alicloud.cloudsso.AccessManagement
Explore with Pulumi AI
Provides a Cloud SSO Access Assignment resource.
For information about Cloud SSO Access Assignment and how to use it, see What is Access Assignment.
NOTE: When you configure access assignment for the first time, access configuration will be automatically deployed.
NOTE: Available since v1.145.0.
NOTE: Cloud SSO Only Support
cn-shanghai
Andus-west-1
Region
Create AccessManagement Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccessManagement(name: string, args: AccessManagementArgs, opts?: CustomResourceOptions);
@overload
def AccessManagement(resource_name: str,
args: AccessManagementArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AccessManagement(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_configuration_id: Optional[str] = None,
directory_id: Optional[str] = None,
principal_id: Optional[str] = None,
principal_type: Optional[str] = None,
target_id: Optional[str] = None,
target_type: Optional[str] = None,
deprovision_strategy: Optional[str] = None)
func NewAccessManagement(ctx *Context, name string, args AccessManagementArgs, opts ...ResourceOption) (*AccessManagement, error)
public AccessManagement(string name, AccessManagementArgs args, CustomResourceOptions? opts = null)
public AccessManagement(String name, AccessManagementArgs args)
public AccessManagement(String name, AccessManagementArgs args, CustomResourceOptions options)
type: alicloud:cloudsso:AccessManagement
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccessManagementArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessManagementArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessManagementArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessManagementArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessManagementArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var accessManagementResource = new AliCloud.CloudSso.AccessManagement("accessManagementResource", new()
{
AccessConfigurationId = "string",
DirectoryId = "string",
PrincipalId = "string",
PrincipalType = "string",
TargetId = "string",
TargetType = "string",
DeprovisionStrategy = "string",
});
example, err := cloudsso.NewAccessManagement(ctx, "accessManagementResource", &cloudsso.AccessManagementArgs{
AccessConfigurationId: pulumi.String("string"),
DirectoryId: pulumi.String("string"),
PrincipalId: pulumi.String("string"),
PrincipalType: pulumi.String("string"),
TargetId: pulumi.String("string"),
TargetType: pulumi.String("string"),
DeprovisionStrategy: pulumi.String("string"),
})
var accessManagementResource = new AccessManagement("accessManagementResource", AccessManagementArgs.builder()
.accessConfigurationId("string")
.directoryId("string")
.principalId("string")
.principalType("string")
.targetId("string")
.targetType("string")
.deprovisionStrategy("string")
.build());
access_management_resource = alicloud.cloudsso.AccessManagement("accessManagementResource",
access_configuration_id="string",
directory_id="string",
principal_id="string",
principal_type="string",
target_id="string",
target_type="string",
deprovision_strategy="string")
const accessManagementResource = new alicloud.cloudsso.AccessManagement("accessManagementResource", {
accessConfigurationId: "string",
directoryId: "string",
principalId: "string",
principalType: "string",
targetId: "string",
targetType: "string",
deprovisionStrategy: "string",
});
type: alicloud:cloudsso:AccessManagement
properties:
accessConfigurationId: string
deprovisionStrategy: string
directoryId: string
principalId: string
principalType: string
targetId: string
targetType: string
AccessManagement Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AccessManagement resource accepts the following input properties:
- Access
Configuration stringId - The Access configuration ID.
- Directory
Id string - The ID of the Directory.
- Principal
Id string - The ID of the access assignment.
- Principal
Type string - The identity type of the access assignment, which can be a user or a user group. Valid values:
Group
,User
. - Target
Id string - The ID of the target to create the resource range.
- Target
Type string - The type of the resource range target to be accessed. Valid values:
RD-Account
. - Deprovision
Strategy string - The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccount
andNone
. Default Value:DeprovisionForLastAccessAssignmentOnAccount
. NOTE: Whendeprovision_strategy
isDeprovisionForLastAccessAssignmentOnAccount
, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
- Access
Configuration stringId - The Access configuration ID.
- Directory
Id string - The ID of the Directory.
- Principal
Id string - The ID of the access assignment.
- Principal
Type string - The identity type of the access assignment, which can be a user or a user group. Valid values:
Group
,User
. - Target
Id string - The ID of the target to create the resource range.
- Target
Type string - The type of the resource range target to be accessed. Valid values:
RD-Account
. - Deprovision
Strategy string - The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccount
andNone
. Default Value:DeprovisionForLastAccessAssignmentOnAccount
. NOTE: Whendeprovision_strategy
isDeprovisionForLastAccessAssignmentOnAccount
, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
- access
Configuration StringId - The Access configuration ID.
- directory
Id String - The ID of the Directory.
- principal
Id String - The ID of the access assignment.
- principal
Type String - The identity type of the access assignment, which can be a user or a user group. Valid values:
Group
,User
. - target
Id String - The ID of the target to create the resource range.
- target
Type String - The type of the resource range target to be accessed. Valid values:
RD-Account
. - deprovision
Strategy String - The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccount
andNone
. Default Value:DeprovisionForLastAccessAssignmentOnAccount
. NOTE: Whendeprovision_strategy
isDeprovisionForLastAccessAssignmentOnAccount
, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
- access
Configuration stringId - The Access configuration ID.
- directory
Id string - The ID of the Directory.
- principal
Id string - The ID of the access assignment.
- principal
Type string - The identity type of the access assignment, which can be a user or a user group. Valid values:
Group
,User
. - target
Id string - The ID of the target to create the resource range.
- target
Type string - The type of the resource range target to be accessed. Valid values:
RD-Account
. - deprovision
Strategy string - The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccount
andNone
. Default Value:DeprovisionForLastAccessAssignmentOnAccount
. NOTE: Whendeprovision_strategy
isDeprovisionForLastAccessAssignmentOnAccount
, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
- access_
configuration_ strid - The Access configuration ID.
- directory_
id str - The ID of the Directory.
- principal_
id str - The ID of the access assignment.
- principal_
type str - The identity type of the access assignment, which can be a user or a user group. Valid values:
Group
,User
. - target_
id str - The ID of the target to create the resource range.
- target_
type str - The type of the resource range target to be accessed. Valid values:
RD-Account
. - deprovision_
strategy str - The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccount
andNone
. Default Value:DeprovisionForLastAccessAssignmentOnAccount
. NOTE: Whendeprovision_strategy
isDeprovisionForLastAccessAssignmentOnAccount
, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
- access
Configuration StringId - The Access configuration ID.
- directory
Id String - The ID of the Directory.
- principal
Id String - The ID of the access assignment.
- principal
Type String - The identity type of the access assignment, which can be a user or a user group. Valid values:
Group
,User
. - target
Id String - The ID of the target to create the resource range.
- target
Type String - The type of the resource range target to be accessed. Valid values:
RD-Account
. - deprovision
Strategy String - The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccount
andNone
. Default Value:DeprovisionForLastAccessAssignmentOnAccount
. NOTE: Whendeprovision_strategy
isDeprovisionForLastAccessAssignmentOnAccount
, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessManagement resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing AccessManagement Resource
Get an existing AccessManagement resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccessManagementState, opts?: CustomResourceOptions): AccessManagement
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_configuration_id: Optional[str] = None,
deprovision_strategy: Optional[str] = None,
directory_id: Optional[str] = None,
principal_id: Optional[str] = None,
principal_type: Optional[str] = None,
target_id: Optional[str] = None,
target_type: Optional[str] = None) -> AccessManagement
func GetAccessManagement(ctx *Context, name string, id IDInput, state *AccessManagementState, opts ...ResourceOption) (*AccessManagement, error)
public static AccessManagement Get(string name, Input<string> id, AccessManagementState? state, CustomResourceOptions? opts = null)
public static AccessManagement get(String name, Output<String> id, AccessManagementState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Configuration stringId - The Access configuration ID.
- Deprovision
Strategy string - The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccount
andNone
. Default Value:DeprovisionForLastAccessAssignmentOnAccount
. NOTE: Whendeprovision_strategy
isDeprovisionForLastAccessAssignmentOnAccount
, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。 - Directory
Id string - The ID of the Directory.
- Principal
Id string - The ID of the access assignment.
- Principal
Type string - The identity type of the access assignment, which can be a user or a user group. Valid values:
Group
,User
. - Target
Id string - The ID of the target to create the resource range.
- Target
Type string - The type of the resource range target to be accessed. Valid values:
RD-Account
.
- Access
Configuration stringId - The Access configuration ID.
- Deprovision
Strategy string - The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccount
andNone
. Default Value:DeprovisionForLastAccessAssignmentOnAccount
. NOTE: Whendeprovision_strategy
isDeprovisionForLastAccessAssignmentOnAccount
, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。 - Directory
Id string - The ID of the Directory.
- Principal
Id string - The ID of the access assignment.
- Principal
Type string - The identity type of the access assignment, which can be a user or a user group. Valid values:
Group
,User
. - Target
Id string - The ID of the target to create the resource range.
- Target
Type string - The type of the resource range target to be accessed. Valid values:
RD-Account
.
- access
Configuration StringId - The Access configuration ID.
- deprovision
Strategy String - The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccount
andNone
. Default Value:DeprovisionForLastAccessAssignmentOnAccount
. NOTE: Whendeprovision_strategy
isDeprovisionForLastAccessAssignmentOnAccount
, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。 - directory
Id String - The ID of the Directory.
- principal
Id String - The ID of the access assignment.
- principal
Type String - The identity type of the access assignment, which can be a user or a user group. Valid values:
Group
,User
. - target
Id String - The ID of the target to create the resource range.
- target
Type String - The type of the resource range target to be accessed. Valid values:
RD-Account
.
- access
Configuration stringId - The Access configuration ID.
- deprovision
Strategy string - The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccount
andNone
. Default Value:DeprovisionForLastAccessAssignmentOnAccount
. NOTE: Whendeprovision_strategy
isDeprovisionForLastAccessAssignmentOnAccount
, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。 - directory
Id string - The ID of the Directory.
- principal
Id string - The ID of the access assignment.
- principal
Type string - The identity type of the access assignment, which can be a user or a user group. Valid values:
Group
,User
. - target
Id string - The ID of the target to create the resource range.
- target
Type string - The type of the resource range target to be accessed. Valid values:
RD-Account
.
- access_
configuration_ strid - The Access configuration ID.
- deprovision_
strategy str - The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccount
andNone
. Default Value:DeprovisionForLastAccessAssignmentOnAccount
. NOTE: Whendeprovision_strategy
isDeprovisionForLastAccessAssignmentOnAccount
, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。 - directory_
id str - The ID of the Directory.
- principal_
id str - The ID of the access assignment.
- principal_
type str - The identity type of the access assignment, which can be a user or a user group. Valid values:
Group
,User
. - target_
id str - The ID of the target to create the resource range.
- target_
type str - The type of the resource range target to be accessed. Valid values:
RD-Account
.
- access
Configuration StringId - The Access configuration ID.
- deprovision
Strategy String - The deprovision strategy. Valid values:
DeprovisionForLastAccessAssignmentOnAccount
andNone
. Default Value:DeprovisionForLastAccessAssignmentOnAccount
. NOTE: Whendeprovision_strategy
isDeprovisionForLastAccessAssignmentOnAccount
, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。 - directory
Id String - The ID of the Directory.
- principal
Id String - The ID of the access assignment.
- principal
Type String - The identity type of the access assignment, which can be a user or a user group. Valid values:
Group
,User
. - target
Id String - The ID of the target to create the resource range.
- target
Type String - The type of the resource range target to be accessed. Valid values:
RD-Account
.
Import
Cloud SSO Access Assignment can be imported using the id, e.g.
$ pulumi import alicloud:cloudsso/accessManagement:AccessManagement example <directory_id>:<access_configuration_id>:<target_type>:<target_id>:<principal_type>:<principal_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloud
Terraform Provider.