumi.get(self, "display_name") + + @display_name.setter + def display_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display_name", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The object id of the entity. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[Union[str, 'UserType']]]: + """ + The type of user. + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[Union[str, 'UserType']]]): + pulumi.set(self, "type", value) + + diff --git a/sdk/python/pulumi_azure_native/authorization/v20240201preview/get_role_management_policy.py b/sdk/python/pulumi_azure_native/authorization/v20240201preview/get_role_management_policy.py new file mode 100644 index 000000000000..a129da5adce4 --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/v20240201preview/get_role_management_policy.py @@ -0,0 +1,241 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from ... import _utilities +from . import outputs + +__all__ = [ + 'GetRoleManagementPolicyResult', + 'AwaitableGetRoleManagementPolicyResult', + 'get_role_management_policy', + 'get_role_management_policy_output', +] + +@pulumi.output_type +class GetRoleManagementPolicyResult: + """ + Role management policy + """ + def __init__(__self__, description=None, display_name=None, effective_rules=None, id=None, is_organization_default=None, last_modified_by=None, last_modified_date_time=None, name=None, policy_properties=None, rules=None, scope=None, type=None): + if description and not isinstance(description, str): + raise TypeError("Expected argument 'description' to be a str") + pulumi.set(__self__, "description", description) + if display_name and not isinstance(display_name, str): + raise TypeError("Expected argument 'display_name' to be a str") + pulumi.set(__self__, "display_name", display_name) + if effective_rules and not isinstance(effective_rules, list): + raise TypeError("Expected argument 'effective_rules' to be a list") + pulumi.set(__self__, "effective_rules", effective_rules) + if id and not isinstance(id, str): + raise TypeError("Expected argument 'id' to be a str") + pulumi.set(__self__, "id", id) + if is_organization_default and not isinstance(is_organization_default, bool): + raise TypeError("Expected argument 'is_organization_default' to be a bool") + pulumi.set(__self__, "is_organization_default", is_organization_default) + if last_modified_by and not isinstance(last_modified_by, dict): + raise TypeError("Expected argument 'last_modified_by' to be a dict") + pulumi.set(__self__, "last_modified_by", last_modified_by) + if last_modified_date_time and not isinstance(last_modified_date_time, str): + raise TypeError("Expected argument 'last_modified_date_time' to be a str") + pulumi.set(__self__, "last_modified_date_time", last_modified_date_time) + if name and not isinstance(name, str): + raise TypeError("Expected argument 'name' to be a str") + pulumi.set(__self__, "name", name) + if policy_properties and not isinstance(policy_properties, dict): + raise TypeError("Expected argument 'policy_properties' to be a dict") + pulumi.set(__self__, "policy_properties", policy_properties) + if rules and not isinstance(rules, list): + raise TypeError("Expected argument 'rules' to be a list") + pulumi.set(__self__, "rules", rules) + if scope and not isinstance(scope, str): + raise TypeError("Expected argument 'scope' to be a str") + pulumi.set(__self__, "scope", scope) + if type and not isinstance(type, str): + raise TypeError("Expected argument 'type' to be a str") + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter + def description(self) -> Optional[str]: + """ + The role management policy description. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[str]: + """ + The role management policy display name. + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter(name="effectiveRules") + def effective_rules(self) -> Sequence[Any]: + """ + The readonly computed rule applied to the policy. + """ + return pulumi.get(self, "effective_rules") + + @property + @pulumi.getter + def id(self) -> str: + """ + The role management policy Id. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter(name="isOrganizationDefault") + def is_organization_default(self) -> Optional[bool]: + """ + The role management policy is default policy. + """ + return pulumi.get(self, "is_organization_default") + + @property + @pulumi.getter(name="lastModifiedBy") + def last_modified_by(self) -> 'outputs.PrincipalResponse': + """ + The name of the entity last modified it + """ + return pulumi.get(self, "last_modified_by") + + @property + @pulumi.getter(name="lastModifiedDateTime") + def last_modified_date_time(self) -> str: + """ + The last modified date time. + """ + return pulumi.get(self, "last_modified_date_time") + + @property + @pulumi.getter + def name(self) -> str: + """ + The role management policy name. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="policyProperties") + def policy_properties(self) -> 'outputs.PolicyPropertiesResponse': + """ + Additional properties of scope + """ + return pulumi.get(self, "policy_properties") + + @property + @pulumi.getter + def rules(self) -> Optional[Sequence[Any]]: + """ + The rule applied to the policy. + """ + return pulumi.get(self, "rules") + + @property + @pulumi.getter + def scope(self) -> Optional[str]: + """ + The role management policy scope. + """ + return pulumi.get(self, "scope") + + @property + @pulumi.getter + def type(self) -> str: + """ + The role management policy type. + """ + return pulumi.get(self, "type") + + +class AwaitableGetRoleManagementPolicyResult(GetRoleManagementPolicyResult): + # pylint: disable=using-constant-test + def __await__(self): + if False: + yield self + return GetRoleManagementPolicyResult( + description=self.description, + display_name=self.display_name, + effective_rules=self.effective_rules, + id=self.id, + is_organization_default=self.is_organization_default, + last_modified_by=self.last_modified_by, + last_modified_date_time=self.last_modified_date_time, + name=self.name, + policy_properties=self.policy_properties, + rules=self.rules, + scope=self.scope, + type=self.type) + + +def get_role_management_policy(role_management_policy_name: Optional[str] = None, + scope: Optional[str] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetRoleManagementPolicyResult: + """ + Get the specified role management policy for a resource scope + + + :param str role_management_policy_name: The name (guid) of the role management policy to get. + :param str scope: The scope of the role management policy. + """ + __args__ = dict() + __args__['roleManagementPolicyName'] = role_management_policy_name + __args__['scope'] = scope + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke('azure-native:authorization/v20240201preview:getRoleManagementPolicy', __args__, opts=opts, typ=GetRoleManagementPolicyResult).value + + return AwaitableGetRoleManagementPolicyResult( + description=pulumi.get(__ret__, 'description'), + display_name=pulumi.get(__ret__, 'display_name'), + effective_rules=pulumi.get(__ret__, 'effective_rules'), + id=pulumi.get(__ret__, 'id'), + is_organization_default=pulumi.get(__ret__, 'is_organization_default'), + last_modified_by=pulumi.get(__ret__, 'last_modified_by'), + last_modified_date_time=pulumi.get(__ret__, 'last_modified_date_time'), + name=pulumi.get(__ret__, 'name'), + policy_properties=pulumi.get(__ret__, 'policy_properties'), + rules=pulumi.get(__ret__, 'rules'), + scope=pulumi.get(__ret__, 'scope'), + type=pulumi.get(__ret__, 'type')) +def get_role_management_policy_output(role_management_policy_name: Optional[pulumi.Input[str]] = None, + scope: Optional[pulumi.Input[str]] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRoleManagementPolicyResult]: + """ + Get the specified role management policy for a resource scope + + + :param str role_management_policy_name: The name (guid) of the role management policy to get. + :param str scope: The scope of the role management policy. + """ + __args__ = dict() + __args__['roleManagementPolicyName'] = role_management_policy_name + __args__['scope'] = scope + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke_output('azure-native:authorization/v20240201preview:getRoleManagementPolicy', __args__, opts=opts, typ=GetRoleManagementPolicyResult) + return __ret__.apply(lambda __response__: GetRoleManagementPolicyResult( + description=pulumi.get(__response__, 'description'), + display_name=pulumi.get(__response__, 'display_name'), + effective_rules=pulumi.get(__response__, 'effective_rules'), + id=pulumi.get(__response__, 'id'), + is_organization_default=pulumi.get(__response__, 'is_organization_default'), + last_modified_by=pulumi.get(__response__, 'last_modified_by'), + last_modified_date_time=pulumi.get(__response__, 'last_modified_date_time'), + name=pulumi.get(__response__, 'name'), + policy_properties=pulumi.get(__response__, 'policy_properties'), + rules=pulumi.get(__response__, 'rules'), + scope=pulumi.get(__response__, 'scope'), + type=pulumi.get(__response__, 'type'))) diff --git a/sdk/python/pulumi_azure_native/authorization/v20240201preview/outputs.py b/sdk/python/pulumi_azure_native/authorization/v20240201preview/outputs.py index 2036feca16a5..3dbb5c8ae667 100644 --- a/sdk/python/pulumi_azure_native/authorization/v20240201preview/outputs.py +++ b/sdk/python/pulumi_azure_native/authorization/v20240201preview/outputs.py @@ -14,6 +14,7 @@ from typing_extensions import NotRequired, TypedDict, TypeAlias from ... import _utilities from . import outputs +from ._enums import * __all__ = [ 'ApprovalSettingsResponse', @@ -23,6 +24,8 @@ 'PolicyAssignmentPropertiesResponsePolicy', 'PolicyAssignmentPropertiesResponseRoleDefinition', 'PolicyAssignmentPropertiesResponseScope', + 'PolicyPropertiesResponse', + 'PolicyPropertiesResponseScope', 'PrincipalResponse', 'RoleManagementPolicyApprovalRuleResponse', 'RoleManagementPolicyAuthenticationContextRuleResponse', @@ -562,6 +565,92 @@ def type(self) -> Optional[str]: return pulumi.get(self, "type") +@pulumi.output_type +class PolicyPropertiesResponse(dict): + """ + Expanded info of resource scope + """ + def __init__(__self__, *, + scope: 'outputs.PolicyPropertiesResponseScope'): + """ + Expanded info of resource scope + :param 'PolicyPropertiesResponseScope' scope: Details of the resource scope + """ + pulumi.set(__self__, "scope", scope) + + @property + @pulumi.getter + def scope(self) -> 'outputs.PolicyPropertiesResponseScope': + """ + Details of the resource scope + """ + return pulumi.get(self, "scope") + + +@pulumi.output_type +class PolicyPropertiesResponseScope(dict): + """ + Details of the resource scope + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "displayName": + suggest = "display_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in PolicyPropertiesResponseScope. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + PolicyPropertiesResponseScope.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + PolicyPropertiesResponseScope.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + display_name: Optional[str] = None, + id: Optional[str] = None, + type: Optional[str] = None): + """ + Details of the resource scope + :param str display_name: Display name of the resource + :param str id: Scope id of the resource + :param str type: Type of the resource + """ + if display_name is not None: + pulumi.set(__self__, "display_name", display_name) + if id is not None: + pulumi.set(__self__, "id", id) + if type is not None: + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[str]: + """ + Display name of the resource + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter + def id(self) -> Optional[str]: + """ + Scope id of the resource + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter + def type(self) -> Optional[str]: + """ + Type of the resource + """ + return pulumi.get(self, "type") + + @pulumi.output_type class PrincipalResponse(dict): """ diff --git a/sdk/python/pulumi_azure_native/authorization/v20240201preview/role_management_policy.py b/sdk/python/pulumi_azure_native/authorization/v20240201preview/role_management_policy.py new file mode 100644 index 000000000000..6f226bc8f67e --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/v20240201preview/role_management_policy.py @@ -0,0 +1,326 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from ... import _utilities +from . import outputs +from ._enums import * +from ._inputs import * + +__all__ = ['RoleManagementPolicyArgs', 'RoleManagementPolicy'] + +@pulumi.input_type +class RoleManagementPolicyArgs: + def __init__(__self__, *, + scope: pulumi.Input[str], + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + is_organization_default: Optional[pulumi.Input[bool]] = None, + role_management_policy_name: Optional[pulumi.Input[str]] = None, + rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgs']]]]] = None): + """ + The set of arguments for constructing a RoleManagementPolicy resource. + :param pulumi.Input[str] scope: The role management policy scope. + :param pulumi.Input[str] description: The role management policy description. + :param pulumi.Input[str] display_name: The role management policy display name. + :param pulumi.Input[bool] is_organization_default: The role management policy is default policy. + :param pulumi.Input[str] role_management_policy_name: The name (guid) of the role management policy to upsert. + :param pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgs']]]] rules: The rule applied to the policy. + """ + pulumi.set(__self__, "scope", scope) + if description is not None: + pulumi.set(__self__, "description", description) + if display_name is not None: + pulumi.set(__self__, "display_name", display_name) + if is_organization_default is not None: + pulumi.set(__self__, "is_organization_default", is_organization_default) + if role_management_policy_name is not None: + pulumi.set(__self__, "role_management_policy_name", role_management_policy_name) + if rules is not None: + pulumi.set(__self__, "rules", rules) + + @property + @pulumi.getter + def scope(self) -> pulumi.Input[str]: + """ + The role management policy scope. + """ + return pulumi.get(self, "scope") + + @scope.setter + def scope(self, value: pulumi.Input[str]): + pulumi.set(self, "scope", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + The role management policy description. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[pulumi.Input[str]]: + """ + The role management policy display name. + """ + return pulumi.get(self, "display_name") + + @display_name.setter + def display_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display_name", value) + + @property + @pulumi.getter(name="isOrganizationDefault") + def is_organization_default(self) -> Optional[pulumi.Input[bool]]: + """ + The role management policy is default policy. + """ + return pulumi.get(self, "is_organization_default") + + @is_organization_default.setter + def is_organization_default(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_organization_default", value) + + @property + @pulumi.getter(name="roleManagementPolicyName") + def role_management_policy_name(self) -> Optional[pulumi.Input[str]]: + """ + The name (guid) of the role management policy to upsert. + """ + return pulumi.get(self, "role_management_policy_name") + + @role_management_policy_name.setter + def role_management_policy_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "role_management_policy_name", value) + + @property + @pulumi.getter + def rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgs']]]]]: + """ + The rule applied to the policy. + """ + return pulumi.get(self, "rules") + + @rules.setter + def rules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgs']]]]]): + pulumi.set(self, "rules", value) + + +class RoleManagementPolicy(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + is_organization_default: Optional[pulumi.Input[bool]] = None, + role_management_policy_name: Optional[pulumi.Input[str]] = None, + rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyApprovalRuleArgsDict'], Union['RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgsDict'], Union['RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyEnablementRuleArgsDict'], Union['RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyExpirationRuleArgsDict'], Union['RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyNotificationRuleArgsDict'], Union['RoleManagementPolicyPimOnlyModeRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgsDict']]]]]] = None, + scope: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Role management policy + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] description: The role management policy description. + :param pulumi.Input[str] display_name: The role management policy display name. + :param pulumi.Input[bool] is_organization_default: The role management policy is default policy. + :param pulumi.Input[str] role_management_policy_name: The name (guid) of the role management policy to upsert. + :param pulumi.Input[Sequence[pulumi.Input[Union[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyApprovalRuleArgsDict'], Union['RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgsDict'], Union['RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyEnablementRuleArgsDict'], Union['RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyExpirationRuleArgsDict'], Union['RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyNotificationRuleArgsDict'], Union['RoleManagementPolicyPimOnlyModeRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgsDict']]]]] rules: The rule applied to the policy. + :param pulumi.Input[str] scope: The role management policy scope. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: RoleManagementPolicyArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Role management policy + + :param str resource_name: The name of the resource. + :param RoleManagementPolicyArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(RoleManagementPolicyArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + is_organization_default: Optional[pulumi.Input[bool]] = None, + role_management_policy_name: Optional[pulumi.Input[str]] = None, + rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyApprovalRuleArgsDict'], Union['RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgsDict'], Union['RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyEnablementRuleArgsDict'], Union['RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyExpirationRuleArgsDict'], Union['RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyNotificationRuleArgsDict'], Union['RoleManagementPolicyPimOnlyModeRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgsDict']]]]]] = None, + scope: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = RoleManagementPolicyArgs.__new__(RoleManagementPolicyArgs) + + __props__.__dict__["description"] = description + __props__.__dict__["display_name"] = display_name + __props__.__dict__["is_organization_default"] = is_organization_default + __props__.__dict__["role_management_policy_name"] = role_management_policy_name + __props__.__dict__["rules"] = rules + if scope is None and not opts.urn: + raise TypeError("Missing required property 'scope'") + __props__.__dict__["scope"] = scope + __props__.__dict__["effective_rules"] = None + __props__.__dict__["last_modified_by"] = None + __props__.__dict__["last_modified_date_time"] = None + __props__.__dict__["name"] = None + __props__.__dict__["policy_properties"] = None + __props__.__dict__["type"] = None + alias_opts = pulumi.ResourceOptions(aliases=[pulumi.Alias(type_="azure-native:authorization:RoleManagementPolicy"), pulumi.Alias(type_="azure-native:authorization/v20201001:RoleManagementPolicy"), pulumi.Alias(type_="azure-native:authorization/v20201001preview:RoleManagementPolicy"), pulumi.Alias(type_="azure-native:authorization/v20240901preview:RoleManagementPolicy")]) + opts = pulumi.ResourceOptions.merge(opts, alias_opts) + super(RoleManagementPolicy, __self__).__init__( + 'azure-native:authorization/v20240201preview:RoleManagementPolicy', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None) -> 'RoleManagementPolicy': + """ + Get an existing RoleManagementPolicy resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = RoleManagementPolicyArgs.__new__(RoleManagementPolicyArgs) + + __props__.__dict__["description"] = None + __props__.__dict__["display_name"] = None + __props__.__dict__["effective_rules"] = None + __props__.__dict__["is_organization_default"] = None + __props__.__dict__["last_modified_by"] = None + __props__.__dict__["last_modified_date_time"] = None + __props__.__dict__["name"] = None + __props__.__dict__["policy_properties"] = None + __props__.__dict__["rules"] = None + __props__.__dict__["scope"] = None + __props__.__dict__["type"] = None + return RoleManagementPolicy(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def description(self) -> pulumi.Output[Optional[str]]: + """ + The role management policy description. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> pulumi.Output[Optional[str]]: + """ + The role management policy display name. + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter(name="effectiveRules") + def effective_rules(self) -> pulumi.Output[Sequence[Any]]: + """ + The readonly computed rule applied to the policy. + """ + return pulumi.get(self, "effective_rules") + + @property + @pulumi.getter(name="isOrganizationDefault") + def is_organization_default(self) -> pulumi.Output[Optional[bool]]: + """ + The role management policy is default policy. + """ + return pulumi.get(self, "is_organization_default") + + @property + @pulumi.getter(name="lastModifiedBy") + def last_modified_by(self) -> pulumi.Output['outputs.PrincipalResponse']: + """ + The name of the entity last modified it + """ + return pulumi.get(self, "last_modified_by") + + @property + @pulumi.getter(name="lastModifiedDateTime") + def last_modified_date_time(self) -> pulumi.Output[str]: + """ + The last modified date time. + """ + return pulumi.get(self, "last_modified_date_time") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + The role management policy name. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="policyProperties") + def policy_properties(self) -> pulumi.Output['outputs.PolicyPropertiesResponse']: + """ + Additional properties of scope + """ + return pulumi.get(self, "policy_properties") + + @property + @pulumi.getter + def rules(self) -> pulumi.Output[Optional[Sequence[Any]]]: + """ + The rule applied to the policy. + """ + return pulumi.get(self, "rules") + + @property + @pulumi.getter + def scope(self) -> pulumi.Output[Optional[str]]: + """ + The role management policy scope. + """ + return pulumi.get(self, "scope") + + @property + @pulumi.getter + def type(self) -> pulumi.Output[str]: + """ + The role management policy type. + """ + return pulumi.get(self, "type") + diff --git a/sdk/python/pulumi_azure_native/authorization/v20240901preview/__init__.py b/sdk/python/pulumi_azure_native/authorization/v20240901preview/__init__.py index 764078306785..c9d9f0f2f5ee 100644 --- a/sdk/python/pulumi_azure_native/authorization/v20240901preview/__init__.py +++ b/sdk/python/pulumi_azure_native/authorization/v20240901preview/__init__.py @@ -5,6 +5,10 @@ from ... import _utilities import typing # Export this package's modules as members: +from ._enums import * +from .get_role_management_policy import * from .get_role_management_policy_assignment import * +from .role_management_policy import * from .role_management_policy_assignment import * +from ._inputs import * from . import outputs diff --git a/sdk/python/pulumi_azure_native/authorization/v20240901preview/_enums.py b/sdk/python/pulumi_azure_native/authorization/v20240901preview/_enums.py new file mode 100644 index 000000000000..0330c93d0466 --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/v20240901preview/_enums.py @@ -0,0 +1,96 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +from enum import Enum + +__all__ = [ + 'ApprovalMode', + 'EnablementRules', + 'ExcludedPrincipalTypes', + 'NotificationDeliveryMechanism', + 'NotificationLevel', + 'PIMOnlyMode', + 'RecipientType', + 'RoleManagementPolicyRuleType', + 'UserType', +] + + +class ApprovalMode(str, Enum): + """ + The type of rule + """ + SINGLE_STAGE = "SingleStage" + SERIAL = "Serial" + PARALLEL = "Parallel" + NO_APPROVAL = "NoApproval" + + +class EnablementRules(str, Enum): + """ + The type of enablement rule + """ + MULTI_FACTOR_AUTHENTICATION = "MultiFactorAuthentication" + JUSTIFICATION = "Justification" + TICKETING = "Ticketing" + + +class ExcludedPrincipalTypes(str, Enum): + SERVICE_PRINCIPALS_AS_TARGET = "ServicePrincipalsAsTarget" + SERVICE_PRINCIPALS_AS_REQUESTOR = "ServicePrincipalsAsRequestor" + + +class NotificationDeliveryMechanism(str, Enum): + """ + The type of notification. + """ + EMAIL = "Email" + + +class NotificationLevel(str, Enum): + """ + The notification level. + """ + NONE = "None" + CRITICAL = "Critical" + ALL = "All" + + +class PIMOnlyMode(str, Enum): + """ + Determines whether the setting is enabled, disabled or report only. + """ + DISABLED = "Disabled" + ENABLED = "Enabled" + REPORT_ONLY = "ReportOnly" + + +class RecipientType(str, Enum): + """ + The recipient type. + """ + REQUESTOR = "Requestor" + APPROVER = "Approver" + ADMIN = "Admin" + + +class RoleManagementPolicyRuleType(str, Enum): + """ + The type of rule + """ + ROLE_MANAGEMENT_POLICY_APPROVAL_RULE = "RoleManagementPolicyApprovalRule" + ROLE_MANAGEMENT_POLICY_AUTHENTICATION_CONTEXT_RULE = "RoleManagementPolicyAuthenticationContextRule" + ROLE_MANAGEMENT_POLICY_ENABLEMENT_RULE = "RoleManagementPolicyEnablementRule" + ROLE_MANAGEMENT_POLICY_EXPIRATION_RULE = "RoleManagementPolicyExpirationRule" + ROLE_MANAGEMENT_POLICY_NOTIFICATION_RULE = "RoleManagementPolicyNotificationRule" + ROLE_MANAGEMENT_POLICY_PIM_ONLY_MODE_RULE = "RoleManagementPolicyPimOnlyModeRule" + + +class UserType(str, Enum): + """ + The type of user. + """ + USER = "User" + GROUP = "Group" + SERVICE_PRINCIPAL = "ServicePrincipal" diff --git a/sdk/python/pulumi_azure_native/authorization/v20240901preview/_inputs.py b/sdk/python/pulumi_azure_native/authorization/v20240901preview/_inputs.py new file mode 100644 index 000000000000..e88619074323 --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/v20240901preview/_inputs.py @@ -0,0 +1,1410 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from ... import _utilities +from ._enums import * + +__all__ = [ + 'ApprovalSettingsArgs', + 'ApprovalSettingsArgsDict', + 'ApprovalStageArgs', + 'ApprovalStageArgsDict', + 'PIMOnlyModeSettingsArgs', + 'PIMOnlyModeSettingsArgsDict', + 'RoleManagementPolicyApprovalRuleArgs', + 'RoleManagementPolicyApprovalRuleArgsDict', + 'RoleManagementPolicyAuthenticationContextRuleArgs', + 'RoleManagementPolicyAuthenticationContextRuleArgsDict', + 'RoleManagementPolicyEnablementRuleArgs', + 'RoleManagementPolicyEnablementRuleArgsDict', + 'RoleManagementPolicyExpirationRuleArgs', + 'RoleManagementPolicyExpirationRuleArgsDict', + 'RoleManagementPolicyNotificationRuleArgs', + 'RoleManagementPolicyNotificationRuleArgsDict', + 'RoleManagementPolicyPimOnlyModeRuleArgs', + 'RoleManagementPolicyPimOnlyModeRuleArgsDict', + 'RoleManagementPolicyRuleTargetArgs', + 'RoleManagementPolicyRuleTargetArgsDict', + 'UserSetArgs', + 'UserSetArgsDict', + 'UsersOrServicePrincipalSetArgs', + 'UsersOrServicePrincipalSetArgsDict', +] + +MYPY = False + +if not MYPY: + class ApprovalSettingsArgsDict(TypedDict): + """ + The approval settings. + """ + approval_mode: NotRequired[pulumi.Input[Union[str, 'ApprovalMode']]] + """ + The type of rule + """ + approval_stages: NotRequired[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgsDict']]]] + """ + The approval stages of the request. + """ + is_approval_required: NotRequired[pulumi.Input[bool]] + """ + Determines whether approval is required or not. + """ + is_approval_required_for_extension: NotRequired[pulumi.Input[bool]] + """ + Determines whether approval is required for assignment extension. + """ + is_requestor_justification_required: NotRequired[pulumi.Input[bool]] + """ + Determine whether requestor justification is required. + """ +elif False: + ApprovalSettingsArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ApprovalSettingsArgs: + def __init__(__self__, *, + approval_mode: Optional[pulumi.Input[Union[str, 'ApprovalMode']]] = None, + approval_stages: Optional[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]]] = None, + is_approval_required: Optional[pulumi.Input[bool]] = None, + is_approval_required_for_extension: Optional[pulumi.Input[bool]] = None, + is_requestor_justification_required: Optional[pulumi.Input[bool]] = None): + """ + The approval settings. + :param pulumi.Input[Union[str, 'ApprovalMode']] approval_mode: The type of rule + :param pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]] approval_stages: The approval stages of the request. + :param pulumi.Input[bool] is_approval_required: Determines whether approval is required or not. + :param pulumi.Input[bool] is_approval_required_for_extension: Determines whether approval is required for assignment extension. + :param pulumi.Input[bool] is_requestor_justification_required: Determine whether requestor justification is required. + """ + if approval_mode is not None: + pulumi.set(__self__, "approval_mode", approval_mode) + if approval_stages is not None: + pulumi.set(__self__, "approval_stages", approval_stages) + if is_approval_required is not None: + pulumi.set(__self__, "is_approval_required", is_approval_required) + if is_approval_required_for_extension is not None: + pulumi.set(__self__, "is_approval_required_for_extension", is_approval_required_for_extension) + if is_requestor_justification_required is not None: + pulumi.set(__self__, "is_requestor_justification_required", is_requestor_justification_required) + + @property + @pulumi.getter(name="approvalMode") + def approval_mode(self) -> Optional[pulumi.Input[Union[str, 'ApprovalMode']]]: + """ + The type of rule + """ + return pulumi.get(self, "approval_mode") + + @approval_mode.setter + def approval_mode(self, value: Optional[pulumi.Input[Union[str, 'ApprovalMode']]]): + pulumi.set(self, "approval_mode", value) + + @property + @pulumi.getter(name="approvalStages") + def approval_stages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]]]: + """ + The approval stages of the request. + """ + return pulumi.get(self, "approval_stages") + + @approval_stages.setter + def approval_stages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ApprovalStageArgs']]]]): + pulumi.set(self, "approval_stages", value) + + @property + @pulumi.getter(name="isApprovalRequired") + def is_approval_required(self) -> Optional[pulumi.Input[bool]]: + """ + Determines whether approval is required or not. + """ + return pulumi.get(self, "is_approval_required") + + @is_approval_required.setter + def is_approval_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_approval_required", value) + + @property + @pulumi.getter(name="isApprovalRequiredForExtension") + def is_approval_required_for_extension(self) -> Optional[pulumi.Input[bool]]: + """ + Determines whether approval is required for assignment extension. + """ + return pulumi.get(self, "is_approval_required_for_extension") + + @is_approval_required_for_extension.setter + def is_approval_required_for_extension(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_approval_required_for_extension", value) + + @property + @pulumi.getter(name="isRequestorJustificationRequired") + def is_requestor_justification_required(self) -> Optional[pulumi.Input[bool]]: + """ + Determine whether requestor justification is required. + """ + return pulumi.get(self, "is_requestor_justification_required") + + @is_requestor_justification_required.setter + def is_requestor_justification_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_requestor_justification_required", value) + + +if not MYPY: + class ApprovalStageArgsDict(TypedDict): + """ + The approval stage. + """ + approval_stage_time_out_in_days: NotRequired[pulumi.Input[int]] + """ + The time in days when approval request would be timed out + """ + escalation_approvers: NotRequired[pulumi.Input[Sequence[pulumi.Input['UserSetArgsDict']]]] + """ + The escalation approver of the request. + """ + escalation_time_in_minutes: NotRequired[pulumi.Input[int]] + """ + The time in minutes when the approval request would be escalated if the primary approver does not approve + """ + is_approver_justification_required: NotRequired[pulumi.Input[bool]] + """ + Determines whether approver need to provide justification for his decision. + """ + is_escalation_enabled: NotRequired[pulumi.Input[bool]] + """ + The value determine whether escalation feature is enabled. + """ + primary_approvers: NotRequired[pulumi.Input[Sequence[pulumi.Input['UserSetArgsDict']]]] + """ + The primary approver of the request. + """ +elif False: + ApprovalStageArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class ApprovalStageArgs: + def __init__(__self__, *, + approval_stage_time_out_in_days: Optional[pulumi.Input[int]] = None, + escalation_approvers: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]] = None, + escalation_time_in_minutes: Optional[pulumi.Input[int]] = None, + is_approver_justification_required: Optional[pulumi.Input[bool]] = None, + is_escalation_enabled: Optional[pulumi.Input[bool]] = None, + primary_approvers: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]] = None): + """ + The approval stage. + :param pulumi.Input[int] approval_stage_time_out_in_days: The time in days when approval request would be timed out + :param pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]] escalation_approvers: The escalation approver of the request. + :param pulumi.Input[int] escalation_time_in_minutes: The time in minutes when the approval request would be escalated if the primary approver does not approve + :param pulumi.Input[bool] is_approver_justification_required: Determines whether approver need to provide justification for his decision. + :param pulumi.Input[bool] is_escalation_enabled: The value determine whether escalation feature is enabled. + :param pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]] primary_approvers: The primary approver of the request. + """ + if approval_stage_time_out_in_days is not None: + pulumi.set(__self__, "approval_stage_time_out_in_days", approval_stage_time_out_in_days) + if escalation_approvers is not None: + pulumi.set(__self__, "escalation_approvers", escalation_approvers) + if escalation_time_in_minutes is not None: + pulumi.set(__self__, "escalation_time_in_minutes", escalation_time_in_minutes) + if is_approver_justification_required is not None: + pulumi.set(__self__, "is_approver_justification_required", is_approver_justification_required) + if is_escalation_enabled is not None: + pulumi.set(__self__, "is_escalation_enabled", is_escalation_enabled) + if primary_approvers is not None: + pulumi.set(__self__, "primary_approvers", primary_approvers) + + @property + @pulumi.getter(name="approvalStageTimeOutInDays") + def approval_stage_time_out_in_days(self) -> Optional[pulumi.Input[int]]: + """ + The time in days when approval request would be timed out + """ + return pulumi.get(self, "approval_stage_time_out_in_days") + + @approval_stage_time_out_in_days.setter + def approval_stage_time_out_in_days(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "approval_stage_time_out_in_days", value) + + @property + @pulumi.getter(name="escalationApprovers") + def escalation_approvers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]: + """ + The escalation approver of the request. + """ + return pulumi.get(self, "escalation_approvers") + + @escalation_approvers.setter + def escalation_approvers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]): + pulumi.set(self, "escalation_approvers", value) + + @property + @pulumi.getter(name="escalationTimeInMinutes") + def escalation_time_in_minutes(self) -> Optional[pulumi.Input[int]]: + """ + The time in minutes when the approval request would be escalated if the primary approver does not approve + """ + return pulumi.get(self, "escalation_time_in_minutes") + + @escalation_time_in_minutes.setter + def escalation_time_in_minutes(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "escalation_time_in_minutes", value) + + @property + @pulumi.getter(name="isApproverJustificationRequired") + def is_approver_justification_required(self) -> Optional[pulumi.Input[bool]]: + """ + Determines whether approver need to provide justification for his decision. + """ + return pulumi.get(self, "is_approver_justification_required") + + @is_approver_justification_required.setter + def is_approver_justification_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_approver_justification_required", value) + + @property + @pulumi.getter(name="isEscalationEnabled") + def is_escalation_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + The value determine whether escalation feature is enabled. + """ + return pulumi.get(self, "is_escalation_enabled") + + @is_escalation_enabled.setter + def is_escalation_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_escalation_enabled", value) + + @property + @pulumi.getter(name="primaryApprovers") + def primary_approvers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]: + """ + The primary approver of the request. + """ + return pulumi.get(self, "primary_approvers") + + @primary_approvers.setter + def primary_approvers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]): + pulumi.set(self, "primary_approvers", value) + + +if not MYPY: + class PIMOnlyModeSettingsArgsDict(TypedDict): + """ + The PIM Only Mode settings. + """ + excluded_assignment_types: NotRequired[pulumi.Input[Sequence[pulumi.Input[Union[str, 'ExcludedPrincipalTypes']]]]] + """ + The list of excluded assignment types allowed. + """ + excludes: NotRequired[pulumi.Input[Sequence[pulumi.Input['UsersOrServicePrincipalSetArgsDict']]]] + """ + The list of excluded entities that the rule does not apply to. + """ + mode: NotRequired[pulumi.Input[Union[str, 'PIMOnlyMode']]] + """ + Determines whether the setting is enabled, disabled or report only. + """ +elif False: + PIMOnlyModeSettingsArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class PIMOnlyModeSettingsArgs: + def __init__(__self__, *, + excluded_assignment_types: Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'ExcludedPrincipalTypes']]]]] = None, + excludes: Optional[pulumi.Input[Sequence[pulumi.Input['UsersOrServicePrincipalSetArgs']]]] = None, + mode: Optional[pulumi.Input[Union[str, 'PIMOnlyMode']]] = None): + """ + The PIM Only Mode settings. + :param pulumi.Input[Sequence[pulumi.Input[Union[str, 'ExcludedPrincipalTypes']]]] excluded_assignment_types: The list of excluded assignment types allowed. + :param pulumi.Input[Sequence[pulumi.Input['UsersOrServicePrincipalSetArgs']]] excludes: The list of excluded entities that the rule does not apply to. + :param pulumi.Input[Union[str, 'PIMOnlyMode']] mode: Determines whether the setting is enabled, disabled or report only. + """ + if excluded_assignment_types is not None: + pulumi.set(__self__, "excluded_assignment_types", excluded_assignment_types) + if excludes is not None: + pulumi.set(__self__, "excludes", excludes) + if mode is not None: + pulumi.set(__self__, "mode", mode) + + @property + @pulumi.getter(name="excludedAssignmentTypes") + def excluded_assignment_types(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'ExcludedPrincipalTypes']]]]]: + """ + The list of excluded assignment types allowed. + """ + return pulumi.get(self, "excluded_assignment_types") + + @excluded_assignment_types.setter + def excluded_assignment_types(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'ExcludedPrincipalTypes']]]]]): + pulumi.set(self, "excluded_assignment_types", value) + + @property + @pulumi.getter + def excludes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UsersOrServicePrincipalSetArgs']]]]: + """ + The list of excluded entities that the rule does not apply to. + """ + return pulumi.get(self, "excludes") + + @excludes.setter + def excludes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['UsersOrServicePrincipalSetArgs']]]]): + pulumi.set(self, "excludes", value) + + @property + @pulumi.getter + def mode(self) -> Optional[pulumi.Input[Union[str, 'PIMOnlyMode']]]: + """ + Determines whether the setting is enabled, disabled or report only. + """ + return pulumi.get(self, "mode") + + @mode.setter + def mode(self, value: Optional[pulumi.Input[Union[str, 'PIMOnlyMode']]]): + pulumi.set(self, "mode", value) + + +if not MYPY: + class RoleManagementPolicyApprovalRuleArgsDict(TypedDict): + """ + The role management policy approval rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + setting: NotRequired[pulumi.Input['ApprovalSettingsArgsDict']] + """ + The approval setting + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyApprovalRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyApprovalRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + id: Optional[pulumi.Input[str]] = None, + setting: Optional[pulumi.Input['ApprovalSettingsArgs']] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy approval rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input['ApprovalSettingsArgs'] setting: The approval setting + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyApprovalRule') + if id is not None: + pulumi.set(__self__, "id", id) + if setting is not None: + pulumi.set(__self__, "setting", setting) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyApprovalRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter + def setting(self) -> Optional[pulumi.Input['ApprovalSettingsArgs']]: + """ + The approval setting + """ + return pulumi.get(self, "setting") + + @setting.setter + def setting(self, value: Optional[pulumi.Input['ApprovalSettingsArgs']]): + pulumi.set(self, "setting", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyAuthenticationContextRuleArgsDict(TypedDict): + """ + The role management policy authentication context rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + """ + claim_value: NotRequired[pulumi.Input[str]] + """ + The claim value. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + is_enabled: NotRequired[pulumi.Input[bool]] + """ + The value indicating if rule is enabled. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyAuthenticationContextRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyAuthenticationContextRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + claim_value: Optional[pulumi.Input[str]] = None, + id: Optional[pulumi.Input[str]] = None, + is_enabled: Optional[pulumi.Input[bool]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy authentication context rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + :param pulumi.Input[str] claim_value: The claim value. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input[bool] is_enabled: The value indicating if rule is enabled. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyAuthenticationContextRule') + if claim_value is not None: + pulumi.set(__self__, "claim_value", claim_value) + if id is not None: + pulumi.set(__self__, "id", id) + if is_enabled is not None: + pulumi.set(__self__, "is_enabled", is_enabled) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyAuthenticationContextRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter(name="claimValue") + def claim_value(self) -> Optional[pulumi.Input[str]]: + """ + The claim value. + """ + return pulumi.get(self, "claim_value") + + @claim_value.setter + def claim_value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "claim_value", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isEnabled") + def is_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + The value indicating if rule is enabled. + """ + return pulumi.get(self, "is_enabled") + + @is_enabled.setter + def is_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_enabled", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyEnablementRuleArgsDict(TypedDict): + """ + The role management policy enablement rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + """ + enabled_rules: NotRequired[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]] + """ + The list of enabled rules. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyEnablementRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyEnablementRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + enabled_rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]] = None, + id: Optional[pulumi.Input[str]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy enablement rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + :param pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]] enabled_rules: The list of enabled rules. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyEnablementRule') + if enabled_rules is not None: + pulumi.set(__self__, "enabled_rules", enabled_rules) + if id is not None: + pulumi.set(__self__, "id", id) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyEnablementRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter(name="enabledRules") + def enabled_rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]]: + """ + The list of enabled rules. + """ + return pulumi.get(self, "enabled_rules") + + @enabled_rules.setter + def enabled_rules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Union[str, 'EnablementRules']]]]]): + pulumi.set(self, "enabled_rules", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyExpirationRuleArgsDict(TypedDict): + """ + The role management policy expiration rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + """ + exception_members: NotRequired[pulumi.Input[Sequence[pulumi.Input['UserSetArgsDict']]]] + """ + The members not restricted by expiration rule. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + is_expiration_required: NotRequired[pulumi.Input[bool]] + """ + The value indicating whether expiration is required. + """ + maximum_duration: NotRequired[pulumi.Input[str]] + """ + The maximum duration of expiration in timespan. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyExpirationRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyExpirationRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + exception_members: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]] = None, + id: Optional[pulumi.Input[str]] = None, + is_expiration_required: Optional[pulumi.Input[bool]] = None, + maximum_duration: Optional[pulumi.Input[str]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy expiration rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + :param pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]] exception_members: The members not restricted by expiration rule. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input[bool] is_expiration_required: The value indicating whether expiration is required. + :param pulumi.Input[str] maximum_duration: The maximum duration of expiration in timespan. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyExpirationRule') + if exception_members is not None: + pulumi.set(__self__, "exception_members", exception_members) + if id is not None: + pulumi.set(__self__, "id", id) + if is_expiration_required is not None: + pulumi.set(__self__, "is_expiration_required", is_expiration_required) + if maximum_duration is not None: + pulumi.set(__self__, "maximum_duration", maximum_duration) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyExpirationRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter(name="exceptionMembers") + def exception_members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]: + """ + The members not restricted by expiration rule. + """ + return pulumi.get(self, "exception_members") + + @exception_members.setter + def exception_members(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['UserSetArgs']]]]): + pulumi.set(self, "exception_members", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isExpirationRequired") + def is_expiration_required(self) -> Optional[pulumi.Input[bool]]: + """ + The value indicating whether expiration is required. + """ + return pulumi.get(self, "is_expiration_required") + + @is_expiration_required.setter + def is_expiration_required(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_expiration_required", value) + + @property + @pulumi.getter(name="maximumDuration") + def maximum_duration(self) -> Optional[pulumi.Input[str]]: + """ + The maximum duration of expiration in timespan. + """ + return pulumi.get(self, "maximum_duration") + + @maximum_duration.setter + def maximum_duration(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "maximum_duration", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyNotificationRuleArgsDict(TypedDict): + """ + The role management policy notification rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + is_default_recipients_enabled: NotRequired[pulumi.Input[bool]] + """ + Determines if the notification will be sent to the recipient type specified in the policy rule. + """ + notification_level: NotRequired[pulumi.Input[Union[str, 'NotificationLevel']]] + """ + The notification level. + """ + notification_recipients: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of notification recipients. + """ + notification_type: NotRequired[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]] + """ + The type of notification. + """ + recipient_type: NotRequired[pulumi.Input[Union[str, 'RecipientType']]] + """ + The recipient type. + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyNotificationRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyNotificationRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + id: Optional[pulumi.Input[str]] = None, + is_default_recipients_enabled: Optional[pulumi.Input[bool]] = None, + notification_level: Optional[pulumi.Input[Union[str, 'NotificationLevel']]] = None, + notification_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + notification_type: Optional[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]] = None, + recipient_type: Optional[pulumi.Input[Union[str, 'RecipientType']]] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy notification rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input[bool] is_default_recipients_enabled: Determines if the notification will be sent to the recipient type specified in the policy rule. + :param pulumi.Input[Union[str, 'NotificationLevel']] notification_level: The notification level. + :param pulumi.Input[Sequence[pulumi.Input[str]]] notification_recipients: The list of notification recipients. + :param pulumi.Input[Union[str, 'NotificationDeliveryMechanism']] notification_type: The type of notification. + :param pulumi.Input[Union[str, 'RecipientType']] recipient_type: The recipient type. + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyNotificationRule') + if id is not None: + pulumi.set(__self__, "id", id) + if is_default_recipients_enabled is not None: + pulumi.set(__self__, "is_default_recipients_enabled", is_default_recipients_enabled) + if notification_level is not None: + pulumi.set(__self__, "notification_level", notification_level) + if notification_recipients is not None: + pulumi.set(__self__, "notification_recipients", notification_recipients) + if notification_type is not None: + pulumi.set(__self__, "notification_type", notification_type) + if recipient_type is not None: + pulumi.set(__self__, "recipient_type", recipient_type) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyNotificationRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isDefaultRecipientsEnabled") + def is_default_recipients_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Determines if the notification will be sent to the recipient type specified in the policy rule. + """ + return pulumi.get(self, "is_default_recipients_enabled") + + @is_default_recipients_enabled.setter + def is_default_recipients_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_default_recipients_enabled", value) + + @property + @pulumi.getter(name="notificationLevel") + def notification_level(self) -> Optional[pulumi.Input[Union[str, 'NotificationLevel']]]: + """ + The notification level. + """ + return pulumi.get(self, "notification_level") + + @notification_level.setter + def notification_level(self, value: Optional[pulumi.Input[Union[str, 'NotificationLevel']]]): + pulumi.set(self, "notification_level", value) + + @property + @pulumi.getter(name="notificationRecipients") + def notification_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of notification recipients. + """ + return pulumi.get(self, "notification_recipients") + + @notification_recipients.setter + def notification_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "notification_recipients", value) + + @property + @pulumi.getter(name="notificationType") + def notification_type(self) -> Optional[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]]: + """ + The type of notification. + """ + return pulumi.get(self, "notification_type") + + @notification_type.setter + def notification_type(self, value: Optional[pulumi.Input[Union[str, 'NotificationDeliveryMechanism']]]): + pulumi.set(self, "notification_type", value) + + @property + @pulumi.getter(name="recipientType") + def recipient_type(self) -> Optional[pulumi.Input[Union[str, 'RecipientType']]]: + """ + The recipient type. + """ + return pulumi.get(self, "recipient_type") + + @recipient_type.setter + def recipient_type(self, value: Optional[pulumi.Input[Union[str, 'RecipientType']]]): + pulumi.set(self, "recipient_type", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyPimOnlyModeRuleArgsDict(TypedDict): + """ + The role management policy PIM only mode rule. + """ + rule_type: pulumi.Input[str] + """ + The type of rule + Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + """ + id: NotRequired[pulumi.Input[str]] + """ + The id of the rule. + """ + pim_only_mode_settings: NotRequired[pulumi.Input['PIMOnlyModeSettingsArgsDict']] + """ + The PIM Only Mode settings + """ + target: NotRequired[pulumi.Input['RoleManagementPolicyRuleTargetArgsDict']] + """ + The target of the current rule. + """ +elif False: + RoleManagementPolicyPimOnlyModeRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyPimOnlyModeRuleArgs: + def __init__(__self__, *, + rule_type: pulumi.Input[str], + id: Optional[pulumi.Input[str]] = None, + pim_only_mode_settings: Optional[pulumi.Input['PIMOnlyModeSettingsArgs']] = None, + target: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']] = None): + """ + The role management policy PIM only mode rule. + :param pulumi.Input[str] rule_type: The type of rule + Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + :param pulumi.Input[str] id: The id of the rule. + :param pulumi.Input['PIMOnlyModeSettingsArgs'] pim_only_mode_settings: The PIM Only Mode settings + :param pulumi.Input['RoleManagementPolicyRuleTargetArgs'] target: The target of the current rule. + """ + pulumi.set(__self__, "rule_type", 'RoleManagementPolicyPimOnlyModeRule') + if id is not None: + pulumi.set(__self__, "id", id) + if pim_only_mode_settings is not None: + pulumi.set(__self__, "pim_only_mode_settings", pim_only_mode_settings) + if target is not None: + pulumi.set(__self__, "target", target) + + @property + @pulumi.getter(name="ruleType") + def rule_type(self) -> pulumi.Input[str]: + """ + The type of rule + Expected value is 'RoleManagementPolicyPimOnlyModeRule'. + """ + return pulumi.get(self, "rule_type") + + @rule_type.setter + def rule_type(self, value: pulumi.Input[str]): + pulumi.set(self, "rule_type", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The id of the rule. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="pimOnlyModeSettings") + def pim_only_mode_settings(self) -> Optional[pulumi.Input['PIMOnlyModeSettingsArgs']]: + """ + The PIM Only Mode settings + """ + return pulumi.get(self, "pim_only_mode_settings") + + @pim_only_mode_settings.setter + def pim_only_mode_settings(self, value: Optional[pulumi.Input['PIMOnlyModeSettingsArgs']]): + pulumi.set(self, "pim_only_mode_settings", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]: + """ + The target of the current rule. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['RoleManagementPolicyRuleTargetArgs']]): + pulumi.set(self, "target", value) + + +if not MYPY: + class RoleManagementPolicyRuleTargetArgsDict(TypedDict): + """ + The role management policy rule target. + """ + caller: NotRequired[pulumi.Input[str]] + """ + The caller of the setting. + """ + enforced_settings: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of enforced settings. + """ + inheritable_settings: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of inheritable settings. + """ + level: NotRequired[pulumi.Input[str]] + """ + The assignment level to which rule is applied. + """ + operations: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The type of operation. + """ + target_objects: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + The list of target objects. + """ +elif False: + RoleManagementPolicyRuleTargetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class RoleManagementPolicyRuleTargetArgs: + def __init__(__self__, *, + caller: Optional[pulumi.Input[str]] = None, + enforced_settings: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + inheritable_settings: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + level: Optional[pulumi.Input[str]] = None, + operations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + target_objects: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + The role management policy rule target. + :param pulumi.Input[str] caller: The caller of the setting. + :param pulumi.Input[Sequence[pulumi.Input[str]]] enforced_settings: The list of enforced settings. + :param pulumi.Input[Sequence[pulumi.Input[str]]] inheritable_settings: The list of inheritable settings. + :param pulumi.Input[str] level: The assignment level to which rule is applied. + :param pulumi.Input[Sequence[pulumi.Input[str]]] operations: The type of operation. + :param pulumi.Input[Sequence[pulumi.Input[str]]] target_objects: The list of target objects. + """ + if caller is not None: + pulumi.set(__self__, "caller", caller) + if enforced_settings is not None: + pulumi.set(__self__, "enforced_settings", enforced_settings) + if inheritable_settings is not None: + pulumi.set(__self__, "inheritable_settings", inheritable_settings) + if level is not None: + pulumi.set(__self__, "level", level) + if operations is not None: + pulumi.set(__self__, "operations", operations) + if target_objects is not None: + pulumi.set(__self__, "target_objects", target_objects) + + @property + @pulumi.getter + def caller(self) -> Optional[pulumi.Input[str]]: + """ + The caller of the setting. + """ + return pulumi.get(self, "caller") + + @caller.setter + def caller(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "caller", value) + + @property + @pulumi.getter(name="enforcedSettings") + def enforced_settings(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of enforced settings. + """ + return pulumi.get(self, "enforced_settings") + + @enforced_settings.setter + def enforced_settings(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "enforced_settings", value) + + @property + @pulumi.getter(name="inheritableSettings") + def inheritable_settings(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of inheritable settings. + """ + return pulumi.get(self, "inheritable_settings") + + @inheritable_settings.setter + def inheritable_settings(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "inheritable_settings", value) + + @property + @pulumi.getter + def level(self) -> Optional[pulumi.Input[str]]: + """ + The assignment level to which rule is applied. + """ + return pulumi.get(self, "level") + + @level.setter + def level(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "level", value) + + @property + @pulumi.getter + def operations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The type of operation. + """ + return pulumi.get(self, "operations") + + @operations.setter + def operations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "operations", value) + + @property + @pulumi.getter(name="targetObjects") + def target_objects(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + The list of target objects. + """ + return pulumi.get(self, "target_objects") + + @target_objects.setter + def target_objects(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "target_objects", value) + + +if not MYPY: + class UserSetArgsDict(TypedDict): + """ + The detail of a user. + """ + description: NotRequired[pulumi.Input[str]] + """ + The description of the user. + """ + id: NotRequired[pulumi.Input[str]] + """ + The object id of the user. + """ + is_backup: NotRequired[pulumi.Input[bool]] + """ + The value indicating whether the user is a backup fallback approver + """ + user_type: NotRequired[pulumi.Input[Union[str, 'UserType']]] + """ + The type of user. + """ +elif False: + UserSetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class UserSetArgs: + def __init__(__self__, *, + description: Optional[pulumi.Input[str]] = None, + id: Optional[pulumi.Input[str]] = None, + is_backup: Optional[pulumi.Input[bool]] = None, + user_type: Optional[pulumi.Input[Union[str, 'UserType']]] = None): + """ + The detail of a user. + :param pulumi.Input[str] description: The description of the user. + :param pulumi.Input[str] id: The object id of the user. + :param pulumi.Input[bool] is_backup: The value indicating whether the user is a backup fallback approver + :param pulumi.Input[Union[str, 'UserType']] user_type: The type of user. + """ + if description is not None: + pulumi.set(__self__, "description", description) + if id is not None: + pulumi.set(__self__, "id", id) + if is_backup is not None: + pulumi.set(__self__, "is_backup", is_backup) + if user_type is not None: + pulumi.set(__self__, "user_type", user_type) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + The description of the user. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The object id of the user. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter(name="isBackup") + def is_backup(self) -> Optional[pulumi.Input[bool]]: + """ + The value indicating whether the user is a backup fallback approver + """ + return pulumi.get(self, "is_backup") + + @is_backup.setter + def is_backup(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_backup", value) + + @property + @pulumi.getter(name="userType") + def user_type(self) -> Optional[pulumi.Input[Union[str, 'UserType']]]: + """ + The type of user. + """ + return pulumi.get(self, "user_type") + + @user_type.setter + def user_type(self, value: Optional[pulumi.Input[Union[str, 'UserType']]]): + pulumi.set(self, "user_type", value) + + +if not MYPY: + class UsersOrServicePrincipalSetArgsDict(TypedDict): + """ + The detail of a subject. + """ + display_name: NotRequired[pulumi.Input[str]] + """ + The display Name of the entity. + """ + id: NotRequired[pulumi.Input[str]] + """ + The object id of the entity. + """ + type: NotRequired[pulumi.Input[Union[str, 'UserType']]] + """ + The type of user. + """ +elif False: + UsersOrServicePrincipalSetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class UsersOrServicePrincipalSetArgs: + def __init__(__self__, *, + display_name: Optional[pulumi.Input[str]] = None, + id: Optional[pulumi.Input[str]] = None, + type: Optional[pulumi.Input[Union[str, 'UserType']]] = None): + """ + The detail of a subject. + :param pulumi.Input[str] display_name: The display Name of the entity. + :param pulumi.Input[str] id: The object id of the entity. + :param pulumi.Input[Union[str, 'UserType']] type: The type of user. + """ + if display_name is not None: + pulumi.set(__self__, "display_name", display_name) + if id is not None: + pulumi.set(__self__, "id", id) + if type is not None: + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[pulumi.Input[str]]: + """ + The display Name of the entity. + """ + return pulumi.get(self, "display_name") + + @display_name.setter + def display_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display_name", value) + + @property + @pulumi.getter + def id(self) -> Optional[pulumi.Input[str]]: + """ + The object id of the entity. + """ + return pulumi.get(self, "id") + + @id.setter + def id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "id", value) + + @property + @pulumi.getter + def type(self) -> Optional[pulumi.Input[Union[str, 'UserType']]]: + """ + The type of user. + """ + return pulumi.get(self, "type") + + @type.setter + def type(self, value: Optional[pulumi.Input[Union[str, 'UserType']]]): + pulumi.set(self, "type", value) + + diff --git a/sdk/python/pulumi_azure_native/authorization/v20240901preview/get_role_management_policy.py b/sdk/python/pulumi_azure_native/authorization/v20240901preview/get_role_management_policy.py new file mode 100644 index 000000000000..1c2e959497e2 --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/v20240901preview/get_role_management_policy.py @@ -0,0 +1,241 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from ... import _utilities +from . import outputs + +__all__ = [ + 'GetRoleManagementPolicyResult', + 'AwaitableGetRoleManagementPolicyResult', + 'get_role_management_policy', + 'get_role_management_policy_output', +] + +@pulumi.output_type +class GetRoleManagementPolicyResult: + """ + Role management policy + """ + def __init__(__self__, description=None, display_name=None, effective_rules=None, id=None, is_organization_default=None, last_modified_by=None, last_modified_date_time=None, name=None, policy_properties=None, rules=None, scope=None, type=None): + if description and not isinstance(description, str): + raise TypeError("Expected argument 'description' to be a str") + pulumi.set(__self__, "description", description) + if display_name and not isinstance(display_name, str): + raise TypeError("Expected argument 'display_name' to be a str") + pulumi.set(__self__, "display_name", display_name) + if effective_rules and not isinstance(effective_rules, list): + raise TypeError("Expected argument 'effective_rules' to be a list") + pulumi.set(__self__, "effective_rules", effective_rules) + if id and not isinstance(id, str): + raise TypeError("Expected argument 'id' to be a str") + pulumi.set(__self__, "id", id) + if is_organization_default and not isinstance(is_organization_default, bool): + raise TypeError("Expected argument 'is_organization_default' to be a bool") + pulumi.set(__self__, "is_organization_default", is_organization_default) + if last_modified_by and not isinstance(last_modified_by, dict): + raise TypeError("Expected argument 'last_modified_by' to be a dict") + pulumi.set(__self__, "last_modified_by", last_modified_by) + if last_modified_date_time and not isinstance(last_modified_date_time, str): + raise TypeError("Expected argument 'last_modified_date_time' to be a str") + pulumi.set(__self__, "last_modified_date_time", last_modified_date_time) + if name and not isinstance(name, str): + raise TypeError("Expected argument 'name' to be a str") + pulumi.set(__self__, "name", name) + if policy_properties and not isinstance(policy_properties, dict): + raise TypeError("Expected argument 'policy_properties' to be a dict") + pulumi.set(__self__, "policy_properties", policy_properties) + if rules and not isinstance(rules, list): + raise TypeError("Expected argument 'rules' to be a list") + pulumi.set(__self__, "rules", rules) + if scope and not isinstance(scope, str): + raise TypeError("Expected argument 'scope' to be a str") + pulumi.set(__self__, "scope", scope) + if type and not isinstance(type, str): + raise TypeError("Expected argument 'type' to be a str") + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter + def description(self) -> Optional[str]: + """ + The role management policy description. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[str]: + """ + The role management policy display name. + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter(name="effectiveRules") + def effective_rules(self) -> Sequence[Any]: + """ + The readonly computed rule applied to the policy. + """ + return pulumi.get(self, "effective_rules") + + @property + @pulumi.getter + def id(self) -> str: + """ + The role management policy Id. + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter(name="isOrganizationDefault") + def is_organization_default(self) -> Optional[bool]: + """ + The role management policy is default policy. + """ + return pulumi.get(self, "is_organization_default") + + @property + @pulumi.getter(name="lastModifiedBy") + def last_modified_by(self) -> 'outputs.PrincipalResponse': + """ + The name of the entity last modified it + """ + return pulumi.get(self, "last_modified_by") + + @property + @pulumi.getter(name="lastModifiedDateTime") + def last_modified_date_time(self) -> str: + """ + The last modified date time. + """ + return pulumi.get(self, "last_modified_date_time") + + @property + @pulumi.getter + def name(self) -> str: + """ + The role management policy name. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="policyProperties") + def policy_properties(self) -> 'outputs.PolicyPropertiesResponse': + """ + Additional properties of scope + """ + return pulumi.get(self, "policy_properties") + + @property + @pulumi.getter + def rules(self) -> Optional[Sequence[Any]]: + """ + The rule applied to the policy. + """ + return pulumi.get(self, "rules") + + @property + @pulumi.getter + def scope(self) -> Optional[str]: + """ + The role management policy scope. + """ + return pulumi.get(self, "scope") + + @property + @pulumi.getter + def type(self) -> str: + """ + The role management policy type. + """ + return pulumi.get(self, "type") + + +class AwaitableGetRoleManagementPolicyResult(GetRoleManagementPolicyResult): + # pylint: disable=using-constant-test + def __await__(self): + if False: + yield self + return GetRoleManagementPolicyResult( + description=self.description, + display_name=self.display_name, + effective_rules=self.effective_rules, + id=self.id, + is_organization_default=self.is_organization_default, + last_modified_by=self.last_modified_by, + last_modified_date_time=self.last_modified_date_time, + name=self.name, + policy_properties=self.policy_properties, + rules=self.rules, + scope=self.scope, + type=self.type) + + +def get_role_management_policy(role_management_policy_name: Optional[str] = None, + scope: Optional[str] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetRoleManagementPolicyResult: + """ + Get the specified role management policy for a resource scope + + + :param str role_management_policy_name: The name (guid) of the role management policy to get. + :param str scope: The scope of the role management policy. + """ + __args__ = dict() + __args__['roleManagementPolicyName'] = role_management_policy_name + __args__['scope'] = scope + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke('azure-native:authorization/v20240901preview:getRoleManagementPolicy', __args__, opts=opts, typ=GetRoleManagementPolicyResult).value + + return AwaitableGetRoleManagementPolicyResult( + description=pulumi.get(__ret__, 'description'), + display_name=pulumi.get(__ret__, 'display_name'), + effective_rules=pulumi.get(__ret__, 'effective_rules'), + id=pulumi.get(__ret__, 'id'), + is_organization_default=pulumi.get(__ret__, 'is_organization_default'), + last_modified_by=pulumi.get(__ret__, 'last_modified_by'), + last_modified_date_time=pulumi.get(__ret__, 'last_modified_date_time'), + name=pulumi.get(__ret__, 'name'), + policy_properties=pulumi.get(__ret__, 'policy_properties'), + rules=pulumi.get(__ret__, 'rules'), + scope=pulumi.get(__ret__, 'scope'), + type=pulumi.get(__ret__, 'type')) +def get_role_management_policy_output(role_management_policy_name: Optional[pulumi.Input[str]] = None, + scope: Optional[pulumi.Input[str]] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRoleManagementPolicyResult]: + """ + Get the specified role management policy for a resource scope + + + :param str role_management_policy_name: The name (guid) of the role management policy to get. + :param str scope: The scope of the role management policy. + """ + __args__ = dict() + __args__['roleManagementPolicyName'] = role_management_policy_name + __args__['scope'] = scope + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke_output('azure-native:authorization/v20240901preview:getRoleManagementPolicy', __args__, opts=opts, typ=GetRoleManagementPolicyResult) + return __ret__.apply(lambda __response__: GetRoleManagementPolicyResult( + description=pulumi.get(__response__, 'description'), + display_name=pulumi.get(__response__, 'display_name'), + effective_rules=pulumi.get(__response__, 'effective_rules'), + id=pulumi.get(__response__, 'id'), + is_organization_default=pulumi.get(__response__, 'is_organization_default'), + last_modified_by=pulumi.get(__response__, 'last_modified_by'), + last_modified_date_time=pulumi.get(__response__, 'last_modified_date_time'), + name=pulumi.get(__response__, 'name'), + policy_properties=pulumi.get(__response__, 'policy_properties'), + rules=pulumi.get(__response__, 'rules'), + scope=pulumi.get(__response__, 'scope'), + type=pulumi.get(__response__, 'type'))) diff --git a/sdk/python/pulumi_azure_native/authorization/v20240901preview/outputs.py b/sdk/python/pulumi_azure_native/authorization/v20240901preview/outputs.py index cd303e34411f..a5b2a463d7e1 100644 --- a/sdk/python/pulumi_azure_native/authorization/v20240901preview/outputs.py +++ b/sdk/python/pulumi_azure_native/authorization/v20240901preview/outputs.py @@ -14,6 +14,7 @@ from typing_extensions import NotRequired, TypedDict, TypeAlias from ... import _utilities from . import outputs +from ._enums import * __all__ = [ 'ApprovalSettingsResponse', @@ -23,6 +24,8 @@ 'PolicyAssignmentPropertiesResponsePolicy', 'PolicyAssignmentPropertiesResponseRoleDefinition', 'PolicyAssignmentPropertiesResponseScope', + 'PolicyPropertiesResponse', + 'PolicyPropertiesResponseScope', 'PrincipalResponse', 'RoleManagementPolicyApprovalRuleResponse', 'RoleManagementPolicyAuthenticationContextRuleResponse', @@ -562,6 +565,92 @@ def type(self) -> Optional[str]: return pulumi.get(self, "type") +@pulumi.output_type +class PolicyPropertiesResponse(dict): + """ + Expanded info of resource scope + """ + def __init__(__self__, *, + scope: 'outputs.PolicyPropertiesResponseScope'): + """ + Expanded info of resource scope + :param 'PolicyPropertiesResponseScope' scope: Details of the resource scope + """ + pulumi.set(__self__, "scope", scope) + + @property + @pulumi.getter + def scope(self) -> 'outputs.PolicyPropertiesResponseScope': + """ + Details of the resource scope + """ + return pulumi.get(self, "scope") + + +@pulumi.output_type +class PolicyPropertiesResponseScope(dict): + """ + Details of the resource scope + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "displayName": + suggest = "display_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in PolicyPropertiesResponseScope. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + PolicyPropertiesResponseScope.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + PolicyPropertiesResponseScope.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + display_name: Optional[str] = None, + id: Optional[str] = None, + type: Optional[str] = None): + """ + Details of the resource scope + :param str display_name: Display name of the resource + :param str id: Scope id of the resource + :param str type: Type of the resource + """ + if display_name is not None: + pulumi.set(__self__, "display_name", display_name) + if id is not None: + pulumi.set(__self__, "id", id) + if type is not None: + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[str]: + """ + Display name of the resource + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter + def id(self) -> Optional[str]: + """ + Scope id of the resource + """ + return pulumi.get(self, "id") + + @property + @pulumi.getter + def type(self) -> Optional[str]: + """ + Type of the resource + """ + return pulumi.get(self, "type") + + @pulumi.output_type class PrincipalResponse(dict): """ diff --git a/sdk/python/pulumi_azure_native/authorization/v20240901preview/role_management_policy.py b/sdk/python/pulumi_azure_native/authorization/v20240901preview/role_management_policy.py new file mode 100644 index 000000000000..a3f0e0b107b7 --- /dev/null +++ b/sdk/python/pulumi_azure_native/authorization/v20240901preview/role_management_policy.py @@ -0,0 +1,326 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from ... import _utilities +from . import outputs +from ._enums import * +from ._inputs import * + +__all__ = ['RoleManagementPolicyArgs', 'RoleManagementPolicy'] + +@pulumi.input_type +class RoleManagementPolicyArgs: + def __init__(__self__, *, + scope: pulumi.Input[str], + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + is_organization_default: Optional[pulumi.Input[bool]] = None, + role_management_policy_name: Optional[pulumi.Input[str]] = None, + rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgs']]]]] = None): + """ + The set of arguments for constructing a RoleManagementPolicy resource. + :param pulumi.Input[str] scope: The role management policy scope. + :param pulumi.Input[str] description: The role management policy description. + :param pulumi.Input[str] display_name: The role management policy display name. + :param pulumi.Input[bool] is_organization_default: The role management policy is default policy. + :param pulumi.Input[str] role_management_policy_name: The name (guid) of the role management policy to upsert. + :param pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgs']]]] rules: The rule applied to the policy. + """ + pulumi.set(__self__, "scope", scope) + if description is not None: + pulumi.set(__self__, "description", description) + if display_name is not None: + pulumi.set(__self__, "display_name", display_name) + if is_organization_default is not None: + pulumi.set(__self__, "is_organization_default", is_organization_default) + if role_management_policy_name is not None: + pulumi.set(__self__, "role_management_policy_name", role_management_policy_name) + if rules is not None: + pulumi.set(__self__, "rules", rules) + + @property + @pulumi.getter + def scope(self) -> pulumi.Input[str]: + """ + The role management policy scope. + """ + return pulumi.get(self, "scope") + + @scope.setter + def scope(self, value: pulumi.Input[str]): + pulumi.set(self, "scope", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + The role management policy description. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> Optional[pulumi.Input[str]]: + """ + The role management policy display name. + """ + return pulumi.get(self, "display_name") + + @display_name.setter + def display_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "display_name", value) + + @property + @pulumi.getter(name="isOrganizationDefault") + def is_organization_default(self) -> Optional[pulumi.Input[bool]]: + """ + The role management policy is default policy. + """ + return pulumi.get(self, "is_organization_default") + + @is_organization_default.setter + def is_organization_default(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "is_organization_default", value) + + @property + @pulumi.getter(name="roleManagementPolicyName") + def role_management_policy_name(self) -> Optional[pulumi.Input[str]]: + """ + The name (guid) of the role management policy to upsert. + """ + return pulumi.get(self, "role_management_policy_name") + + @role_management_policy_name.setter + def role_management_policy_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "role_management_policy_name", value) + + @property + @pulumi.getter + def rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgs']]]]]: + """ + The rule applied to the policy. + """ + return pulumi.get(self, "rules") + + @rules.setter + def rules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgs']]]]]): + pulumi.set(self, "rules", value) + + +class RoleManagementPolicy(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + is_organization_default: Optional[pulumi.Input[bool]] = None, + role_management_policy_name: Optional[pulumi.Input[str]] = None, + rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyApprovalRuleArgsDict'], Union['RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgsDict'], Union['RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyEnablementRuleArgsDict'], Union['RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyExpirationRuleArgsDict'], Union['RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyNotificationRuleArgsDict'], Union['RoleManagementPolicyPimOnlyModeRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgsDict']]]]]] = None, + scope: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Role management policy + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] description: The role management policy description. + :param pulumi.Input[str] display_name: The role management policy display name. + :param pulumi.Input[bool] is_organization_default: The role management policy is default policy. + :param pulumi.Input[str] role_management_policy_name: The name (guid) of the role management policy to upsert. + :param pulumi.Input[Sequence[pulumi.Input[Union[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyApprovalRuleArgsDict'], Union['RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgsDict'], Union['RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyEnablementRuleArgsDict'], Union['RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyExpirationRuleArgsDict'], Union['RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyNotificationRuleArgsDict'], Union['RoleManagementPolicyPimOnlyModeRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgsDict']]]]] rules: The rule applied to the policy. + :param pulumi.Input[str] scope: The role management policy scope. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: RoleManagementPolicyArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Role management policy + + :param str resource_name: The name of the resource. + :param RoleManagementPolicyArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(RoleManagementPolicyArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + display_name: Optional[pulumi.Input[str]] = None, + is_organization_default: Optional[pulumi.Input[bool]] = None, + role_management_policy_name: Optional[pulumi.Input[str]] = None, + rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union[Union['RoleManagementPolicyApprovalRuleArgs', 'RoleManagementPolicyApprovalRuleArgsDict'], Union['RoleManagementPolicyAuthenticationContextRuleArgs', 'RoleManagementPolicyAuthenticationContextRuleArgsDict'], Union['RoleManagementPolicyEnablementRuleArgs', 'RoleManagementPolicyEnablementRuleArgsDict'], Union['RoleManagementPolicyExpirationRuleArgs', 'RoleManagementPolicyExpirationRuleArgsDict'], Union['RoleManagementPolicyNotificationRuleArgs', 'RoleManagementPolicyNotificationRuleArgsDict'], Union['RoleManagementPolicyPimOnlyModeRuleArgs', 'RoleManagementPolicyPimOnlyModeRuleArgsDict']]]]]] = None, + scope: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = RoleManagementPolicyArgs.__new__(RoleManagementPolicyArgs) + + __props__.__dict__["description"] = description + __props__.__dict__["display_name"] = display_name + __props__.__dict__["is_organization_default"] = is_organization_default + __props__.__dict__["role_management_policy_name"] = role_management_policy_name + __props__.__dict__["rules"] = rules + if scope is None and not opts.urn: + raise TypeError("Missing required property 'scope'") + __props__.__dict__["scope"] = scope + __props__.__dict__["effective_rules"] = None + __props__.__dict__["last_modified_by"] = None + __props__.__dict__["last_modified_date_time"] = None + __props__.__dict__["name"] = None + __props__.__dict__["policy_properties"] = None + __props__.__dict__["type"] = None + alias_opts = pulumi.ResourceOptions(aliases=[pulumi.Alias(type_="azure-native:authorization:RoleManagementPolicy"), pulumi.Alias(type_="azure-native:authorization/v20201001:RoleManagementPolicy"), pulumi.Alias(type_="azure-native:authorization/v20201001preview:RoleManagementPolicy"), pulumi.Alias(type_="azure-native:authorization/v20240201preview:RoleManagementPolicy")]) + opts = pulumi.ResourceOptions.merge(opts, alias_opts) + super(RoleManagementPolicy, __self__).__init__( + 'azure-native:authorization/v20240901preview:RoleManagementPolicy', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None) -> 'RoleManagementPolicy': + """ + Get an existing RoleManagementPolicy resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = RoleManagementPolicyArgs.__new__(RoleManagementPolicyArgs) + + __props__.__dict__["description"] = None + __props__.__dict__["display_name"] = None + __props__.__dict__["effective_rules"] = None + __props__.__dict__["is_organization_default"] = None + __props__.__dict__["last_modified_by"] = None + __props__.__dict__["last_modified_date_time"] = None + __props__.__dict__["name"] = None + __props__.__dict__["policy_properties"] = None + __props__.__dict__["rules"] = None + __props__.__dict__["scope"] = None + __props__.__dict__["type"] = None + return RoleManagementPolicy(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def description(self) -> pulumi.Output[Optional[str]]: + """ + The role management policy description. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="displayName") + def display_name(self) -> pulumi.Output[Optional[str]]: + """ + The role management policy display name. + """ + return pulumi.get(self, "display_name") + + @property + @pulumi.getter(name="effectiveRules") + def effective_rules(self) -> pulumi.Output[Sequence[Any]]: + """ + The readonly computed rule applied to the policy. + """ + return pulumi.get(self, "effective_rules") + + @property + @pulumi.getter(name="isOrganizationDefault") + def is_organization_default(self) -> pulumi.Output[Optional[bool]]: + """ + The role management policy is default policy. + """ + return pulumi.get(self, "is_organization_default") + + @property + @pulumi.getter(name="lastModifiedBy") + def last_modified_by(self) -> pulumi.Output['outputs.PrincipalResponse']: + """ + The name of the entity last modified it + """ + return pulumi.get(self, "last_modified_by") + + @property + @pulumi.getter(name="lastModifiedDateTime") + def last_modified_date_time(self) -> pulumi.Output[str]: + """ + The last modified date time. + """ + return pulumi.get(self, "last_modified_date_time") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + The role management policy name. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="policyProperties") + def policy_properties(self) -> pulumi.Output['outputs.PolicyPropertiesResponse']: + """ + Additional properties of scope + """ + return pulumi.get(self, "policy_properties") + + @property + @pulumi.getter + def rules(self) -> pulumi.Output[Optional[Sequence[Any]]]: + """ + The rule applied to the policy. + """ + return pulumi.get(self, "rules") + + @property + @pulumi.getter + def scope(self) -> pulumi.Output[Optional[str]]: + """ + The role management policy scope. + """ + return pulumi.get(self, "scope") + + @property + @pulumi.getter + def type(self) -> pulumi.Output[str]: + """ + The role management policy type. + """ + return pulumi.get(self, "type") + diff --git a/versions/v2-lock.json b/versions/v2-lock.json index aa2eaf62ad97..6215f42c7643 100644 --- a/versions/v2-lock.json +++ b/versions/v2-lock.json @@ -299,6 +299,7 @@ "ResourceManagementPrivateLink": "2020-05-01", "RoleAssignment": "2022-04-01", "RoleDefinition": "2022-05-01-preview", + "RoleManagementPolicy": "2024-09-01-preview", "RoleManagementPolicyAssignment": "2020-10-01", "ScopeAccessReviewHistoryDefinitionById": "2021-12-01-preview", "ScopeAccessReviewScheduleDefinitionById": "2021-12-01-preview", diff --git a/versions/v2-spec.yaml b/versions/v2-spec.yaml index 0c83bc02642b..3932feec7890 100644 --- a/versions/v2-spec.yaml +++ b/versions/v2-spec.yaml @@ -145,6 +145,7 @@ Authorization: ResourceManagementPrivateLink: "2020-05-01" RoleAssignment: "2022-04-01" RoleDefinition: 2022-05-01-preview + RoleManagementPolicy: 2024-09-01-preview RoleManagementPolicyAssignment: "2020-10-01" ScopeAccessReviewHistoryDefinitionById: 2021-12-01-preview ScopeAccessReviewScheduleDefinitionById: 2021-12-01-preview