We recommend using Azure Native.
azure.authorization.getRoleDefinition
Explore with Pulumi AI
Use this data source to access information about an existing Role Definition.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const primary = azure.core.getSubscription({});
const customRoleDefinition = new azure.authorization.RoleDefinition("custom", {
roleDefinitionId: "00000000-0000-0000-0000-000000000000",
name: "CustomRoleDef",
scope: primary.then(primary => primary.id),
});
const custom = pulumi.all([customRoleDefinition.roleDefinitionId, primary]).apply(([roleDefinitionId, primary]) => azure.authorization.getRoleDefinitionOutput({
roleDefinitionId: roleDefinitionId,
scope: primary.id,
}));
const custom-byname = pulumi.all([customRoleDefinition.name, primary]).apply(([name, primary]) => azure.authorization.getRoleDefinitionOutput({
name: name,
scope: primary.id,
}));
const builtin = azure.authorization.getRoleDefinition({
name: "Contributor",
});
export const customRoleDefinitionId = custom.apply(custom => custom.id);
export const contributorRoleDefinitionId = builtin.then(builtin => builtin.id);
import pulumi
import pulumi_azure as azure
primary = azure.core.get_subscription()
custom_role_definition = azure.authorization.RoleDefinition("custom",
role_definition_id="00000000-0000-0000-0000-000000000000",
name="CustomRoleDef",
scope=primary.id)
custom = custom_role_definition.role_definition_id.apply(lambda role_definition_id: azure.authorization.get_role_definition_output(role_definition_id=role_definition_id,
scope=primary.id))
custom_byname = custom_role_definition.name.apply(lambda name: azure.authorization.get_role_definition_output(name=name,
scope=primary.id))
builtin = azure.authorization.get_role_definition(name="Contributor")
pulumi.export("customRoleDefinitionId", custom.id)
pulumi.export("contributorRoleDefinitionId", builtin.id)
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
primary, err := core.LookupSubscription(ctx, &core.LookupSubscriptionArgs{}, nil)
if err != nil {
return err
}
customRoleDefinition, err := authorization.NewRoleDefinition(ctx, "custom", &authorization.RoleDefinitionArgs{
RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
Name: pulumi.String("CustomRoleDef"),
Scope: pulumi.String(primary.Id),
})
if err != nil {
return err
}
custom := customRoleDefinition.RoleDefinitionId.ApplyT(func(roleDefinitionId string) (authorization.GetRoleDefinitionResult, error) {
return authorization.GetRoleDefinitionResult(interface{}(authorization.LookupRoleDefinitionOutput(ctx, authorization.GetRoleDefinitionOutputArgs{
RoleDefinitionId: roleDefinitionId,
Scope: primary.Id,
}, nil))), nil
}).(authorization.GetRoleDefinitionResultOutput)
_ = customRoleDefinition.Name.ApplyT(func(name string) (authorization.GetRoleDefinitionResult, error) {
return authorization.GetRoleDefinitionResult(interface{}(authorization.LookupRoleDefinitionOutput(ctx, authorization.GetRoleDefinitionOutputArgs{
Name: name,
Scope: primary.Id,
}, nil))), nil
}).(authorization.GetRoleDefinitionResultOutput)
builtin, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
Name: pulumi.StringRef("Contributor"),
}, nil)
if err != nil {
return err
}
ctx.Export("customRoleDefinitionId", custom.ApplyT(func(custom authorization.GetRoleDefinitionResult) (*string, error) {
return &custom.Id, nil
}).(pulumi.StringPtrOutput))
ctx.Export("contributorRoleDefinitionId", builtin.Id)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var primary = Azure.Core.GetSubscription.Invoke();
var customRoleDefinition = new Azure.Authorization.RoleDefinition("custom", new()
{
RoleDefinitionId = "00000000-0000-0000-0000-000000000000",
Name = "CustomRoleDef",
Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
});
var custom = Azure.Authorization.GetRoleDefinition.Invoke(new()
{
RoleDefinitionId = customRoleDefinition.RoleDefinitionId,
Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
});
var custom_byname = Azure.Authorization.GetRoleDefinition.Invoke(new()
{
Name = customRoleDefinition.Name,
Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
});
var builtin = Azure.Authorization.GetRoleDefinition.Invoke(new()
{
Name = "Contributor",
});
return new Dictionary<string, object?>
{
["customRoleDefinitionId"] = custom.Apply(getRoleDefinitionResult => getRoleDefinitionResult.Id),
["contributorRoleDefinitionId"] = builtin.Apply(getRoleDefinitionResult => getRoleDefinitionResult.Id),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
import com.pulumi.azure.authorization.RoleDefinition;
import com.pulumi.azure.authorization.RoleDefinitionArgs;
import com.pulumi.azure.authorization.AuthorizationFunctions;
import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var primary = CoreFunctions.getSubscription();
var customRoleDefinition = new RoleDefinition("customRoleDefinition", RoleDefinitionArgs.builder()
.roleDefinitionId("00000000-0000-0000-0000-000000000000")
.name("CustomRoleDef")
.scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
.build());
final var custom = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
.roleDefinitionId(customRoleDefinition.roleDefinitionId())
.scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
.build());
final var custom-byname = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
.name(customRoleDefinition.name())
.scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
.build());
final var builtin = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
.name("Contributor")
.build());
ctx.export("customRoleDefinitionId", custom.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult).applyValue(custom -> custom.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.id())));
ctx.export("contributorRoleDefinitionId", builtin.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.id()));
}
}
resources:
customRoleDefinition:
type: azure:authorization:RoleDefinition
name: custom
properties:
roleDefinitionId: 00000000-0000-0000-0000-000000000000
name: CustomRoleDef
scope: ${primary.id}
variables:
primary:
fn::invoke:
Function: azure:core:getSubscription
Arguments: {}
custom:
fn::invoke:
Function: azure:authorization:getRoleDefinition
Arguments:
roleDefinitionId: ${customRoleDefinition.roleDefinitionId}
scope: ${primary.id}
custom-byname:
fn::invoke:
Function: azure:authorization:getRoleDefinition
Arguments:
name: ${customRoleDefinition.name}
scope: ${primary.id}
builtin:
fn::invoke:
Function: azure:authorization:getRoleDefinition
Arguments:
name: Contributor
outputs:
customRoleDefinitionId: ${custom.id}
contributorRoleDefinitionId: ${builtin.id}
Using getRoleDefinition
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getRoleDefinition(args: GetRoleDefinitionArgs, opts?: InvokeOptions): Promise<GetRoleDefinitionResult>
function getRoleDefinitionOutput(args: GetRoleDefinitionOutputArgs, opts?: InvokeOptions): Output<GetRoleDefinitionResult>
def get_role_definition(name: Optional[str] = None,
role_definition_id: Optional[str] = None,
scope: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetRoleDefinitionResult
def get_role_definition_output(name: Optional[pulumi.Input[str]] = None,
role_definition_id: Optional[pulumi.Input[str]] = None,
scope: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetRoleDefinitionResult]
func LookupRoleDefinition(ctx *Context, args *LookupRoleDefinitionArgs, opts ...InvokeOption) (*LookupRoleDefinitionResult, error)
func LookupRoleDefinitionOutput(ctx *Context, args *LookupRoleDefinitionOutputArgs, opts ...InvokeOption) LookupRoleDefinitionResultOutput
> Note: This function is named LookupRoleDefinition
in the Go SDK.
public static class GetRoleDefinition
{
public static Task<GetRoleDefinitionResult> InvokeAsync(GetRoleDefinitionArgs args, InvokeOptions? opts = null)
public static Output<GetRoleDefinitionResult> Invoke(GetRoleDefinitionInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetRoleDefinitionResult> getRoleDefinition(GetRoleDefinitionArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: azure:authorization/getRoleDefinition:getRoleDefinition
arguments:
# arguments dictionary
The following arguments are supported:
- Name string
Specifies the Name of either a built-in or custom Role Definition.
You can also use this for built-in roles such as
Contributor
,Owner
,Reader
andVirtual Machine Contributor
- Role
Definition stringId - Specifies the ID of the Role Definition as a UUID/GUID.
- Scope string
Specifies the Scope at which the Custom Role Definition exists.
Note: One of
name
orrole_definition_id
must be specified.
- Name string
Specifies the Name of either a built-in or custom Role Definition.
You can also use this for built-in roles such as
Contributor
,Owner
,Reader
andVirtual Machine Contributor
- Role
Definition stringId - Specifies the ID of the Role Definition as a UUID/GUID.
- Scope string
Specifies the Scope at which the Custom Role Definition exists.
Note: One of
name
orrole_definition_id
must be specified.
- name String
Specifies the Name of either a built-in or custom Role Definition.
You can also use this for built-in roles such as
Contributor
,Owner
,Reader
andVirtual Machine Contributor
- role
Definition StringId - Specifies the ID of the Role Definition as a UUID/GUID.
- scope String
Specifies the Scope at which the Custom Role Definition exists.
Note: One of
name
orrole_definition_id
must be specified.
- name string
Specifies the Name of either a built-in or custom Role Definition.
You can also use this for built-in roles such as
Contributor
,Owner
,Reader
andVirtual Machine Contributor
- role
Definition stringId - Specifies the ID of the Role Definition as a UUID/GUID.
- scope string
Specifies the Scope at which the Custom Role Definition exists.
Note: One of
name
orrole_definition_id
must be specified.
- name str
Specifies the Name of either a built-in or custom Role Definition.
You can also use this for built-in roles such as
Contributor
,Owner
,Reader
andVirtual Machine Contributor
- role_
definition_ strid - Specifies the ID of the Role Definition as a UUID/GUID.
- scope str
Specifies the Scope at which the Custom Role Definition exists.
Note: One of
name
orrole_definition_id
must be specified.
- name String
Specifies the Name of either a built-in or custom Role Definition.
You can also use this for built-in roles such as
Contributor
,Owner
,Reader
andVirtual Machine Contributor
- role
Definition StringId - Specifies the ID of the Role Definition as a UUID/GUID.
- scope String
Specifies the Scope at which the Custom Role Definition exists.
Note: One of
name
orrole_definition_id
must be specified.
getRoleDefinition Result
The following output properties are available:
- Assignable
Scopes List<string> - One or more assignable scopes for this Role Definition, such as
/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333
,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup
, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM
. - Description string
- The Description of the built-in Role.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Permissions
List<Get
Role Definition Permission> - A
permissions
block as documented below. - Role
Definition stringId - Type string
- The Type of the Role.
- Scope string
- Assignable
Scopes []string - One or more assignable scopes for this Role Definition, such as
/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333
,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup
, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM
. - Description string
- The Description of the built-in Role.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Permissions
[]Get
Role Definition Permission - A
permissions
block as documented below. - Role
Definition stringId - Type string
- The Type of the Role.
- Scope string
- assignable
Scopes List<String> - One or more assignable scopes for this Role Definition, such as
/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333
,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup
, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM
. - description String
- The Description of the built-in Role.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- permissions
List<Get
Role Definition Permission> - A
permissions
block as documented below. - role
Definition StringId - type String
- The Type of the Role.
- scope String
- assignable
Scopes string[] - One or more assignable scopes for this Role Definition, such as
/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333
,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup
, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM
. - description string
- The Description of the built-in Role.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- permissions
Get
Role Definition Permission[] - A
permissions
block as documented below. - role
Definition stringId - type string
- The Type of the Role.
- scope string
- assignable_
scopes Sequence[str] - One or more assignable scopes for this Role Definition, such as
/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333
,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup
, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM
. - description str
- The Description of the built-in Role.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- permissions
Sequence[Get
Role Definition Permission] - A
permissions
block as documented below. - role_
definition_ strid - type str
- The Type of the Role.
- scope str
- assignable
Scopes List<String> - One or more assignable scopes for this Role Definition, such as
/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333
,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup
, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM
. - description String
- The Description of the built-in Role.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- permissions List<Property Map>
- A
permissions
block as documented below. - role
Definition StringId - type String
- The Type of the Role.
- scope String
Supporting Types
GetRoleDefinitionPermission
- Actions List<string>
- A list of actions supported by this role.
- Condition string
- The conditions on this role definition, which limits the resources it can be assigned to.
- Condition
Version string - The version of the condition.
- Not
Actions List<string> - A list of actions which are denied by this role.
- Data
Actions List<string> - A list of data actions allowed by this role.
- Not
Data List<string>Actions - A list of data actions which are denied by this role.
- Actions []string
- A list of actions supported by this role.
- Condition string
- The conditions on this role definition, which limits the resources it can be assigned to.
- Condition
Version string - The version of the condition.
- Not
Actions []string - A list of actions which are denied by this role.
- Data
Actions []string - A list of data actions allowed by this role.
- Not
Data []stringActions - A list of data actions which are denied by this role.
- actions List<String>
- A list of actions supported by this role.
- condition String
- The conditions on this role definition, which limits the resources it can be assigned to.
- condition
Version String - The version of the condition.
- not
Actions List<String> - A list of actions which are denied by this role.
- data
Actions List<String> - A list of data actions allowed by this role.
- not
Data List<String>Actions - A list of data actions which are denied by this role.
- actions string[]
- A list of actions supported by this role.
- condition string
- The conditions on this role definition, which limits the resources it can be assigned to.
- condition
Version string - The version of the condition.
- not
Actions string[] - A list of actions which are denied by this role.
- data
Actions string[] - A list of data actions allowed by this role.
- not
Data string[]Actions - A list of data actions which are denied by this role.
- actions Sequence[str]
- A list of actions supported by this role.
- condition str
- The conditions on this role definition, which limits the resources it can be assigned to.
- condition_
version str - The version of the condition.
- not_
actions Sequence[str] - A list of actions which are denied by this role.
- data_
actions Sequence[str] - A list of data actions allowed by this role.
- not_
data_ Sequence[str]actions - A list of data actions which are denied by this role.
- actions List<String>
- A list of actions supported by this role.
- condition String
- The conditions on this role definition, which limits the resources it can be assigned to.
- condition
Version String - The version of the condition.
- not
Actions List<String> - A list of actions which are denied by this role.
- data
Actions List<String> - A list of data actions allowed by this role.
- not
Data List<String>Actions - A list of data actions which are denied by this role.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurerm
Terraform Provider.