We recommend using Azure Native.
azure.lighthouse.Definition
Explore with Pulumi AI
Manages a Lighthouse Definition.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const contributor = azure.authorization.getRoleDefinition({
roleDefinitionId: "b24988ac-6180-42a0-ab88-20f7382dd24c",
});
const example = new azure.lighthouse.Definition("example", {
name: "Sample definition",
description: "This is a lighthouse definition created IaC",
managingTenantId: "00000000-0000-0000-0000-000000000000",
scope: "/subscriptions/00000000-0000-0000-0000-000000000000",
authorizations: [{
principalId: "00000000-0000-0000-0000-000000000000",
roleDefinitionId: contributor.then(contributor => contributor.roleDefinitionId),
principalDisplayName: "Tier 1 Support",
}],
});
import pulumi
import pulumi_azure as azure
contributor = azure.authorization.get_role_definition(role_definition_id="b24988ac-6180-42a0-ab88-20f7382dd24c")
example = azure.lighthouse.Definition("example",
name="Sample definition",
description="This is a lighthouse definition created IaC",
managing_tenant_id="00000000-0000-0000-0000-000000000000",
scope="/subscriptions/00000000-0000-0000-0000-000000000000",
authorizations=[{
"principal_id": "00000000-0000-0000-0000-000000000000",
"role_definition_id": contributor.role_definition_id,
"principal_display_name": "Tier 1 Support",
}])
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/lighthouse"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
contributor, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
RoleDefinitionId: pulumi.StringRef("b24988ac-6180-42a0-ab88-20f7382dd24c"),
}, nil)
if err != nil {
return err
}
_, err = lighthouse.NewDefinition(ctx, "example", &lighthouse.DefinitionArgs{
Name: pulumi.String("Sample definition"),
Description: pulumi.String("This is a lighthouse definition created IaC"),
ManagingTenantId: pulumi.String("00000000-0000-0000-0000-000000000000"),
Scope: pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000"),
Authorizations: lighthouse.DefinitionAuthorizationArray{
&lighthouse.DefinitionAuthorizationArgs{
PrincipalId: pulumi.String("00000000-0000-0000-0000-000000000000"),
RoleDefinitionId: pulumi.String(contributor.RoleDefinitionId),
PrincipalDisplayName: pulumi.String("Tier 1 Support"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var contributor = Azure.Authorization.GetRoleDefinition.Invoke(new()
{
RoleDefinitionId = "b24988ac-6180-42a0-ab88-20f7382dd24c",
});
var example = new Azure.Lighthouse.Definition("example", new()
{
Name = "Sample definition",
Description = "This is a lighthouse definition created IaC",
ManagingTenantId = "00000000-0000-0000-0000-000000000000",
Scope = "/subscriptions/00000000-0000-0000-0000-000000000000",
Authorizations = new[]
{
new Azure.Lighthouse.Inputs.DefinitionAuthorizationArgs
{
PrincipalId = "00000000-0000-0000-0000-000000000000",
RoleDefinitionId = contributor.Apply(getRoleDefinitionResult => getRoleDefinitionResult.RoleDefinitionId),
PrincipalDisplayName = "Tier 1 Support",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.authorization.AuthorizationFunctions;
import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
import com.pulumi.azure.lighthouse.Definition;
import com.pulumi.azure.lighthouse.DefinitionArgs;
import com.pulumi.azure.lighthouse.inputs.DefinitionAuthorizationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var contributor = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
.roleDefinitionId("b24988ac-6180-42a0-ab88-20f7382dd24c")
.build());
var example = new Definition("example", DefinitionArgs.builder()
.name("Sample definition")
.description("This is a lighthouse definition created IaC")
.managingTenantId("00000000-0000-0000-0000-000000000000")
.scope("/subscriptions/00000000-0000-0000-0000-000000000000")
.authorizations(DefinitionAuthorizationArgs.builder()
.principalId("00000000-0000-0000-0000-000000000000")
.roleDefinitionId(contributor.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.roleDefinitionId()))
.principalDisplayName("Tier 1 Support")
.build())
.build());
}
}
resources:
example:
type: azure:lighthouse:Definition
properties:
name: Sample definition
description: This is a lighthouse definition created IaC
managingTenantId: 00000000-0000-0000-0000-000000000000
scope: /subscriptions/00000000-0000-0000-0000-000000000000
authorizations:
- principalId: 00000000-0000-0000-0000-000000000000
roleDefinitionId: ${contributor.roleDefinitionId}
principalDisplayName: Tier 1 Support
variables:
contributor:
fn::invoke:
Function: azure:authorization:getRoleDefinition
Arguments:
roleDefinitionId: b24988ac-6180-42a0-ab88-20f7382dd24c
Create Definition Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Definition(name: string, args: DefinitionArgs, opts?: CustomResourceOptions);
@overload
def Definition(resource_name: str,
args: DefinitionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Definition(resource_name: str,
opts: Optional[ResourceOptions] = None,
authorizations: Optional[Sequence[DefinitionAuthorizationArgs]] = None,
managing_tenant_id: Optional[str] = None,
scope: Optional[str] = None,
description: Optional[str] = None,
eligible_authorizations: Optional[Sequence[DefinitionEligibleAuthorizationArgs]] = None,
lighthouse_definition_id: Optional[str] = None,
name: Optional[str] = None,
plan: Optional[DefinitionPlanArgs] = None)
func NewDefinition(ctx *Context, name string, args DefinitionArgs, opts ...ResourceOption) (*Definition, error)
public Definition(string name, DefinitionArgs args, CustomResourceOptions? opts = null)
public Definition(String name, DefinitionArgs args)
public Definition(String name, DefinitionArgs args, CustomResourceOptions options)
type: azure:lighthouse:Definition
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DefinitionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DefinitionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DefinitionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DefinitionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DefinitionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var definitionResource = new Azure.Lighthouse.Definition("definitionResource", new()
{
Authorizations = new[]
{
new Azure.Lighthouse.Inputs.DefinitionAuthorizationArgs
{
PrincipalId = "string",
RoleDefinitionId = "string",
DelegatedRoleDefinitionIds = new[]
{
"string",
},
PrincipalDisplayName = "string",
},
},
ManagingTenantId = "string",
Scope = "string",
Description = "string",
EligibleAuthorizations = new[]
{
new Azure.Lighthouse.Inputs.DefinitionEligibleAuthorizationArgs
{
PrincipalId = "string",
RoleDefinitionId = "string",
JustInTimeAccessPolicy = new Azure.Lighthouse.Inputs.DefinitionEligibleAuthorizationJustInTimeAccessPolicyArgs
{
Approvers = new[]
{
new Azure.Lighthouse.Inputs.DefinitionEligibleAuthorizationJustInTimeAccessPolicyApproverArgs
{
PrincipalId = "string",
PrincipalDisplayName = "string",
},
},
MaximumActivationDuration = "string",
MultiFactorAuthProvider = "string",
},
PrincipalDisplayName = "string",
},
},
LighthouseDefinitionId = "string",
Name = "string",
Plan = new Azure.Lighthouse.Inputs.DefinitionPlanArgs
{
Name = "string",
Product = "string",
Publisher = "string",
Version = "string",
},
});
example, err := lighthouse.NewDefinition(ctx, "definitionResource", &lighthouse.DefinitionArgs{
Authorizations: lighthouse.DefinitionAuthorizationArray{
&lighthouse.DefinitionAuthorizationArgs{
PrincipalId: pulumi.String("string"),
RoleDefinitionId: pulumi.String("string"),
DelegatedRoleDefinitionIds: pulumi.StringArray{
pulumi.String("string"),
},
PrincipalDisplayName: pulumi.String("string"),
},
},
ManagingTenantId: pulumi.String("string"),
Scope: pulumi.String("string"),
Description: pulumi.String("string"),
EligibleAuthorizations: lighthouse.DefinitionEligibleAuthorizationArray{
&lighthouse.DefinitionEligibleAuthorizationArgs{
PrincipalId: pulumi.String("string"),
RoleDefinitionId: pulumi.String("string"),
JustInTimeAccessPolicy: &lighthouse.DefinitionEligibleAuthorizationJustInTimeAccessPolicyArgs{
Approvers: lighthouse.DefinitionEligibleAuthorizationJustInTimeAccessPolicyApproverArray{
&lighthouse.DefinitionEligibleAuthorizationJustInTimeAccessPolicyApproverArgs{
PrincipalId: pulumi.String("string"),
PrincipalDisplayName: pulumi.String("string"),
},
},
MaximumActivationDuration: pulumi.String("string"),
MultiFactorAuthProvider: pulumi.String("string"),
},
PrincipalDisplayName: pulumi.String("string"),
},
},
LighthouseDefinitionId: pulumi.String("string"),
Name: pulumi.String("string"),
Plan: &lighthouse.DefinitionPlanArgs{
Name: pulumi.String("string"),
Product: pulumi.String("string"),
Publisher: pulumi.String("string"),
Version: pulumi.String("string"),
},
})
var definitionResource = new Definition("definitionResource", DefinitionArgs.builder()
.authorizations(DefinitionAuthorizationArgs.builder()
.principalId("string")
.roleDefinitionId("string")
.delegatedRoleDefinitionIds("string")
.principalDisplayName("string")
.build())
.managingTenantId("string")
.scope("string")
.description("string")
.eligibleAuthorizations(DefinitionEligibleAuthorizationArgs.builder()
.principalId("string")
.roleDefinitionId("string")
.justInTimeAccessPolicy(DefinitionEligibleAuthorizationJustInTimeAccessPolicyArgs.builder()
.approvers(DefinitionEligibleAuthorizationJustInTimeAccessPolicyApproverArgs.builder()
.principalId("string")
.principalDisplayName("string")
.build())
.maximumActivationDuration("string")
.multiFactorAuthProvider("string")
.build())
.principalDisplayName("string")
.build())
.lighthouseDefinitionId("string")
.name("string")
.plan(DefinitionPlanArgs.builder()
.name("string")
.product("string")
.publisher("string")
.version("string")
.build())
.build());
definition_resource = azure.lighthouse.Definition("definitionResource",
authorizations=[{
"principal_id": "string",
"role_definition_id": "string",
"delegated_role_definition_ids": ["string"],
"principal_display_name": "string",
}],
managing_tenant_id="string",
scope="string",
description="string",
eligible_authorizations=[{
"principal_id": "string",
"role_definition_id": "string",
"just_in_time_access_policy": {
"approvers": [{
"principal_id": "string",
"principal_display_name": "string",
}],
"maximum_activation_duration": "string",
"multi_factor_auth_provider": "string",
},
"principal_display_name": "string",
}],
lighthouse_definition_id="string",
name="string",
plan={
"name": "string",
"product": "string",
"publisher": "string",
"version": "string",
})
const definitionResource = new azure.lighthouse.Definition("definitionResource", {
authorizations: [{
principalId: "string",
roleDefinitionId: "string",
delegatedRoleDefinitionIds: ["string"],
principalDisplayName: "string",
}],
managingTenantId: "string",
scope: "string",
description: "string",
eligibleAuthorizations: [{
principalId: "string",
roleDefinitionId: "string",
justInTimeAccessPolicy: {
approvers: [{
principalId: "string",
principalDisplayName: "string",
}],
maximumActivationDuration: "string",
multiFactorAuthProvider: "string",
},
principalDisplayName: "string",
}],
lighthouseDefinitionId: "string",
name: "string",
plan: {
name: "string",
product: "string",
publisher: "string",
version: "string",
},
});
type: azure:lighthouse:Definition
properties:
authorizations:
- delegatedRoleDefinitionIds:
- string
principalDisplayName: string
principalId: string
roleDefinitionId: string
description: string
eligibleAuthorizations:
- justInTimeAccessPolicy:
approvers:
- principalDisplayName: string
principalId: string
maximumActivationDuration: string
multiFactorAuthProvider: string
principalDisplayName: string
principalId: string
roleDefinitionId: string
lighthouseDefinitionId: string
managingTenantId: string
name: string
plan:
name: string
product: string
publisher: string
version: string
scope: string
Definition Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Definition resource accepts the following input properties:
- List<Definition
Authorization> - An
authorization
block as defined below. - Managing
Tenant stringId - The ID of the managing tenant. Changing this forces a new resource to be created.
- Scope string
- The ID of the managed subscription. Changing this forces a new resource to be created.
- Description string
- A description of the Lighthouse Definition.
- List<Definition
Eligible Authorization> - An
eligible_authorization
block as defined below. - Lighthouse
Definition stringId - A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
- Name string
- The name of the Lighthouse Definition. Changing this forces a new resource to be created.
- Plan
Definition
Plan - A
plan
block as defined below.
- []Definition
Authorization Args - An
authorization
block as defined below. - Managing
Tenant stringId - The ID of the managing tenant. Changing this forces a new resource to be created.
- Scope string
- The ID of the managed subscription. Changing this forces a new resource to be created.
- Description string
- A description of the Lighthouse Definition.
- []Definition
Eligible Authorization Args - An
eligible_authorization
block as defined below. - Lighthouse
Definition stringId - A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
- Name string
- The name of the Lighthouse Definition. Changing this forces a new resource to be created.
- Plan
Definition
Plan Args - A
plan
block as defined below.
- List<Definition
Authorization> - An
authorization
block as defined below. - managing
Tenant StringId - The ID of the managing tenant. Changing this forces a new resource to be created.
- scope String
- The ID of the managed subscription. Changing this forces a new resource to be created.
- description String
- A description of the Lighthouse Definition.
- List<Definition
Eligible Authorization> - An
eligible_authorization
block as defined below. - lighthouse
Definition StringId - A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
- name String
- The name of the Lighthouse Definition. Changing this forces a new resource to be created.
- plan
Definition
Plan - A
plan
block as defined below.
- Definition
Authorization[] - An
authorization
block as defined below. - managing
Tenant stringId - The ID of the managing tenant. Changing this forces a new resource to be created.
- scope string
- The ID of the managed subscription. Changing this forces a new resource to be created.
- description string
- A description of the Lighthouse Definition.
- Definition
Eligible Authorization[] - An
eligible_authorization
block as defined below. - lighthouse
Definition stringId - A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
- name string
- The name of the Lighthouse Definition. Changing this forces a new resource to be created.
- plan
Definition
Plan - A
plan
block as defined below.
- Sequence[Definition
Authorization Args] - An
authorization
block as defined below. - managing_
tenant_ strid - The ID of the managing tenant. Changing this forces a new resource to be created.
- scope str
- The ID of the managed subscription. Changing this forces a new resource to be created.
- description str
- A description of the Lighthouse Definition.
- Sequence[Definition
Eligible Authorization Args] - An
eligible_authorization
block as defined below. - lighthouse_
definition_ strid - A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
- name str
- The name of the Lighthouse Definition. Changing this forces a new resource to be created.
- plan
Definition
Plan Args - A
plan
block as defined below.
- List<Property Map>
- An
authorization
block as defined below. - managing
Tenant StringId - The ID of the managing tenant. Changing this forces a new resource to be created.
- scope String
- The ID of the managed subscription. Changing this forces a new resource to be created.
- description String
- A description of the Lighthouse Definition.
- List<Property Map>
- An
eligible_authorization
block as defined below. - lighthouse
Definition StringId - A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
- name String
- The name of the Lighthouse Definition. Changing this forces a new resource to be created.
- plan Property Map
- A
plan
block as defined below.
Outputs
All input properties are implicitly available as output properties. Additionally, the Definition resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Definition Resource
Get an existing Definition resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DefinitionState, opts?: CustomResourceOptions): Definition
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
authorizations: Optional[Sequence[DefinitionAuthorizationArgs]] = None,
description: Optional[str] = None,
eligible_authorizations: Optional[Sequence[DefinitionEligibleAuthorizationArgs]] = None,
lighthouse_definition_id: Optional[str] = None,
managing_tenant_id: Optional[str] = None,
name: Optional[str] = None,
plan: Optional[DefinitionPlanArgs] = None,
scope: Optional[str] = None) -> Definition
func GetDefinition(ctx *Context, name string, id IDInput, state *DefinitionState, opts ...ResourceOption) (*Definition, error)
public static Definition Get(string name, Input<string> id, DefinitionState? state, CustomResourceOptions? opts = null)
public static Definition get(String name, Output<String> id, DefinitionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- List<Definition
Authorization> - An
authorization
block as defined below. - Description string
- A description of the Lighthouse Definition.
- List<Definition
Eligible Authorization> - An
eligible_authorization
block as defined below. - Lighthouse
Definition stringId - A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
- Managing
Tenant stringId - The ID of the managing tenant. Changing this forces a new resource to be created.
- Name string
- The name of the Lighthouse Definition. Changing this forces a new resource to be created.
- Plan
Definition
Plan - A
plan
block as defined below. - Scope string
- The ID of the managed subscription. Changing this forces a new resource to be created.
- []Definition
Authorization Args - An
authorization
block as defined below. - Description string
- A description of the Lighthouse Definition.
- []Definition
Eligible Authorization Args - An
eligible_authorization
block as defined below. - Lighthouse
Definition stringId - A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
- Managing
Tenant stringId - The ID of the managing tenant. Changing this forces a new resource to be created.
- Name string
- The name of the Lighthouse Definition. Changing this forces a new resource to be created.
- Plan
Definition
Plan Args - A
plan
block as defined below. - Scope string
- The ID of the managed subscription. Changing this forces a new resource to be created.
- List<Definition
Authorization> - An
authorization
block as defined below. - description String
- A description of the Lighthouse Definition.
- List<Definition
Eligible Authorization> - An
eligible_authorization
block as defined below. - lighthouse
Definition StringId - A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
- managing
Tenant StringId - The ID of the managing tenant. Changing this forces a new resource to be created.
- name String
- The name of the Lighthouse Definition. Changing this forces a new resource to be created.
- plan
Definition
Plan - A
plan
block as defined below. - scope String
- The ID of the managed subscription. Changing this forces a new resource to be created.
- Definition
Authorization[] - An
authorization
block as defined below. - description string
- A description of the Lighthouse Definition.
- Definition
Eligible Authorization[] - An
eligible_authorization
block as defined below. - lighthouse
Definition stringId - A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
- managing
Tenant stringId - The ID of the managing tenant. Changing this forces a new resource to be created.
- name string
- The name of the Lighthouse Definition. Changing this forces a new resource to be created.
- plan
Definition
Plan - A
plan
block as defined below. - scope string
- The ID of the managed subscription. Changing this forces a new resource to be created.
- Sequence[Definition
Authorization Args] - An
authorization
block as defined below. - description str
- A description of the Lighthouse Definition.
- Sequence[Definition
Eligible Authorization Args] - An
eligible_authorization
block as defined below. - lighthouse_
definition_ strid - A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
- managing_
tenant_ strid - The ID of the managing tenant. Changing this forces a new resource to be created.
- name str
- The name of the Lighthouse Definition. Changing this forces a new resource to be created.
- plan
Definition
Plan Args - A
plan
block as defined below. - scope str
- The ID of the managed subscription. Changing this forces a new resource to be created.
- List<Property Map>
- An
authorization
block as defined below. - description String
- A description of the Lighthouse Definition.
- List<Property Map>
- An
eligible_authorization
block as defined below. - lighthouse
Definition StringId - A unique UUID/GUID which identifies this lighthouse definition - one will be generated if not specified. Changing this forces a new resource to be created.
- managing
Tenant StringId - The ID of the managing tenant. Changing this forces a new resource to be created.
- name String
- The name of the Lighthouse Definition. Changing this forces a new resource to be created.
- plan Property Map
- A
plan
block as defined below. - scope String
- The ID of the managed subscription. Changing this forces a new resource to be created.
Supporting Types
DefinitionAuthorization, DefinitionAuthorizationArgs
- Principal
Id string - Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
- Role
Definition stringId - The role definition identifier. This role will define the permissions that are granted to the principal. This cannot be an
Owner
role. - Delegated
Role List<string>Definition Ids - The set of role definition ids which define all the permissions that the principal id can assign.
- Principal
Display stringName - The display name of the security group/service principal/user that would be assigned permissions to the projected subscription.
- Principal
Id string - Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
- Role
Definition stringId - The role definition identifier. This role will define the permissions that are granted to the principal. This cannot be an
Owner
role. - Delegated
Role []stringDefinition Ids - The set of role definition ids which define all the permissions that the principal id can assign.
- Principal
Display stringName - The display name of the security group/service principal/user that would be assigned permissions to the projected subscription.
- principal
Id String - Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
- role
Definition StringId - The role definition identifier. This role will define the permissions that are granted to the principal. This cannot be an
Owner
role. - delegated
Role List<String>Definition Ids - The set of role definition ids which define all the permissions that the principal id can assign.
- principal
Display StringName - The display name of the security group/service principal/user that would be assigned permissions to the projected subscription.
- principal
Id string - Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
- role
Definition stringId - The role definition identifier. This role will define the permissions that are granted to the principal. This cannot be an
Owner
role. - delegated
Role string[]Definition Ids - The set of role definition ids which define all the permissions that the principal id can assign.
- principal
Display stringName - The display name of the security group/service principal/user that would be assigned permissions to the projected subscription.
- principal_
id str - Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
- role_
definition_ strid - The role definition identifier. This role will define the permissions that are granted to the principal. This cannot be an
Owner
role. - delegated_
role_ Sequence[str]definition_ ids - The set of role definition ids which define all the permissions that the principal id can assign.
- principal_
display_ strname - The display name of the security group/service principal/user that would be assigned permissions to the projected subscription.
- principal
Id String - Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
- role
Definition StringId - The role definition identifier. This role will define the permissions that are granted to the principal. This cannot be an
Owner
role. - delegated
Role List<String>Definition Ids - The set of role definition ids which define all the permissions that the principal id can assign.
- principal
Display StringName - The display name of the security group/service principal/user that would be assigned permissions to the projected subscription.
DefinitionEligibleAuthorization, DefinitionEligibleAuthorizationArgs
- Principal
Id string - Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
- Role
Definition stringId - The Principal ID of the Azure built-in role that defines the permissions that the Azure Active Directory will have on the projected scope.
- Just
In DefinitionTime Access Policy Eligible Authorization Just In Time Access Policy - A
just_in_time_access_policy
block as defined below. - Principal
Display stringName - The display name of the Azure Active Directory Principal.
- Principal
Id string - Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
- Role
Definition stringId - The Principal ID of the Azure built-in role that defines the permissions that the Azure Active Directory will have on the projected scope.
- Just
In DefinitionTime Access Policy Eligible Authorization Just In Time Access Policy - A
just_in_time_access_policy
block as defined below. - Principal
Display stringName - The display name of the Azure Active Directory Principal.
- principal
Id String - Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
- role
Definition StringId - The Principal ID of the Azure built-in role that defines the permissions that the Azure Active Directory will have on the projected scope.
- just
In DefinitionTime Access Policy Eligible Authorization Just In Time Access Policy - A
just_in_time_access_policy
block as defined below. - principal
Display StringName - The display name of the Azure Active Directory Principal.
- principal
Id string - Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
- role
Definition stringId - The Principal ID of the Azure built-in role that defines the permissions that the Azure Active Directory will have on the projected scope.
- just
In DefinitionTime Access Policy Eligible Authorization Just In Time Access Policy - A
just_in_time_access_policy
block as defined below. - principal
Display stringName - The display name of the Azure Active Directory Principal.
- principal_
id str - Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
- role_
definition_ strid - The Principal ID of the Azure built-in role that defines the permissions that the Azure Active Directory will have on the projected scope.
- just_
in_ Definitiontime_ access_ policy Eligible Authorization Just In Time Access Policy - A
just_in_time_access_policy
block as defined below. - principal_
display_ strname - The display name of the Azure Active Directory Principal.
- principal
Id String - Principal ID of the security group/service principal/user that would be assigned permissions to the projected subscription.
- role
Definition StringId - The Principal ID of the Azure built-in role that defines the permissions that the Azure Active Directory will have on the projected scope.
- just
In Property MapTime Access Policy - A
just_in_time_access_policy
block as defined below. - principal
Display StringName - The display name of the Azure Active Directory Principal.
DefinitionEligibleAuthorizationJustInTimeAccessPolicy, DefinitionEligibleAuthorizationJustInTimeAccessPolicyArgs
- Approvers
List<Definition
Eligible Authorization Just In Time Access Policy Approver> - An
approver
block as defined below. - Maximum
Activation stringDuration - The maximum access duration in ISO 8601 format for just-in-time access requests. Defaults to
PT8H
. - Multi
Factor stringAuth Provider The multi-factor authorization provider to be used for just-in-time access requests. Possible value is
Azure
.Note: When this property isn't set, it would be set to
None
.
- Approvers
[]Definition
Eligible Authorization Just In Time Access Policy Approver - An
approver
block as defined below. - Maximum
Activation stringDuration - The maximum access duration in ISO 8601 format for just-in-time access requests. Defaults to
PT8H
. - Multi
Factor stringAuth Provider The multi-factor authorization provider to be used for just-in-time access requests. Possible value is
Azure
.Note: When this property isn't set, it would be set to
None
.
- approvers
List<Definition
Eligible Authorization Just In Time Access Policy Approver> - An
approver
block as defined below. - maximum
Activation StringDuration - The maximum access duration in ISO 8601 format for just-in-time access requests. Defaults to
PT8H
. - multi
Factor StringAuth Provider The multi-factor authorization provider to be used for just-in-time access requests. Possible value is
Azure
.Note: When this property isn't set, it would be set to
None
.
- approvers
Definition
Eligible Authorization Just In Time Access Policy Approver[] - An
approver
block as defined below. - maximum
Activation stringDuration - The maximum access duration in ISO 8601 format for just-in-time access requests. Defaults to
PT8H
. - multi
Factor stringAuth Provider The multi-factor authorization provider to be used for just-in-time access requests. Possible value is
Azure
.Note: When this property isn't set, it would be set to
None
.
- approvers
Sequence[Definition
Eligible Authorization Just In Time Access Policy Approver] - An
approver
block as defined below. - maximum_
activation_ strduration - The maximum access duration in ISO 8601 format for just-in-time access requests. Defaults to
PT8H
. - multi_
factor_ strauth_ provider The multi-factor authorization provider to be used for just-in-time access requests. Possible value is
Azure
.Note: When this property isn't set, it would be set to
None
.
- approvers List<Property Map>
- An
approver
block as defined below. - maximum
Activation StringDuration - The maximum access duration in ISO 8601 format for just-in-time access requests. Defaults to
PT8H
. - multi
Factor StringAuth Provider The multi-factor authorization provider to be used for just-in-time access requests. Possible value is
Azure
.Note: When this property isn't set, it would be set to
None
.
DefinitionEligibleAuthorizationJustInTimeAccessPolicyApprover, DefinitionEligibleAuthorizationJustInTimeAccessPolicyApproverArgs
- Principal
Id string - The Principal ID of the Azure Active Directory principal for the approver.
- Principal
Display stringName - The display name of the Azure Active Directory Principal for the approver.
- Principal
Id string - The Principal ID of the Azure Active Directory principal for the approver.
- Principal
Display stringName - The display name of the Azure Active Directory Principal for the approver.
- principal
Id String - The Principal ID of the Azure Active Directory principal for the approver.
- principal
Display StringName - The display name of the Azure Active Directory Principal for the approver.
- principal
Id string - The Principal ID of the Azure Active Directory principal for the approver.
- principal
Display stringName - The display name of the Azure Active Directory Principal for the approver.
- principal_
id str - The Principal ID of the Azure Active Directory principal for the approver.
- principal_
display_ strname - The display name of the Azure Active Directory Principal for the approver.
- principal
Id String - The Principal ID of the Azure Active Directory principal for the approver.
- principal
Display StringName - The display name of the Azure Active Directory Principal for the approver.
DefinitionPlan, DefinitionPlanArgs
Import
Lighthouse Definitions can be imported using the resource id
, e.g.
$ pulumi import azure:lighthouse/definition:Definition example /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ManagedServices/registrationDefinitions/00000000-0000-0000-0000-000000000000
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurerm
Terraform Provider.